You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "HeeSoo Kim (JIRA)" <ji...@apache.org> on 2015/06/25 23:14:04 UTC

[jira] [Updated] (HIVE-10838) Allow the Hive metastore client to bind to a specific address when connecting to the server

     [ https://issues.apache.org/jira/browse/HIVE-10838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

HeeSoo Kim updated HIVE-10838:
------------------------------
    Attachment: HIVE-10838.patch

> Allow the Hive metastore client to bind to a specific address when connecting to the server
> -------------------------------------------------------------------------------------------
>
>                 Key: HIVE-10838
>                 URL: https://issues.apache.org/jira/browse/HIVE-10838
>             Project: Hive
>          Issue Type: Bug
>            Reporter: HeeSoo Kim
>            Assignee: HeeSoo Kim
>         Attachments: HIVE-10838.patch
>
>
> +*In a cluster with Kerberos authentication*+
> When a Hive metastore client (e.g. HS2, oozie) has been configured with a logical hostname (e.g. hiveserver/hiveserver_logical_hostname@EXAMPLE.COM), it still uses its physical hostname to try to connect to the hive metastore.
> For example, we specifiy, in hive-site.xml:
> {noformat}
> <property>
>   <name>hive.server2.authentication.kerberos.principal</name>
>   <value>hiveserver/hiveserver_logical_hostname@EXAMPLE.COM</value>
> </property>
> {noformat}
> When the client tried to get a delegation token from the metastore, an exception occurred:
> {noformat}
> 2015-05-21 23:17:59,554 ERROR metadata.Hive (Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized connection for super-user: hiveserver/hiveserver_logical_hostname@EXAMPLE.COM from IP 10.250.16.43)
>         at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
>         at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
>         at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
>         at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
>         at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
>         at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
>         at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
> {noformat}
> We need to set the bind address when Hive metastore client tries to connect Hive metastore based on logical hostname of Kerberos.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)