Critical Description
When starting up HiveMetastore under a Kerberized cluster, the following error occurs:
resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt /etc/security/keytabs/hive.service.keytab hive/host1.company.com@REALM; ' returned 1. kinit: Keytab contains no suitable keys for hive/host1.company.com@REALM while getting initial credentials
This happens when Hive Metastore and HiveServer2 principals are set up distinct from each other.
Hive Metastore is not using hive.metastore.kerberos.principal, but instead it uses hive.server2.authentication.kerberos.principal
Also, the following references hive_conf_dir:
https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py#L119-L120
In HDP2.3+ the following file content becomes UNSECURED
/var/lib/ambari-agent/data/structured-out-status.json
We need to either reference hive_server_conf_dir or set hive_conf_dir as hive_server_conf_dir somewhere:
https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/status_params.py#L90-L101
Solution
Since a kinit call here is unnecessary and the relevant configuration files are being created properly. Simply removing the kinit call (and related variabled) will fix the kinit failure issue.
For the hive_conf_dir issue, setting hive_conf_dir = hive_server_conf_dir in status_params.py, solves the issue.
Attachments
Attachments
Issue Links
- links to
