You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Eugene Koifman (JIRA)" <ji...@apache.org> on 2013/08/23 21:09:52 UTC

[jira] [Commented] (HIVE-5133) webhcat jobs that need to access metastore fails in secure mode

    [ https://issues.apache.org/jira/browse/HIVE-5133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748882#comment-13748882 ] 

Eugene Koifman commented on HIVE-5133:
--------------------------------------

1. Server#pig() & Server#mapReduceJar() - the JavaDoc lists all the parameters but no explanation of what each means.  At the very least new params should be documented.  Saying that it matches REST API isn’t really useful since http://hive.apache.org/docs/hcat_r0.5.0/pig.html doesn’t describe all of them, especially the parameter just added.
2. PigDelegator#hasPigArgUseHcat() - would be useful to add a comment about what -useHCatalog does (or a URL)
3. I think MSTokenCleanOutputFormat is missing from the patch
4. In TempletonControllerJob - wouldn’t be cleaner to pass a variable in TCJ c’tor() that says delegation token is needed rather than passing via args and having to remove it?
5. Why does TempletonControllerJob#run() use UserGroupInformation.getCurrentUser(), but TempletonControllerJob#buildHCatDeletgationToken() uses UgiFactory.  Is there specific reason for this?
6. I think it would be really useful to add 10-20 lines of JavaDoc that explains why this whole thing is implemented/how it’s designed.  It would be a big help for maintainers (and doc writes)

                
> webhcat jobs that need to access metastore fails in secure mode
> ---------------------------------------------------------------
>
>                 Key: HIVE-5133
>                 URL: https://issues.apache.org/jira/browse/HIVE-5133
>             Project: Hive
>          Issue Type: Bug
>          Components: WebHCat
>    Affects Versions: 0.11.0
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>         Attachments: HIVE-5133.1.patch
>
>
> Webhcat job submission requests result in the pig/hive/mr job being run from a map task that it launches. In secure mode, for the pig/hive/mr job that is run to be authorized to perform actions on metastore, it has to have the delegation tokens from the hive metastore.
> In case of pig/MR job this is needed if hcatalog is being used in the script/job.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira