atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nixon Rodrigues (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (ATLAS-1546) Hive hook should choose appropriate JAAS config if host uses kerberos ticket-cache
Date Mon, 13 Feb 2017 09:02:42 GMT

    [ https://issues.apache.org/jira/browse/ATLAS-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15863318#comment-15863318
] 

Nixon Rodrigues edited comment on ATLAS-1546 at 2/13/17 9:02 AM:
-----------------------------------------------------------------

[~gss2002],[~madhan.neethiraj],

I tried running HiveServer2 (Run as end user instead of Hive user)  with doAs = true and tables
are created in hive and entities are getting created at Atlas end.
Also tested HiveCli with doAs = true and it is also working fine and entities are getting
created at Atlas end.

Tested this with *hive_test* user, this user was created with below steps
{noformat}
useradd hive_test
hadoop fs -mkdir /user/hive_test
hadoop fs -chown hive_test /user/hive_test
{noformat}

and principal *hive_test*, created with below steps
{noformat}
kadmin.local
addprinc hive_test/domain@EXAMPLE.COM
exit and then kinit
kinit hive_test/domain@EXAMPLE.COM
{noformat}


was (Author: nixonrodrigues):
[~gss2002],[~madhan.neethiraj],

I tried running HiveServer2 (Run as end user instead of Hive user)  with doAs = true and tables
are created in hive and entities are getting created Atlas end.
Also tested HiveCli and it is also working fine and entities are getting created Atlas end.

Tested this with *hive_test* user, this user was created with below steps
{noformat}
useradd hive_test
hadoop fs -mkdir /user/hive_test
hadoop fs -chown hive_test /user/hive_test
{noformat}

and principal *hive_test*, created with below steps
{noformat}
kadmin.local
addprinc hive_test/domain@EXAMPLE.COM
exit and then kinit
kinit hive_test/domain@EXAMPLE.COM
{noformat}

> Hive hook should choose appropriate JAAS config if host uses kerberos ticket-cache
> ----------------------------------------------------------------------------------
>
>                 Key: ATLAS-1546
>                 URL: https://issues.apache.org/jira/browse/ATLAS-1546
>             Project: Atlas
>          Issue Type: Improvement
>          Components: atlas-intg
>    Affects Versions: 0.7-incubating, 0.8-incubating
>            Reporter: Madhan Neethiraj
>            Assignee: Nixon Rodrigues
>             Fix For: 0.8-incubating
>
>         Attachments: ATLAS-1546.1.patch, ATLAS-1546.patch, hiveenviro, hiveserver2_log.txt,
hs2.log.gz
>
>
> In a kerberized environment, Atlas hook uses JAAS configuration section named "KakfaClient"
to authenticate with Kafka broker. In a typical Hive deployment this configuration section
is set to use the keytab and principal of HiveServer2 process. The hook running in HiveCLI
might fail to authenticate with Kafka if the user can't read the configured keytab.
> Given that HiveCLI users would have performed kinit, the hook in HiveCLI should use the
ticket-cache generated by kinit. When ticket cache is not available (for example in HiveServer2),
the hook should use the configuration provided in KafkaClient JAAS section.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message