You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "HeeSoo Kim (JIRA)" <ji...@apache.org> on 2015/06/25 23:14:04 UTC
[jira] [Updated] (HIVE-10838) Allow the Hive metastore client to
bind to a specific address when connecting to the server
[ https://issues.apache.org/jira/browse/HIVE-10838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
HeeSoo Kim updated HIVE-10838:
------------------------------
Attachment: HIVE-10838.patch
> Allow the Hive metastore client to bind to a specific address when connecting to the server
> -------------------------------------------------------------------------------------------
>
> Key: HIVE-10838
> URL: https://issues.apache.org/jira/browse/HIVE-10838
> Project: Hive
> Issue Type: Bug
> Reporter: HeeSoo Kim
> Assignee: HeeSoo Kim
> Attachments: HIVE-10838.patch
>
>
> +*In a cluster with Kerberos authentication*+
> When a Hive metastore client (e.g. HS2, oozie) has been configured with a logical hostname (e.g. hiveserver/hiveserver_logical_hostname@EXAMPLE.COM), it still uses its physical hostname to try to connect to the hive metastore.
> For example, we specifiy, in hive-site.xml:
> {noformat}
> <property>
> <name>hive.server2.authentication.kerberos.principal</name>
> <value>hiveserver/hiveserver_logical_hostname@EXAMPLE.COM</value>
> </property>
> {noformat}
> When the client tried to get a delegation token from the metastore, an exception occurred:
> {noformat}
> 2015-05-21 23:17:59,554 ERROR metadata.Hive (Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized connection for super-user: hiveserver/hiveserver_logical_hostname@EXAMPLE.COM from IP 10.250.16.43)
> at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
> at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
> at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
> at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
> at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
> at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
> at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
> {noformat}
> We need to set the bind address when Hive metastore client tries to connect Hive metastore based on logical hostname of Kerberos.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)