user impersonation in Livy not working

Tue, 10 Jul 2018 08:53:45 -0700 

Hi,
I have been unable to get proxyUsers to work with Livy.   I seem to have 
Kerberos configured correctly, as evidenced by the last beeline command.  When 
I start a livy session the server log will usually say something like: “owner: 
kylo, proxyUser: Some(dladmin)” so it seems the server should know what to do.  
 But no matter what I try I always get “org.apache.spark.sql.AnalysisException: 
Table not found”

# Ambari config
[/var/folders/_n/k2nq_2fx5t5__fcxqdl2tc6j_p8_px/T/com.microsoft.Outlook/WebArchiveCopyPasteTempFiles/p1426]

# Livy Configuration
livy.impersonation.enabled = true
livy.server.auth.type = kerberos
livy.server.launch.kerberos.principal = kylo/sandbox.kylo.io@KYLO
livy.server.launch.kerberos.keytab = /etc/security/keytabs/kylo.keytab
livy.server.auth.kerberos.principal = HTTP/sandbox.kylo.io@KYLO
livy.server.auth.kerberos.keytab = /etc/security/keytabs/spnego.service.keytab
livy.server.access_control.enabled = true
livy.server.access_control.users = kylo,dladmin
livy.server.access_control.modify-users = kylo
livy.superusers = kylo

# Curl connect
kinit -kt /etc/security/keytabs/kylo.keytab kylo/sandbox.kylo.io@KYLO
klist
curl --negotiate -u : -s -X POST --data '{"kind": "spark", "proxyUser": 
"dladmin"}' -H "Content-Type: application/json" sandbox.kylo.io:8998/sessions
curl --negotiate -u : -s -X GET sandbox.kylo.io:8998/sessions
* NOTE: verify proxyUser="dladmin" in response.  it will be null if 
impersonation is not enabled

# submit this code to Livy:
sqlContext.sql("select * from default.d4").show()

# Response:
{
"code": "sqlContext.sql(\"select * from default.d4\").show()",
"id": 0,
"output": {
"ename": "Error",
"evalue": "org.apache.spark.sql.AnalysisException: Table not found: 
`default`.`d4`;",
....

# Can "dladmin" see table data?
[root@sandbox more]# beeline -u 
"jdbc:hive2://localhost:10000/;principal=hive/sandbox.kylo.io@KYLO;;hive.server2.proxy.user=dladmin"
Connecting to 
jdbc:hive2://localhost:10000/;principal=hive/sandbox.kylo.io@KYLO;;hive.server2.proxy.user=dladmin
Connected to: Apache Hive (version 1.2.1000.2.5.6.0-40)
Driver: Hive JDBC (version 1.2.1000.2.5.6.0-40)
Transaction isolation: TRANSACTION_REPEATABLE_READ
Beeline version 1.2.1000.2.5.6.0-40 by Apache Hive
0: jdbc:hive2://localhost:10000/> select * from default.d4;
+--------+--+
| d4.d4 |
+--------+--+
| d4 |
+--------+--+
1 row selected (0.132 seconds)

Reply via email to