Robert Levas created AMBARI-13133:
-------------------------------------
Summary: Hive Metastore did not start when Kerberized
Key: AMBARI-13133
URL: https://issues.apache.org/jira/browse/AMBARI-13133
Project: Ambari
Issue Type: Bug
Reporter: Robert Levas
Priority: Critical
When starting up HiveMetastore under a Kerberized cluster, the following error
occurs:
{code}
resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt
/etc/security/keytabs/hive.service.keytab hive/host1.company.com@REALM; '
returned 1. kinit: Keytab contains no suitable keys for
hive/host1.company.com@REALM while getting initial credentials
{code}
This happens when Hive Metastore and HiveServer2 principals are set up distinct
from each other.
Hive Metastore is not using hive.metastore.kerberos.principal, but instead it
uses hive.server2.authentication.kerberos.principal
Also, the following references hive_conf_dir:
https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py#L119-L120
In HDP2.3+ the following file content becomes UNSECURED
/var/lib/ambari-agent/data/structured-out-status.json
We need to either reference hive_server_conf_dir or set hive_conf_dir as
hive_server_conf_dir somewhere:
https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/status_params.py#L90-L101
*Solution*
Since a kinit call here is unnecessary and the relevant configuration files are
being created properly. Simply removing the kinit call (and related variabled)
will fix the kinit failure issue.
For the hive_conf_dir issue, setting {{hive_conf_dir = hive_server_conf_dir}}
in status_params.py, solves the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
