IBM Support

Configure Ambari Hive view in Kerberos enabled clusters - Hadoop Dev

Technical Blog Post


Abstract

Configure Ambari Hive view in Kerberos enabled clusters - Hadoop Dev

Body

Overview:

The upcoming IOP 4.3 release, currently available for tech preview, includes two views that can be configured and used for executing Hive queries from the Ambari web interface, viz. the Hive View 1.0.0 – which works with Thrift Java API and the Hive View 1.5.0 – which works with the JDBC client. The blog https://developer.ibm.com/hadoop/2015/10/28/use-ambari-hive-view-write-execute-debug-hive-queries/ describes the configuration steps for a non-Kerberized cluster. For Kerberos enabled clusters, the Ambari Server instance and the view itself must be configured for Kerberos. This blog post covers the additional steps required for successfully configuring and executing Hive views in a Kerberized environment.

1. Configure the ambari-server instance for Kerberos

  • Navigate to the /etc/security/keytabs folder on the ambari-server host, run kadmin, create an ambari-server principal in the KDC, and generate a keytab for it.

  • Stop Ambari server
  • Run ambari-server setup-security and select option 3 – Setup Ambari kerberos JAAS configuration.
  • Provide the Kerberos principal name for ambari-server created earlier and provide the path to its keytab.

  • Restart Ambari server

2. Setup the proxyuser for hosts and groups for the ambari-server Kerberos principal

  • From the Ambari dashboard, navigate to HDFS->Configs->Advanced tab.
  • Expand the Custom core-site section and add the following new config properties:

hadoop.proxyuser.ambari-server.groups = *
hadoop.proxyuser.ambari-server.hosts = *

  • Save the configuration changes and restart services as recommended.

3. Create the /user/admin folder on HDFS:

For this example, since admin is the logged-in user, the /user/admin folder needs to be created. This is required because Hive view stores user metadata in the /user/<logged-in-user> folder.

su – hdfs
hadoop fs -mkdir /user/admin
hadoop fs -chown admin:hadoop /user/admin

4. Create a user for the ambari-server Kerberos principal and add it to the hadoop group

useradd -d /home/ambari-server -g hadoop -m ambari-server

 5. Create a view instance:

Navigate to the Ambari admin view, expand Views->Hive and click on Create Instance. Select 1.0.0 or 1.5.0 in the Version drop down. The default version selected is 1.5.0.

For Kerberized clusters, the configuration settings that are important are the following:

  • Hive Authentication (Hive View 1.0.0) – Set this to include the value of  the configuration property hive.server2.authentication.kerberos.principal settings in hive-site.xml

  • Hive Session Parameters (Hive 1.5.0) – Set this to include the value of  the configuration property hive.server2.authentication.kerberos.principal settings in hive-site.xml

  • WebHDFS Authentication – Set this to include the ambari-server Kerberos principal

  • Save and execute the view instance. You can now run Hive queries using the view instance.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCRJT","label":"IBM Db2 Big SQL"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

UID

ibm16260081

Page Feedback