Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-6042

CDAP should work with Secure (HA) Hive

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.0.0, 4.3.3
    • Component/s: Explore, Security
    • Labels:
      None
    • Rank:
      1|hzzdfb:

      Description

      We need to figure out how Hive shares delegation token secret between Hive Server and Hive Metastore in secure mode.

      We have tried using Hive JDBC driver to talk to Hive from Hydrator plugins and got the following exception -

      org.apache.thrift.transport.TTransportException: Peer indicated failure: DIGEST-MD5: IO error acquiring password
      at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:190)
      

      This exception indicates that the delegation token generated by Hive Metastore cannot be decoded by Hive Server. https://issues.apache.org/jira/browse/HIVE-9100 has information on how to configure Hive to share the secret. We need to try out both DB mode and Zookeeper mode and have integration tests for this.

      Based on other documentation like http://www.cloudera.com/documentation/enterprise/5-6-x/topics/admin_ha_hivemetastore.html, it looks like DB mode is the preferred way for token store.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                poorna Poorna Chandra
                Reporter:
                poorna Poorna Chandra
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: