Hive 0.11 升级踩坑记——HiveServer2的imperson问题

前阶段线上在做Hive升级（CDH4.2.0 Hive 0.10——> Apache Hive0.11 with our patches）和Shark上线踩了不少坑，先来说一个Hiveserver的问题.

beeline进入后随便执行一个查询就会报错：

USERxxx don’t have write privilegs under /tmp/hive-hdfs

不对啊，已经启用了impersonation怎么还会去hdfs下的scratchdir写入临时文件呢？查看下代码发现原来CDH4.2的Hive的impersonation和hive0.11在这处的判断行为是不同的：

Hive0.11 apache：只有在启用kerberos才使用hive-xxx作为scratchdir否则使用hiveserver的start user的scratchdir

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

<code>if</code> <code>(</code>

<code>        </code><code>cliService.getHiveConf().getVar(ConfVars.HIVE_SERVER2_AUTHENTICATION)</code>

<code>        </code><code>.equals(HiveAuthFactory.AuthTypes.KERBEROS.toString())</code>

<code>        </code><code>&amp;&amp;</code>

<code>        </code><code>cliService.getHiveConf().</code>

<code>        </code><code>getBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS)</code>

<code>        </code><code>)</code>

<code>    </code><code>{</code>

<code>      </code><code>String delegationTokenStr = </code><code>null</code><code>;</code>

<code>      </code><code>try</code> <code>{</code>

<code>        </code><code>delegationTokenStr = cliService.getDelegationTokenFromMetaStore(userName);</code>

<code>      </code><code>} </code><code>catch</code> <code>(UnsupportedOperationException e) {</code>

<code>        </code><code>// The delegation token is not applicable in the given deployment mode</code>

<code>      </code><code>}</code>

<code>      </code><code>sessionHandle = cliService.openSessionWithImpersonation(userName, req.getPassword(),</code>

<code>            </code><code>req.getConfiguration(), delegationTokenStr);</code>

<code>    </code><code>} </code><code>else</code> <code>{</code>

<code>      </code><code>sessionHandle = cliService.openSession(userName, req.getPassword(),</code>

<code>            </code><code>req.getConfiguration());</code>

<code>    </code><code>}</code>

Cloudera4.2.0的Hive0.10是只要启用了impersonation就使用独自的scratchdir...

<code>if</code> <code>(cliService.getHiveConf().</code>

<code>          </code><code>getBoolVar(HiveConf.ConfVars.HIVE_SERVER2_KERBEROS_IMPERSONATION)) {</code>

<code>        </code><code>String delegationTokenStr = </code><code>null</code><code>;</code>

<code>        </code><code>try</code> <code>{</code>

<code>          </code><code>delegationTokenStr = cliService.getDelegationTokenFromMetaStore(userName);</code>

<code>        </code><code>} </code><code>catch</code> <code>(UnsupportedOperationException e) {</code>

<code>          </code><code>// The delegation token is not applicable in the given deployment mode</code>

<code>        </code><code>}</code>

<code>        </code><code>sessionHandle = cliService.openSessionWithImpersonation(userName, req.getPassword(),</code>

<code>              </code><code>req.getConfiguration(), delegationTokenStr);</code>

<code>      </code><code>} </code><code>else</code> <code>{</code>

<code>        </code><code>sessionHandle = cliService.openSession(userName, req.getPassword(),</code>

<code>              </code><code>req.getConfiguration());</code>

workaround也简单，就是把/tmp/hive-hdfs改成777就好了=。=坑爹啊

本文转自MIKE老毕 51CTO博客，原文链接：http://blog.51cto.com/boylook/1352929，如需转载请自行联系原作者