[jira] [Commented] (IMPALA-6789) Failed to launch HiveServer2 in minicluster after switching to Hadoop3

Fri, 03 Aug 2018 16:14:37 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-6789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568903#comment-16568903
 ] 

Quanlong Huang commented on IMPALA-6789:
----------------------------------------

This patch fixes builds in our env: https://gerrit.cloudera.org/#/c/11119/

> Failed to launch HiveServer2 in minicluster after switching to Hadoop3
> ----------------------------------------------------------------------
>
>                 Key: IMPALA-6789
>                 URL: https://issues.apache.org/jira/browse/IMPALA-6789
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Infrastructure
>            Reporter: Quanlong Huang
>            Priority: Major
>
> After switching to Hadoop3 by IMPALA-4277 (0812f87), the HiveServer2 in my 
> dev env failed to launch and kept warning that "User: quanlong.huang is not 
> allowed to impersonate foo".
> {code:java}
> java.lang.RuntimeException: java.lang.RuntimeException: 
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
>  User: quanlong.huang is not allowed to impersonate foo
>         at 
> org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:89)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at java.security.AccessController.doPrivileged(Native Method) 
> ~[?:1.8.0_121]
>         at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_121]
>         at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at com.sun.proxy.$Proxy37.open(Unknown Source) ~[?:?]
>         at 
> org.apache.hive.service.cli.session.SessionManager.createSession(SessionManager.java:411)
>  [hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:363)
>  [hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:189)
>  [hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:423)
>  [hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:312)
>  [hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1377)
>  [hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1362)
>  [hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) 
> [hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) 
> [hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56)
>  [hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
>  [hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>  [?:1.8.0_121]
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>  [?:1.8.0_121]
>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
> Caused by: java.lang.RuntimeException: 
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
>  User: quanlong.huang is not allowed to impersonate foo
>         at 
> org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:596) 
> ~[hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:539) 
> ~[hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.session.HiveSessionImpl.open(HiveSessionImpl.java:169)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_121]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_121]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_121]
>         at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
>         at 
> org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         ... 21 more
> Caused by: org.apache.hadoop.ipc.RemoteException: User: quanlong.huang is not 
> allowed to impersonate foo
>         at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1491) 
> ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at org.apache.hadoop.ipc.Client.call(Client.java:1437) 
> ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at org.apache.hadoop.ipc.Client.call(Client.java:1347) 
> ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:228)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:116)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at com.sun.proxy.$Proxy31.getFileInfo(Unknown Source) ~[?:?]
>         at 
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:875)
>  ~[hadoop-hdfs-client-3.0.0-cdh6.x-20180302.192732-2.jar:?]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_121]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_121]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_121]
>         at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
>         at 
> org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:422)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeMethod(RetryInvocationHandler.java:165)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invoke(RetryInvocationHandler.java:157)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeOnce(RetryInvocationHandler.java:95)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:359)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at com.sun.proxy.$Proxy32.getFileInfo(Unknown Source) ~[?:?]
>         at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:1643) 
> ~[hadoop-hdfs-client-3.0.0-cdh6.x-20180302.192732-2.jar:?]
>         at 
> org.apache.hadoop.hdfs.DistributedFileSystem$29.doCall(DistributedFileSystem.java:1494)
>  ~[hadoop-hdfs-client-3.0.0-cdh6.x-20180302.192732-2.jar:?]
>         at 
> org.apache.hadoop.hdfs.DistributedFileSystem$29.doCall(DistributedFileSystem.java:1491)
>  ~[hadoop-hdfs-client-3.0.0-cdh6.x-20180302.192732-2.jar:?]
>         at 
> org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
>  ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1506)
>  ~[hadoop-hdfs-client-3.0.0-cdh6.x-20180302.192732-2.jar:?]
>         at org.apache.hadoop.fs.FileSystem.exists(FileSystem.java:1668) 
> ~[hadoop-common-3.0.0-cdh6.x-20180302.191654-1.jar:?]
>         at 
> org.apache.hadoop.hive.ql.session.SessionState.createRootHDFSDir(SessionState.java:701)
>  ~[hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hadoop.hive.ql.session.SessionState.createSessionDirs(SessionState.java:640)
>  ~[hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:572) 
> ~[hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:539) 
> ~[hive-exec-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at 
> org.apache.hive.service.cli.session.HiveSessionImpl.open(HiveSessionImpl.java:169)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_121]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_121]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_121]
>         at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
>         at 
> org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
>  ~[hive-service-2.1.1-cdh6.x-SNAPSHOT.jar:2.1.1-cdh6.x-SNAPSHOT]
>         ... 21 more
> {code}
> [~philip] helps me to find that the root cause is HADOOP-7050. Hadoop 
> impersonation does not support username with dots so far. My username 
> contains a dot so it failed.
> It's hard for me to change my username or use another username due to some 
> company-specific security issues. Finally, I found a workaround for this.
> The source of the invocation is in ServiceCLIService#getSessionHandle
> {code:java}
>     if 
> (cliService.getHiveConf().getBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS) &&
>         (userName != null)) {
>       String delegationTokenStr = getDelegationToken(userName);
>       sessionHandle = cliService.openSessionWithImpersonation(protocol, 
> userName,
>           req.getPassword(), ipAddress, req.getConfiguration(), 
> delegationTokenStr);
>     } else {
>       sessionHandle = cliService.openSession(protocol, userName, 
> req.getPassword(),
>           ipAddress, req.getConfiguration());
>     }
> {code}
> So add this to the hive-site.xml works around the issue:
> {code:xml}
> <property>
>   <name>hive.server2.enable.doAs</name>
>   <value>false</value>
> </property>
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

Reply via email to