2
私はhadoopクラスタをhadoop 2.7.2とハイブ2.1.0で設定しました。ハイブはハイブを偽装することが許可されていません
私は、次のコマンドを使用してハイブに接続するために真っすぐを使用しています:、最初に
beeline
beeline> !connect jdbc:hive2://localhost:10000
Enter username for jdbc:hive2://localhost:10000:
任意のユーザー名を入力し、正常ハイブに接続することができます。ただし、フォロー設定を構成すると、エラーが表示されます。
//within hive-site.xml and hiveserver2-site.xml
<property>
<name>hive.server2.enable.doAs</name>
<value>true</value>
<description>
Setting this property to true will have HiveServer2 execute
Hive operations as the user making the calls to it.
</description>
</property>
//within core-site.xml
<property>
<name>hadoop.proxyuser.hive.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.hive.groups</name>
<value>*</value>
</property>
私はHadoopクラスタを再起動したが、次のメッセージが表示されます。
Error: Failed to open new session: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive (state=,code=0)
hiveserver2のデバッグ出力は、次の通りである:
16/11/15 11:28:46 [IPC Client (241742811) connection to /10.104.90.40:8020 from hive]: DEBUG ipc.Client: IPC Client (241742811) connection to /10.104.90.40:8020 from hive: starting, having connections 1
16/11/15 11:28:46 [IPC Client (241742811) connection to /10.104.90.40:8020 from hive]: DEBUG ipc.Client: IPC Client (241742811) connection to /10.104.90.40:8020 from hive got value #-3
16/11/15 11:28:46 [IPC Client (241742811) connection to /10.104.90.40:8020 from hive]: DEBUG ipc.Client: closing ipc connection to /10.104.90.40:8020: User: hive is not allowed to impersonate hive
org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hadoop.ipc.Client.call(Client.java:1475)
at org.apache.hadoop.ipc.Client.call(Client.java:1412)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:229)
at com.sun.proxy.$Proxy27.getFileInfo(Unknown Source)
at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:771)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:191)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102)
at com.sun.proxy.$Proxy28.getFileInfo(Unknown Source)
at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:2108)
at org.apache.hadoop.hdfs.DistributedFileSystem$22.doCall(DistributedFileSystem.java:1305)
at org.apache.hadoop.hdfs.DistributedFileSystem$22.doCall(DistributedFileSystem.java:1301)
at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1301)
at org.apache.hadoop.fs.FileSystem.exists(FileSystem.java:1424)
at org.apache.hadoop.hive.ql.session.SessionState.createRootHDFSDir(SessionState.java:674)
at org.apache.hadoop.hive.ql.session.SessionState.createSessionDirs(SessionState.java:622)
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:550)
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:513)
at org.apache.hive.service.cli.session.HiveSessionImpl.open(HiveSessionImpl.java:165)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
at com.sun.proxy.$Proxy45.open(Unknown Source)
at org.apache.hive.service.cli.session.SessionManager.createSession(SessionManager.java:327)
at org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:279)
at org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:189)
at org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:414)
at org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:310)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1377)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1362)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
16/11/15 11:28:46 [IPC Client (241742811) connection to /10.104.90.40:8020 from hive]: DEBUG ipc.Client: IPC Client (241742811) connection to /10.104.90.40:8020 from hive: closed
16/11/15 11:28:46 [IPC Client (241742811) connection to /10.104.90.40:8020 from hive]: DEBUG ipc.Client: IPC Client (241742811) connection to /10.104.90.40:8020 from hive: stopped, remaining connections 0
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: WARN service.CompositeService: Failed to open session
java.lang.RuntimeException: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:89)
at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
at com.sun.proxy.$Proxy45.open(Unknown Source)
at org.apache.hive.service.cli.session.SessionManager.createSession(SessionManager.java:327)
at org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:279)
at org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:189)
at org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:414)
at org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:310)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1377)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1362)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:578)
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:513)
at org.apache.hive.service.cli.session.HiveSessionImpl.open(HiveSessionImpl.java:165)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
... 21 more
Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hadoop.ipc.Client.call(Client.java:1475)
at org.apache.hadoop.ipc.Client.call(Client.java:1412)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:229)
at com.sun.proxy.$Proxy27.getFileInfo(Unknown Source)
at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:771)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:191)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102)
at com.sun.proxy.$Proxy28.getFileInfo(Unknown Source)
at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:2108)
at org.apache.hadoop.hdfs.DistributedFileSystem$22.doCall(DistributedFileSystem.java:1305)
at org.apache.hadoop.hdfs.DistributedFileSystem$22.doCall(DistributedFileSystem.java:1301)
at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1301)
at org.apache.hadoop.fs.FileSystem.exists(FileSystem.java:1424)
at org.apache.hadoop.hive.ql.session.SessionState.createRootHDFSDir(SessionState.java:674)
at org.apache.hadoop.hive.ql.session.SessionState.createSessionDirs(SessionState.java:622)
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:550)
... 28 more
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: DEBUG security.UserGroupInformation: PrivilegedAction as:hive (auth:PROXY) via hive (auth:SIMPLE) from:org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: INFO session.SessionState: Updating thread name to 74dcfeae-04c1-494d-b491-df53f0d20039 HiveServer2-Handler-Pool: Thread-38
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: INFO session.SessionState: Resetting thread name to HiveServer2-Handler-Pool: Thread-38
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: DEBUG session.SessionState: Removing resource dir /tmp/hive_resources
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: INFO hive.metastore: Trying to connect to metastore with URI thrift://10.104.90.40:9083
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: INFO hive.metastore: Opened a connection to metastore, current connections: 3
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: INFO hive.metastore: Connected to metastore.
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: DEBUG metadata.Hive: Closing current thread's connection to Hive Metastore.
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: INFO hive.metastore: Closed a connection to metastore, current connections: 2
16/11/15 11:28:46 [HiveServer2-Handler-Pool: Thread-38]: DEBUG ipc.Client: stopping client from cache: [email protected]
16/11/15 11:28:47 [HiveServer2-Handler-Pool: Thread-38]: WARN thrift.ThriftCLIService: Error opening session:
org.apache.hive.service.cli.HiveSQLException: Failed to open new session: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hive.service.cli.session.SessionManager.createSession(SessionManager.java:336)
at org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:279)
at org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:189)
at org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:414)
at org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:310)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1377)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1362)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:89)
at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
at com.sun.proxy.$Proxy45.open(Unknown Source)
at org.apache.hive.service.cli.session.SessionManager.createSession(SessionManager.java:327)
... 13 more
Caused by: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:578)
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:513)
at org.apache.hive.service.cli.session.HiveSessionImpl.open(HiveSessionImpl.java:165)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
... 21 more
Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive
at org.apache.hadoop.ipc.Client.call(Client.java:1475)
at org.apache.hadoop.ipc.Client.call(Client.java:1412)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:229)
at com.sun.proxy.$Proxy27.getFileInfo(Unknown Source)
at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:771)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:191)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102)
at com.sun.proxy.$Proxy28.getFileInfo(Unknown Source)
at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:2108)
at org.apache.hadoop.hdfs.DistributedFileSystem$22.doCall(DistributedFileSystem.java:1305)
at org.apache.hadoop.hdfs.DistributedFileSystem$22.doCall(DistributedFileSystem.java:1301)
at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1301)
at org.apache.hadoop.fs.FileSystem.exists(FileSystem.java:1424)
at org.apache.hadoop.hive.ql.session.SessionState.createRootHDFSDir(SessionState.java:674)
at org.apache.hadoop.hive.ql.session.SessionState.createSessionDirs(SessionState.java:622)
at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:550)
... 28 more
私はオンラインで検索、最も解決策を見つけましたこのエラーに関連した問題は、実際に設定した問題の原因となります。
誰もこの問題を解決する方法を知っていますか?
更新:
一部を試すの後、私はこのエラーはどのユーザーハイブのサービスを開始するために使用されているに関係することが分かりました。
私はユーザーがいる前にハイブハイブメタストアを開始すると、エラーメッセージにつながるhiveserver2。
しかし、ユーザーを使用してhadoopは、hiveserver2を開始するhadoop namenodeを開始したユーザーで、エラーメッセージを取り除きます。
私は、異なるユーザーを使用することが一時的な回避策である理由を理解していませんでした。
なぜ特定のユーザーでメタストアを開始したいのですか(なぜ、単にhadoopですか?)。 - ちょうど推測ですが、おそらく、メタストアを開始するユーザーは、configs/logsが配置される場所を定義します。また、一部のユーザーにとっては、これらの場所が存在しないか、または十分にアクセスできない場合があります。 –
最初は、それらのチュートリアルのほとんどがユーザーとしてハイブを使用しているからです。しかし、後で、私はすべてのハイブサービスのためのハイブを使用しているかもしれないと思う不必要なシースハイブユーザーは、ハイブフォルダに特権を持っていない、それはhadoopまたはスパークフォルダを台無しにすることはできません。 –
あなたのコメントから間違った結論が導き出されているかもしれませんが、間違ったフォルダにアクセスすることを心配している場合は、初期設定で「標準」ユーザーアカウントのみを使用し、カスタムユーザーアカウントで作業することをお勧めします。 (WangやadminWangのように)。 –