Migrating Hive Workloads to Cloudera Private CloudPDF version

Making the Hive plugin for Ranger visible

After upgrading from HDP or CDH clusters to Cloudera, the Hive plugin for the Hive Metastore and HiveServer2 appears in the Ranger Admin UI unless configuration property problems due to upgrading exist. You can rectify the incorrect properties to fix the problem.

If the Hive Metastore plugin does not appear in the Ranger Admin UI, you must remove the following property settings from Hive Metastore hive-site.xml safety valve:
  • hive.security.authorization.enabled
  • hive.security.authorization.manager
  • hive.security.metastore.authorization.manager
If the HiveServer2 plugin does not appear in the Ranger Admin UI, you must remove the following property settings from HiveServer2 hive-site.xml safety valve:
  • hive.security.authorization.enabled
  • hive.security.authorization.manager
  • hive.security.metastore.authorization.manager
  • hive.security.authenticator.manager
After removing these configuration properties, restart the Hive Metastore and HiveServer2 services from Cloudera Manager. Next, you must check whether the Ranger Hive Metastore and HiveServer2 plugins are enabled successfully. To do so:
  1. From Cloudera Manager, go to Clusters > Ranger > Ranger Admin Web UI > Audit > Plugin Status.
    The Hadoop SQL service type for the hiveMetastore and hiveServer2 applications should appear. If so, skip the next step. Your configuration is ok.
  2. If, after removing the Hive Metastore and HiveServer2 configuration properties from the respective hive-ste.xml safety valves, the Hive Metastore and HiveServer2 plugins are NOT visible, you must confirm whether or not the following configuration properties appear in hive-site.xml:

    For Hive Metastore, confirm whether or not the following key-value pair appears in hive-site.xml:

    Key: hive.metastore.pre.event.listeners
    Value: org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer

    If this key-value pair does not appear in hive-site.xml, then add it to the Hive Metastore hive-site.xml safety valve.

    For HiveServer2, confirm whether or not the following key value pair appears in hive-site.xml:

    Key: hive.security.authenticator.manager
    Value: org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator

    If this key-value pair does not appear in hive-site.xml, then add it to the HiveServer2 hive-site.xml safety valve.