----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59701/#review178859 -----------------------------------------------------------
Ship it! Ship It! - Mugdha Varadkar On June 23, 2017, 1:04 p.m., Vishal Suvagia wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/59701/ > ----------------------------------------------------------- > > (Updated June 23, 2017, 1:04 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Gautam Borad, Madhan > Neethiraj, Mugdha Varadkar, Nixon Rodrigues, Robert Levas, and Sumit Mohanty. > > > Bugs: AMBARI-21154 > https://issues.apache.org/jira/browse/AMBARI-21154 > > > Repository: ambari > > > Description > ------- > > In a kerberized environment, Atlas hook uses JAAS configuration section named > "KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment > this configuration section is set to use the keytab and principal of > HiveServer2 process. The hook running in HiveCLI might fail to authenticate > with Kafka if the user can't read the configured keytab. > > Given that HiveCLI users would have performed kinit, the hook in HiveCLI > should use the ticket-cache generated by kinit. When ticket cache is not > available (for example in HiveServer2), the hook should use the configuration > provided in KafkaClient JAAS section > > As a solution need to add below in hive atlas-application.properties by > default if atlas-hive hook is enabled in secure mode > > atlas.jaas.ticketBased-KafkaClient.loginModuleControlFlag=required > atlas.jaas.ticketBased-KafkaClient.loginModuleName=com.sun.security.auth.module.Krb5LoginModule > atlas.jaas.ticketBased-KafkaClient.option.useTicketCache=true > > The attached patch is for trunk branch, patch for branch-2.5 is attached to > Apache Jira > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/service_advisor.py > 6d3e13d > ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml > a29f74b > > ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml > 8c659ee > ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml > 3054ca3 > ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py > f8bbca5 > ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml > 1cbd78b > > ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml > ede267a > ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml > b70943b > ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py > d4d28c9 > > > Diff: https://reviews.apache.org/r/59701/diff/3/ > > > Testing > ------- > > Verified fresh install and upgrade on Cent-OS-6. > > > Thanks, > > Vishal Suvagia > >