You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/09/18 00:33:04 UTC
[jira] [Commented] (AMBARI-13133) Hive Metastore did not start when
Kerberized
[ https://issues.apache.org/jira/browse/AMBARI-13133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14804645#comment-14804645 ]
Hadoop QA commented on AMBARI-13133:
------------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12757124/AMBARI-13133_branch2.1_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in ambari-server.
Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/3804//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3804//console
This message is automatically generated.
> Hive Metastore did not start when Kerberized
> --------------------------------------------
>
> Key: AMBARI-13133
> URL: https://issues.apache.org/jira/browse/AMBARI-13133
> Project: Ambari
> Issue Type: Bug
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Attachments: AMBARI-13133_branch2.1_01.patch, AMBARI-13133_trunk_01.patch
>
>
> When starting up HiveMetastore under a Kerberized cluster, the following error occurs:
> {code}
> resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt /etc/security/keytabs/hive.service.keytab hive/host1.company.com@REALM; ' returned 1. kinit: Keytab contains no suitable keys for hive/host1.company.com@REALM while getting initial credentials
> {code}
> This happens when Hive Metastore and HiveServer2 principals are set up distinct from each other.
> Hive Metastore is not using hive.metastore.kerberos.principal, but instead it uses hive.server2.authentication.kerberos.principal
> Also, the following references hive_conf_dir:
> https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py#L119-L120
> In HDP2.3+ the following file content becomes UNSECURED
> /var/lib/ambari-agent/data/structured-out-status.json
> We need to either reference hive_server_conf_dir or set hive_conf_dir as hive_server_conf_dir somewhere:
> https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/status_params.py#L90-L101
> *Solution*
> Since a kinit call here is unnecessary and the relevant configuration files are being created properly. Simply removing the kinit call (and related variabled) will fix the kinit failure issue.
> For the hive_conf_dir issue, setting {{hive_conf_dir = hive_server_conf_dir}} in status_params.py, solves the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)