You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Dmitry Lysnichenko (JIRA)" <ji...@apache.org> on 2016/07/29 17:41:20 UTC

[jira] [Updated] (AMBARI-17964) Hive Ranger plug in broken after upgrade to HDP 2.4.0

     [ https://issues.apache.org/jira/browse/AMBARI-17964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dmitry Lysnichenko updated AMBARI-17964:
----------------------------------------
    Component/s: ambari-server

> Hive Ranger plug in broken after upgrade to HDP 2.4.0
> -----------------------------------------------------
>
>                 Key: AMBARI-17964
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17964
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>            Reporter: Dmitry Lysnichenko
>            Assignee: Dmitry Lysnichenko
>         Attachments: AMBARI-17964.patch
>
>
> I've managed to reproduce the issue during Ambari upgrade 2.0.2 to 2.2.1.1.
> The issue seems to be that hive_security_authorization is missing in 2.0.2, so during upgrade hive_security_authorization it is added with value None (because code supports only Kerberos, and not Ranger), and then {{hive.security.authorization.manager}} and {{hive.security.authenticator.manager}} are  immediately removed at UpgradeCatalog210 if hive_security_authorization value is None.
> {code}
> boolean isHiveSecurityAuthPresent = cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive_security_authorization");
> String hiveSecurityAuth="";
> if ("kerberos".equalsIgnoreCase(hive_server2_auth) && cluster.getServices().containsKey("KERBEROS")){
> hiveSecurityAuth = "SQLStdAuth";
> isHiveSecurityAuthPresent = true;
> hiveEnvProps.put("hive_security_authorization", hiveSecurityAuth);
> } else {
> if (isHiveSecurityAuthPresent) {
> hiveSecurityAuth = cluster.getDesiredConfigByType("hive-env").getProperties().get("hive_security_authorization");
> }
> }
> if (isHiveSecurityAuthPresent && "none".equalsIgnoreCase(hiveSecurityAuth)) {
> hiveServerSiteRemoveProps.add("hive.security.authorization.manager");
> hiveServerSiteRemoveProps.add("hive.security.authenticator.manager");
> }
> updateConfigurationPropertiesForCluster(cluster, "hive-env", hiveEnvProps, true, true);
> removeConfigurationPropertiesFromCluster(cluster, "hiveserver2-site", hiveServerSiteRemoveProps);
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)