[jira] [Updated] (AMBARI-25925) The "hive.server2.enable.doAs" property cannot be set to true

Fri, 14 Apr 2023 00:50:15 -0700 


     [ 
https://issues.apache.org/jira/browse/AMBARI-25925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

caijialiang updated AMBARI-25925:
---------------------------------
    Summary: The "hive.server2.enable.doAs" property cannot be set to true  
(was: "hive.server2.enable.doAs" property cannot be set to true)

> The "hive.server2.enable.doAs" property cannot be set to true
> -------------------------------------------------------------
>
>                 Key: AMBARI-25925
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25925
>             Project: Ambari
>          Issue Type: Bug
>    Affects Versions: 2.8.0
>            Reporter: caijialiang
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The "hive.server2.enable.doAs" property cannot be set to true due to a bug in 
> the code. This results in doAs always being true and unable to be set to 
> false, even if ranger is enabled. The recommended setting for 
> "hive.server2.enable.doAs" is false, but this cannot be configured when 
> Kerberos is enabled. This issue affects ranger validation. Additionally, the 
> issue mentioned in the comment does not require setting doAs; instead, 
> setting "hive.metastore.event.db.notification.api.auth" to false is 
> sufficient when hive proxy user is not set.
> {code:java}
> ########################################################
> # https://issues.apache.org/jira/browse/HIVE-19740
> # This is not a bug but after 2.x 
> hive.metastore.event.db.notification.api.auth is true by default so if you 
> just upgrade the version in a kerberized cluster, hiverserver2 will probably 
> not be able to connect to the metastore. As specified here this can solved by 
> setting hive.metastore.event.db.notification.api.auth to false or adding 
> something like this to your core.xml or hive-site.xml:
> ########################################################
> core_site_config = dict(config['configurations']['core-site'])
> if format("hadoop.proxyuser.{hive_user}.hosts") not in core_site_config and 
> format("hadoop.proxyuser.{hive_user}.groups") not in core_site_config:
>   hive_site_config["hive.metastore.event.db.notification.api.auth"] = "false"
>   hive_site_config["hive.server2.enable.doAs"] = "false"
> else:
>   hive_site_config["hive.metastore.event.db.notification.api.auth"] = "true"
>   hive_site_config["hive.server2.enable.doAs"] = "true" {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to