Configuring custom Kerberos principal for Hive and Hive-on-Tez
Use the steps given here to configure a custom Kerberos principal for Hive and Hive-on-Tez.
-
Create a new Hive custom Kerberos principal, for example,
hivefoo, by using the
kadmin command.
kadmin addprinc -pw example hivefoo xst -k /tmp/hivefoo.keytab
-
Create a linux user on all hosts of this cluster.
useradd hivefoo usermod -a -G hive hivefoo
- In Cloudera Manager, go to Clusters > HIVE and click Actions > Stop to stop the Hive services.
- In Cloudera Manager, go to Clusters > HIVE > Configuration and search for “Kerberos”.
- Enter the custom Kerberos principal, hivefoo, in the Kerberos Principal field.
-
The /hiveserver2 node is created when the HiveServer2 is launched for the first
time. All instance nodes are created under /hiveserver2. When the kerberos
principal name is changed, the parent node must be deleted so that a new parent
node can be automatically recreated with the new ACL.
kinit zookeeper zookeeper-client delete /hiveserver2
-
Use the following commands to set up the HDFS user home directory:
kinit hdfs hadoop fs -mkdir /user/hivefoo hadoop fs -chown hivefoo:hive /user/hivefoo
- In Cloudera Manager, go to Clusters > YARN > Configuration and search for Allowed System Users. Use the Add (+) icon to add hivefoo to the list of Allowed System Users.
- In Cloudera Manager, go to Clusters > HIVE and click Actions > Start to start Hive services.