[jira] [Commented] (HIVE-13532) MapredLocalTask should use the same security settings as remote task
[ https://issues.apache.org/jira/browse/HIVE-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16430108#comment-16430108 ] Hive QA commented on HIVE-13532: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12918014/HIVE-13532.2.patch {color:red}ERROR:{color} -1 due to no test(s) being added or modified. {color:red}ERROR:{color} -1 due to 150 failed/errored test(s), 13584 tests executed *Failed tests:* {noformat} TestBeeLineDriver - did not produce a TEST-*.xml file (likely timed out) (batchId=252) TestCopyUtils - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestDbNotificationListener - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestDummy - did not produce a TEST-*.xml file (likely timed out) (batchId=252) TestExportImport - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestHCatHiveCompatibility - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestMiniDruidCliDriver - did not produce a TEST-*.xml file (likely timed out) (batchId=252) TestMiniDruidKafkaCliDriver - did not produce a TEST-*.xml file (likely timed out) (batchId=252) TestNegativeCliDriver - did not produce a TEST-*.xml file (likely timed out) (batchId=95)
[jira] [Commented] (HIVE-13532) MapredLocalTask should use the same security settings as remote task
[ https://issues.apache.org/jira/browse/HIVE-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16430016#comment-16430016 ] Hive QA commented on HIVE-13532: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 1s{color} | {color:blue} Findbugs executables are not available. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m 41s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 17s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 45s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 10s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 38s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 20s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 1m 20s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 44s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 3s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} asflicense {color} | {color:red} 0m 16s{color} | {color:red} The patch generated 1 ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 17m 15s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-10086/dev-support/hive-personality.sh | | git revision | master / a263f08 | | Default Java | 1.8.0_111 | | asflicense | http://104.198.109.242/logs//PreCommit-HIVE-Build-10086/yetus/patch-asflicense-problems.txt | | modules | C: ql U: ql | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-10086/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > MapredLocalTask should use the same security settings as remote task > > > Key: HIVE-13532 > URL: https://issues.apache.org/jira/browse/HIVE-13532 > Project: Hive > Issue Type: Bug > Components: Security >Affects Versions: 1.1.0 > Environment: HADOOP_PROXY_USER is set. >Reporter: Zhiwen Sun >Assignee: Changshu Liu >Priority: Major > Fix For: 1.3.0, 2.4.0 > > Attachments: HIVE-13532.1.patch, HIVE-13532.2.patch > > > Map join set HADOOP_USER_NAME should be realuser's username. > Current, hive set HADOOP_USER_NAME env for mapjoin local process according: > {quote} >String endUserName = Utils.getUGI().getShortUserName(); > {quote} > suppose set HADOOP_PROXY_USER=abc in shell. > map join local job will have following env: > {quote} > HADOOP_USER_NAME=abc > HADOOP_PROXY_NAME=abc > {quote} > this will cause such exception: > {quote} > java.io.IOException: > org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): > User: abc is not allowed to impersonate > {quote} > I think we should set HADOOP_USER_NAME to realuser: > {quote} >String endUserName = Utils.getUGI().getRealUser().getShortUserName(); > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-13532) MapredLocalTask should use the same security settings as remote task
[ https://issues.apache.org/jira/browse/HIVE-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16429979#comment-16429979 ] Changshu Liu commented on HIVE-13532: - RB: https://reviews.apache.org/r/66496/ > MapredLocalTask should use the same security settings as remote task > > > Key: HIVE-13532 > URL: https://issues.apache.org/jira/browse/HIVE-13532 > Project: Hive > Issue Type: Bug > Components: Security >Affects Versions: 1.1.0 > Environment: HADOOP_PROXY_USER is set. >Reporter: Zhiwen Sun >Assignee: Changshu Liu >Priority: Major > Fix For: 1.3.0, 2.4.0 > > Attachments: HIVE-13532.1.patch, HIVE-13532.2.patch > > > Map join set HADOOP_USER_NAME should be realuser's username. > Current, hive set HADOOP_USER_NAME env for mapjoin local process according: > {quote} >String endUserName = Utils.getUGI().getShortUserName(); > {quote} > suppose set HADOOP_PROXY_USER=abc in shell. > map join local job will have following env: > {quote} > HADOOP_USER_NAME=abc > HADOOP_PROXY_NAME=abc > {quote} > this will cause such exception: > {quote} > java.io.IOException: > org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): > User: abc is not allowed to impersonate > {quote} > I think we should set HADOOP_USER_NAME to realuser: > {quote} >String endUserName = Utils.getUGI().getRealUser().getShortUserName(); > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-13532) MapredLocalTask should use the same security settings as remote task
[ https://issues.apache.org/jira/browse/HIVE-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16429970#comment-16429970 ] Changshu Liu commented on HIVE-13532: - attached a patch, it tries to pass both HADOOP_USER_NAME and HADOOP_PROXY_USER env to spawn JVM, please review > MapredLocalTask should use the same security settings as remote task > > > Key: HIVE-13532 > URL: https://issues.apache.org/jira/browse/HIVE-13532 > Project: Hive > Issue Type: Bug >Affects Versions: 1.1.0 > Environment: HADOOP_PROXY_USER is set. >Reporter: Zhiwen Sun >Assignee: Changshu Liu >Priority: Major > Attachments: HIVE-13532.1.patch, HIVE-13532.2.patch > > > Map join set HADOOP_USER_NAME should be realuser's username. > Current, hive set HADOOP_USER_NAME env for mapjoin local process according: > {quote} >String endUserName = Utils.getUGI().getShortUserName(); > {quote} > suppose set HADOOP_PROXY_USER=abc in shell. > map join local job will have following env: > {quote} > HADOOP_USER_NAME=abc > HADOOP_PROXY_NAME=abc > {quote} > this will cause such exception: > {quote} > java.io.IOException: > org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): > User: abc is not allowed to impersonate > {quote} > I think we should set HADOOP_USER_NAME to realuser: > {quote} >String endUserName = Utils.getUGI().getRealUser().getShortUserName(); > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-13532) MapredLocalTask should use the same security settings as remote task
[ https://issues.apache.org/jira/browse/HIVE-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16429881#comment-16429881 ] Changshu Liu commented on HIVE-13532: - We encountered this issue using Hive 1.2 branch, the problem is that the MapredLocalTask dose not respect the Hive (Hive CLI and HiveServer2) security settings, here are the full call stack: 2018-03-06 19:48:00,343 INFO [main]: exec.HashTableSinkOperator (Operator.java:initialize(373)) - Initialization Done 1 HASHTABLESINK done is reset. 2018-03-06 19:48:00,343 INFO [main]: exec.HashTableSinkOperator (Operator.java:initializeChildren(430)) - Operator 1 HASHTABLESINK initialized 2018-03-06 19:48:00,344 INFO [main]: mr.MapredLocalTask (MapredLocalTask.java:initializeOperators(465)) - fetchoperator for $INTNAME initialized 2018-03-06 19:48:02,281 ERROR [main]: mr.MapredLocalTask (MapredLocalTask.java:executeInProcess(361)) - Hive Runtime Error: Map local work failed java.io.IOException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: abc is not allowed to impersonate abc at org.apache.hadoop.hive.ql.exec.FetchOperator.getNextRow(FetchOperator.java:508) at org.apache.hadoop.hive.ql.exec.mr.MapredLocalTask.startForward(MapredLocalTask.java:409) at org.apache.hadoop.hive.ql.exec.mr.MapredLocalTask.startForward(MapredLocalTask.java:384) at org.apache.hadoop.hive.ql.exec.mr.MapredLocalTask.executeInProcess(MapredLocalTask.java:350) at org.apache.hadoop.hive.ql.exec.mr.ExecDriver.main(ExecDriver.java:746) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hadoop.util.RunJar.run(RunJar.java:221) at org.apache.hadoop.util.RunJar.main(RunJar.java:136) Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: monarch is not allowed to impersonate monarch at org.apache.hadoop.ipc.Client.call(Client.java:1476) at org.apache.hadoop.ipc.Client.call(Client.java:1407) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:229) at com.sun.proxy.$Proxy11.getFileInfo(Unknown Source) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:771) > MapredLocalTask should use the same security settings as remote task > > > Key: HIVE-13532 > URL: https://issues.apache.org/jira/browse/HIVE-13532 > Project: Hive > Issue Type: Bug >Affects Versions: 1.1.0 > Environment: HADOOP_PROXY_USER is set. >Reporter: Zhiwen Sun >Assignee: Changshu Liu >Priority: Major > > Map join set HADOOP_USER_NAME should be realuser's username. > Current, hive set HADOOP_USER_NAME env for mapjoin local process according: > {quote} >String endUserName = Utils.getUGI().getShortUserName(); > {quote} > suppose set HADOOP_PROXY_USER=abc in shell. > map join local job will have following env: > {quote} > HADOOP_USER_NAME=abc > HADOOP_PROXY_NAME=abc > {quote} > this will cause such exception: > {quote} > java.io.IOException: > org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): > User: abc is not allowed to impersonate > {quote} > I think we should set HADOOP_USER_NAME to realuser: > {quote} >String endUserName = Utils.getUGI().getRealUser().getShortUserName(); > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)