diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/mr/ExecDriver.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/mr/ExecDriver.java index 380cf08..9e33beb 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/mr/ExecDriver.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/mr/ExecDriver.java @@ -86,6 +86,7 @@ import org.apache.hadoop.mapred.JobClient; import org.apache.hadoop.mapred.JobConf; import org.apache.hadoop.mapred.RunningJob; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.logging.log4j.Level; import org.apache.logging.log4j.LogManager; @@ -739,6 +740,19 @@ public static void main(String[] args) throws IOException, HiveException { } int ret; if (localtask) { + // In secured cluster, the child process for local task needs to login and + // use service principal as the effective user. Otherwise, it would fail to + // authenticate against the services like HBase with the process user. + if (UserGroupInformation.isSecurityEnabled()) { + String principal = HiveConf.getVar(conf, ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL); + String keyTabFile = HiveConf.getVar(conf, ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB); + if (principal.isEmpty() || keyTabFile.isEmpty()) { + throw new IOException("HiveServer2 Kerberos principal or keytab is not correctly configured"); + } else { + UserGroupInformation.loginUserFromKeytab(SecurityUtil.getServerPrincipal(principal, "0.0.0.0"), keyTabFile); + } + } + memoryMXBean = ManagementFactory.getMemoryMXBean(); MapredLocalWork plan = Utilities.deserializePlan(pathData, MapredLocalWork.class, conf); MapredLocalTask ed = new MapredLocalTask(plan, conf, isSilent);