[ATLAS-1546] Hive hook should choose appropriate JAAS config if host uses kerberos ticket-cache - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7-incubating, 0.8-incubating
Fix Version/s: 0.8-incubating
Component/s: atlas-intg
Labels:
None

Description

In a kerberized environment, Atlas hook uses JAAS configuration section named "KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment this configuration section is set to use the keytab and principal of HiveServer2 process. The hook running in HiveCLI might fail to authenticate with Kafka if the user can't read the configured keytab.

Given that HiveCLI users would have performed kinit, the hook in HiveCLI should use the ticket-cache generated by kinit. When ticket cache is not available (for example in HiveServer2), the hook should use the configuration provided in KafkaClient JAAS section.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

hs2.log.gz
11/Feb/17 03:45
266 kB
Greg Senia
hive-site.xml
13/Feb/17 16:26
19 kB
Greg Senia
hiveserver2-site.xml
13/Feb/17 16:26
1 kB
Greg Senia
hiveserver2_log.txt
11/Feb/17 01:36
100 kB
Greg Senia
hiveenviro
11/Feb/17 07:21
22 kB
Greg Senia
ATLAS-1546.patch
10/Feb/17 14:27
9 kB
Nixon Rodrigues
ATLAS-1546.4.patch
20/Feb/17 12:16
2 kB
Nixon Rodrigues
ATLAS-1546.3.patch
16/Feb/17 10:46
9 kB
Nixon Rodrigues
ATLAS-1546.2.patch
13/Feb/17 18:28
9 kB
Greg Senia
ATLAS-1546.1.patch
11/Feb/17 02:08
10 kB
Madhan Neethiraj

Issue Links

duplicates

AMBARI-19790 HiveCLI and AtlasHook do not work correctly

Resolved

links to

Review request

Activity

People

Assignee:: Nixon Rodrigues

Reporter:: Madhan Neethiraj

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 10/Feb/17 07:41

Updated:: 07/Mar/17 20:50

Resolved:: 14/Feb/17 00:17