[
https://issues.apache.org/jira/browse/HIVE-19740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16554885#comment-16554885
]
Rajkumar Singh edited comment on HIVE-19740 at 7/24/18 11:01 PM:
-----------------------------------------------------------------
it seem proxy user auth check is applicable for both the case
{code}
HiveMetaStore.java
private void authorizeProxyPrivilege() throws Exception {
// Skip the auth in embedded mode or if the auth is disabled
if (!isMetaStoreRemote() ||
!MetastoreConf.getBoolVar(conf,
ConfVars.EVENT_DB_NOTIFICATION_API_AUTH)) {
return;
}
String user = null;
try {
user = SecurityUtils.getUGI().getShortUserName();
} catch (Exception ex) {
LOG.error("Cannot obtain username", ex);
throw ex;
}
if (!MetaStoreUtils.checkUserHasHostProxyPrivileges(user, conf,
getIPAddress())) {
throw new MetaException("User " + user + " is not allowed to perform
this API call");
}
}
{code}
as suggested by [~jmarhuen] you eighter need to add
hadoop.proxyuser.hive.hosts/group in core-site or disable the
hive.metastore.event.db.notification.api.auth. otherwise you will see "User
hive is not allowed to perform this API call"
was (Author: rajkumar singh):
it seem proxy user auth check is applicable for both the case
{code}
HiveMetaStore.jav
private void authorizeProxyPrivilege() throws Exception {
// Skip the auth in embedded mode or if the auth is disabled
if (!isMetaStoreRemote() ||
!MetastoreConf.getBoolVar(conf,
ConfVars.EVENT_DB_NOTIFICATION_API_AUTH)) {
return;
}
String user = null;
try {
user = SecurityUtils.getUGI().getShortUserName();
} catch (Exception ex) {
LOG.error("Cannot obtain username", ex);
throw ex;
}
if (!MetaStoreUtils.checkUserHasHostProxyPrivileges(user, conf,
getIPAddress())) {
throw new MetaException("User " + user + " is not allowed to perform
this API call");
}
}
{code}
as suggested by [~jmarhuen] you eighter need to add
hadoop.proxyuser.hive.hosts/group in core-site or disable the
hive.metastore.event.db.notification.api.auth. otherwise you will see "User
hive is not allowed to perform this API call"
> Hiveserver2 can't connect to metastore when using Hive 3.0
> ----------------------------------------------------------
>
> Key: HIVE-19740
> URL: https://issues.apache.org/jira/browse/HIVE-19740
> Project: Hive
> Issue Type: Bug
> Affects Versions: 3.0.0
> Reporter: heyang wang
> Priority: Major
> Attachments: hive-site.xml
>
>
> I am using docker to deploy Hadoop 2.7, Hive 3.0 and Spark 2.3.
> After starting all the docker image. Hive server2 can't start while
> outputting the following error log:
> 2018-05-30T14:13:53,832 WARN [main]: server.HiveServer2
> (HiveServer2.java:startHiveServer2(1041)) - Error starting HiveServer2 on
> attempt 1, will retry in 60000ms
> java.lang.RuntimeException: Error initializing notification event poll
> at org.apache.hive.service.server.HiveServer2.init(HiveServer2.java:269)
> ~[hive-service-3.0.0.jar:3.0.0]
> at
> org.apache.hive.service.server.HiveServer2.startHiveServer2(HiveServer2.java:1013)
> [hive-service-3.0.0.jar:3.0.0]
> at
> org.apache.hive.service.server.HiveServer2.access$1800(HiveServer2.java:134)
> [hive-service-3.0.0.jar:3.0.0]
> at
> org.apache.hive.service.server.HiveServer2$StartOptionExecutor.execute(HiveServer2.java:1282)
> [hive-service-3.0.0.jar:3.0.0]
> at org.apache.hive.service.server.HiveServer2.main(HiveServer2.java:1126)
> [hive-service-3.0.0.jar:3.0.0]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_131]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_131]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_131]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
> at org.apache.hadoop.util.RunJar.run(RunJar.java:221)
> [hadoop-common-2.7.4.jar:?]
> at org.apache.hadoop.util.RunJar.main(RunJar.java:136)
> [hadoop-common-2.7.4.jar:?]
> Caused by: java.io.IOException: org.apache.thrift.TApplicationException:
> Internal error processing get_current_notificationEventId
> at
> org.apache.hadoop.hive.metastore.messaging.EventUtils$MSClientNotificationFetcher.getCurrentNotificationEventId(EventUtils.java:75)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at
> org.apache.hadoop.hive.ql.metadata.events.NotificationEventPoll.<init>(NotificationEventPoll.java:103)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at
> org.apache.hadoop.hive.ql.metadata.events.NotificationEventPoll.initialize(NotificationEventPoll.java:59)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at org.apache.hive.service.server.HiveServer2.init(HiveServer2.java:267)
> ~[hive-service-3.0.0.jar:3.0.0]
> ... 10 more
> Caused by: org.apache.thrift.TApplicationException: Internal error
> processing get_current_notificationEventId
> at
> org.apache.thrift.TApplicationException.read(TApplicationException.java:111)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:79)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_current_notificationEventId(ThriftHiveMetastore.java:5541)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_current_notificationEventId(ThriftHiveMetastore.java:5529)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at
> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getCurrentNotificationEventId(HiveMetaStoreClient.java:2713)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_131]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_131]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_131]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
> at
> org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.invoke(RetryingMetaStoreClient.java:212)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at com.sun.proxy.$Proxy34.getCurrentNotificationEventId(Unknown Source)
> ~[?:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_131]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_131]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_131]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
> at
> org.apache.hadoop.hive.metastore.HiveMetaStoreClient$SynchronizedHandler.invoke(HiveMetaStoreClient.java:2763)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at com.sun.proxy.$Proxy34.getCurrentNotificationEventId(Unknown Source)
> ~[?:?]
> at
> org.apache.hadoop.hive.metastore.messaging.EventUtils$MSClientNotificationFetcher.getCurrentNotificationEventId(EventUtils.java:73)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at
> org.apache.hadoop.hive.ql.metadata.events.NotificationEventPoll.<init>(NotificationEventPoll.java:103)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at
> org.apache.hadoop.hive.ql.metadata.events.NotificationEventPoll.initialize(NotificationEventPoll.java:59)
> ~[hive-exec-3.0.0.jar:3.0.0]
> at org.apache.hive.service.server.HiveServer2.init(HiveServer2.java:267)
> ~[hive-service-3.0.0.jar:3.0.0]
> ... 10 more
>
> On metastore container, I got similar error log as following:
>
> org.apache.thrift.TException: MetaException(message:User root is not allowed
> to perform this API call)
> at
> org.apache.hadoop.hive.metastore.HiveMetaStore$HMSHandler.get_current_notificationEventId(HiveMetaStore.java:7361)
> ~[hive-exec-3.0.0.jar:3.0.0]
>
> ERROR [pool-9-thread-75]: metastore.HiveMetaStore
> (HiveMetaStore.java:get_current_notificationEventId(7359)) - Not authorized
> to make the get_current_notificationEventId call. You can try to disable
> metastore.metastore.event.db.notification.api.auth
>
> After some search, I found those error seems to be related to new auth rule
> enhanced by Hive 3.0 on Hive replication as HIVE-17606 raised.
>
> I have attached my [^hive-site.xml] which contain only few basic settings. I
> am not sure what I encountered is a feature or bug, can anyone share some
> light on this?
>
> Update:
> After setting hive.metastore.event.db.notification.api.auth to false on
> hive-site.xml. Hiveserver2 can start and function normally.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
