You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Sanket Gaykar <sa...@gmail.com> on 2019/02/26 05:51:33 UTC
Import hive metadata in kerberized atlas
Hi,
We have kerberized atlas setup on dedicated instance. Hbase (Kerberos) is
used as a storage backend. Whereas hive metastore uses simple
authentication.
Properties set for kerberos in atlas-appication.properties:
atlas.authentication.method.kerberos=true
atlas.authentication.keytab=/etc/atlas.keytab
atlas.authentication.principal=atlas/<FQDN>@<REALM>
While executing import-hive.sh on hive cluster we get error:
"Authentication is enabled and user is not specified. Specify user.name
parameter"
We also found properties atlas.authentication.*method*.keytab
atlas.authentication.*method*.principal in *AtlasAuthenticationFilter*
class.
Can someone please tell what should be the values for this properties?
Re: Import hive metadata in kerberized atlas
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
>>Does hive atlas hook also uses this kerberos properties while importing
>> data from metastore?
Yes
On Tue, Feb 26, 2019 at 3:09 PM Sanket Gaykar <sa...@gmail.com>
wrote:
> Hi Nixon,
>
> Thanks for reply.
> Does hive atlas hook also uses this kerberos properties while importing
> data from metastore?
>
> On Tue, 26 Feb 2019 at 14:55, Nixon Rodrigues <
> nixon.rodrigues@freestoneinfotech.com> wrote:
>
> > Sanket,
> >
> > Ideally in a kerberized cluster, every component is expected to be
> running
> > in Kerberos mode.
> >
> > Please find Kerberos related properties used in Atlas with values
> >
> > atlas.authentication.keytab=/etc/security/keytabs/atlas.service.keytab //
> > atlas service keytab
> > atlas.authentication.method.kerberos=true
> >
> >
> atlas.authentication.method.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab
> > // spengo service keytab
> > atlas.authentication.method.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
> > atlas.authentication.method.kerberos.name.rules=RULE:[1:$1@$0](
> > ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/\.........\DEFAULT
> >
> > HTH
> >
> >
> > On Tue, Feb 26, 2019 at 11:21 AM Sanket Gaykar <
> sanketgaykar.333@gmail.com
> > >
> > wrote:
> >
> > > Hi,
> > >
> > > We have kerberized atlas setup on dedicated instance. Hbase (Kerberos)
> is
> > > used as a storage backend. Whereas hive metastore uses simple
> > > authentication.
> > >
> > > Properties set for kerberos in atlas-appication.properties:
> > >
> > > atlas.authentication.method.kerberos=true
> > > atlas.authentication.keytab=/etc/atlas.keytab
> > > atlas.authentication.principal=atlas/<FQDN>@<REALM>
> > >
> > > While executing import-hive.sh on hive cluster we get error:
> > > "Authentication is enabled and user is not specified. Specify
> user.name
> > > parameter"
> > >
> > > We also found properties atlas.authentication.*method*.keytab
> > > atlas.authentication.*method*.principal in *AtlasAuthenticationFilter*
> > > class.
> > >
> > > Can someone please tell what should be the values for this properties?
> > >
> >
>
Re: Import hive metadata in kerberized atlas
Posted by Sanket Gaykar <sa...@gmail.com>.
Hi Nixon,
Thanks for reply.
Does hive atlas hook also uses this kerberos properties while importing
data from metastore?
On Tue, 26 Feb 2019 at 14:55, Nixon Rodrigues <
nixon.rodrigues@freestoneinfotech.com> wrote:
> Sanket,
>
> Ideally in a kerberized cluster, every component is expected to be running
> in Kerberos mode.
>
> Please find Kerberos related properties used in Atlas with values
>
> atlas.authentication.keytab=/etc/security/keytabs/atlas.service.keytab //
> atlas service keytab
> atlas.authentication.method.kerberos=true
>
> atlas.authentication.method.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab
> // spengo service keytab
> atlas.authentication.method.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
> atlas.authentication.method.kerberos.name.rules=RULE:[1:$1@$0](
> ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/\.........\DEFAULT
>
> HTH
>
>
> On Tue, Feb 26, 2019 at 11:21 AM Sanket Gaykar <sanketgaykar.333@gmail.com
> >
> wrote:
>
> > Hi,
> >
> > We have kerberized atlas setup on dedicated instance. Hbase (Kerberos) is
> > used as a storage backend. Whereas hive metastore uses simple
> > authentication.
> >
> > Properties set for kerberos in atlas-appication.properties:
> >
> > atlas.authentication.method.kerberos=true
> > atlas.authentication.keytab=/etc/atlas.keytab
> > atlas.authentication.principal=atlas/<FQDN>@<REALM>
> >
> > While executing import-hive.sh on hive cluster we get error:
> > "Authentication is enabled and user is not specified. Specify user.name
> > parameter"
> >
> > We also found properties atlas.authentication.*method*.keytab
> > atlas.authentication.*method*.principal in *AtlasAuthenticationFilter*
> > class.
> >
> > Can someone please tell what should be the values for this properties?
> >
>
Re: Import hive metadata in kerberized atlas
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
Sanket,
Ideally in a kerberized cluster, every component is expected to be running
in Kerberos mode.
Please find Kerberos related properties used in Atlas with values
atlas.authentication.keytab=/etc/security/keytabs/atlas.service.keytab //
atlas service keytab
atlas.authentication.method.kerberos=true
atlas.authentication.method.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab
// spengo service keytab
atlas.authentication.method.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
atlas.authentication.method.kerberos.name.rules=RULE:[1:$1@$0](
ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/\.........\DEFAULT
HTH
On Tue, Feb 26, 2019 at 11:21 AM Sanket Gaykar <sa...@gmail.com>
wrote:
> Hi,
>
> We have kerberized atlas setup on dedicated instance. Hbase (Kerberos) is
> used as a storage backend. Whereas hive metastore uses simple
> authentication.
>
> Properties set for kerberos in atlas-appication.properties:
>
> atlas.authentication.method.kerberos=true
> atlas.authentication.keytab=/etc/atlas.keytab
> atlas.authentication.principal=atlas/<FQDN>@<REALM>
>
> While executing import-hive.sh on hive cluster we get error:
> "Authentication is enabled and user is not specified. Specify user.name
> parameter"
>
> We also found properties atlas.authentication.*method*.keytab
> atlas.authentication.*method*.principal in *AtlasAuthenticationFilter*
> class.
>
> Can someone please tell what should be the values for this properties?
>