Hive Execution Properties in CDH 5.12.0

Role groups:

HiveServer2

Advanced

Display Name Description Related Name Default Value API Name Required
HiveServer2 Advanced Configuration Snippet (Safety Valve) for hive-site.xml For advanced use only. A string to be inserted into hive-site.xml for this role only. hive_hs2_config_safety_valve false
HiveServer2 Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. hive_hs2_env_safety_valve false
Enable Metrics Subsystem Controls whether the Hive metrics subsystem is enabled for the role. hive.server2.metrics.enabled true hive_metrics_enabled false
Metrics Sample File Location The full path to a file with a sample of metrics exposed by the role. The sample is updated at the frequency configured by Metrics Sample File Logging Frequency. By default, the sample file is logged to a directory under the role log directory, e.g., /var/log/hive/metrics-hivemetastore/metrics.log. The setting only has an effect if "Enable Metrics Subsystem" is set to true. hive.service.metrics.file.location hive_metrics_sample_file_location false
Metrics Sample File Logging Frequency The frequency at which the metrics are logged to the sample file. The setting only has an effect if "Enable Metrics Subsystem" is set to true. hive.service.metrics.file.frequency 30 second(s) hive_metrics_sample_logging_frequency false
Hive Downloaded Resources Directory Local directory where Hive stores jars downloaded for remote file systems (HDFS). If not specified, Hive uses a default location. hive.downloaded.resources.dir hiveserver2_downloaded_resources_dir false
Enable Explain Logging When enabled, HiveServer2 logs EXPLAIN EXTENDED output for every query at INFO log4j level. hive.log.explain.output false hiveserver2_enable_explain_output false
Hive Local Scratch Directory Local Directory where Hive stores jars and data when performing a MapJoin optimization. If not specified, Hive uses a default location. hive.exec.local.scratchdir hiveserver2_exec_local_scratchdir false
Hive HDFS Scratch Directory Directory in HDFS where Hive writes intermediate data between MapReduce jobs. If not specified, Hive uses a default location. hive.exec.scratchdir hiveserver2_exec_scratchdir false
Fair Scheduler XML Advanced Configuration Snippet (Safety Valve) An XML string that will be inserted verbatim into the Fair Scheduler allocations file. This configuration only has effect in CDH 5.8 or later. hiveserver2_fair_scheduler_safety_valve false
Idle Operation Timeout Operation will be closed when not accessed for this duration of time, in milliseconds; disable by setting to zero. For a positive value, checked for operations in terminal state only (FINISHED, CANCELED, CLOSED, ERROR). For a negative value, checked for all of the operations regardless of state. hive.server2.idle.operation.timeout 6 hour(s) hiveserver2_idle_operation_timeout false
Idle Session Timeout Session will be closed when not accessed for this duration of time, in milliseconds; disable by setting to zero or a negative value. hive.server2.idle.session.timeout 12 hour(s) hiveserver2_idle_session_timeout false
Exclude Live Operations From Session Idle Time Session will be considered to be idle only if there is no activity, and there is no pending operation. This setting takes effect only if session idle timeout (hive.server2.idle.session.timeout) and checking (hive.server2.session.check.interval) are enabled. hive.server2.idle.session.timeout_check_operation true hiveserver2_idle_session_timeout_check_operation false
Java Configuration Options for HiveServer2 These arguments will be passed as part of the Java command line. Commonly, garbage collection flags, PermGen, or extra debugging flags would be passed here. Note: When CM version is 6.3.0 or greater, {{JAVA_GC_ARGS}} will be replaced by JVM Garbage Collection arguments based on the runtime Java JVM version. -XX:MaxPermSize=512M -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=70 -XX:+CMSParallelRemarkEnabled hiveserver2_java_opts false
Max HiveServer2 Threads Maximum number of worker threads in HiveServer2's thread pool hive.server2.thrift.max.worker.threads 100 hiveserver2_max_threads true
Min HiveServer2 Threads Minimum number of worker threads in HiveServer2's thread pool hive.server2.thrift.min.worker.threads 5 hiveserver2_min_threads true
Session Check Interval The check interval for session/operation timeout, in milliseconds, which can be disabled by setting to zero or a negative value. hive.server2.session.check.interval 15 minute(s) hiveserver2_session_check_interval false
HiveServer2 WebUI Max Threads The max threads for the HiveServer2 WebUI. hive.server2.webui.max.threads 50 hiveserver2_webui_max_threads false
HiveServer2 Advanced Configuration Snippet (Safety Valve) for core-site.xml For advanced use only. A string to be inserted into core-site.xml for this role only. hs2_core_site_safety_valve false
HiveServer2 Logging Advanced Configuration Snippet (Safety Valve) For advanced use only, a string to be inserted into log4j.properties for this role only. log4j_safety_valve false
Heap Dump Directory Path to directory where heap dumps are generated when java.lang.OutOfMemoryError error is thrown. This directory is automatically created if it does not exist. If this directory already exists, role user must have write access to this directory. If this directory is shared among multiple roles, it should have 1777 permissions. The heap dump files are created with 600 permissions and are owned by the role user. The amount of free space in this directory should be greater than the maximum Java Process heap size configured for this role. oom_heap_dump_dir /tmp oom_heap_dump_dir false
Dump Heap When Out of Memory When set, generates heap dump file when java.lang.OutOfMemoryError is thrown. true oom_heap_dump_enabled true
Kill When Out of Memory When set, a SIGKILL signal is sent to the role process when java.lang.OutOfMemoryError is thrown. true oom_sigkill_enabled true
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true
Enable Metric Collection Cloudera Manager agent monitors each service and each of its role by publishing metrics to the Cloudera Manager Service Monitor. Setting it to false will stop Cloudera Manager agent from publishing any metric for corresponding service/roles. This is usually helpful for services that generate large amount of metrics which Service Monitor is not able to process. true process_should_monitor true

Logs

Display Name Description Related Name Default Value API Name Required
HiveServer2 Log Directory Directory where HiveServer2 will place its log files. /var/log/hive hive_log_dir false
Enable HiveServer2 Operations Logging When enabled, HiveServer2 will temporarily save logs associated with ongoing operations. This enables clients like beeline and Hue to request and display logs for a particular ongoing operation. Logs are removed upon completion of operation. hive.server2.logging.operation.enabled true hive_server2_logging_operation_enabled false
HiveServer2 Operations Log Directory Top level directory where operation logs are temporarily stored if Enable HiveServer2 Operations Logging is true. Logs are stored in session and operation level subdirectories under this location and are removed on completion of operation. hive.server2.logging.operation.log.location /var/log/hive/operation_logs hive_server2_logging_operation_log_location false
HiveServer2 Logging Threshold The minimum log level for HiveServer2 logs INFO log_threshold false
HiveServer2 Maximum Log File Backups The maximum number of rolled log files to keep for HiveServer2 logs. Typically used by log4j or logback. 10 max_log_backup_index false
HiveServer2 Max Log Size The maximum size, in megabytes, per log file for HiveServer2 logs. Typically used by log4j or logback. 200 MiB max_log_size false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Health Alerts for this Role When set, Cloudera Manager will send alerts when the health of this role reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold true enable_alerts false
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false
Heap Dump Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Warning: 10 GiB, Critical: 5 GiB heap_dump_directory_free_space_absolute_thresholds false
Heap Dump Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Heap Dump Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never heap_dump_directory_free_space_percentage_thresholds false
Hive Downloaded Resources Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's Hive Downloaded Resources Directory. Warning: 10 GiB, Critical: 5 GiB hive_exec_hs2_downloaded_resources_directory_free_space_absolute_thresholds false
Hive Downloaded Resources Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's Hive Downloaded Resources Directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Hive Downloaded Resources Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never hive_exec_hs2_downloaded_resources_directory_free_space_percentage_thresholds false
Hive Local Scratch Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's Hive Local Scratch Directory. Warning: 10 GiB, Critical: 5 GiB hive_exec_hs2_exec_local_scratch_directory_free_space_absolute_thresholds false
Hive Local Scratch Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's Hive Local Scratch Directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Hive Local Scratch Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never hive_exec_hs2_exec_local_scratch_directory_free_space_percentage_thresholds false
File Descriptor Monitoring Thresholds The health test thresholds of the number of file descriptors used. Specified as a percentage of file descriptor limit. Warning: 50.0 %, Critical: 70.0 % hiveserver2_fd_thresholds false
HiveServer2 Host Health Test When computing the overall HiveServer2 health, consider the host's health. true hiveserver2_host_health_enabled false
Pause Duration Thresholds The health test thresholds for the weighted average extra time the pause monitor spent paused. Specified as a percentage of elapsed wall clock time. Warning: 30.0, Critical: 60.0 hiveserver2_pause_duration_thresholds false
Pause Duration Monitoring Period The period to review when computing the moving average of extra time the pause monitor spent paused. 5 minute(s) hiveserver2_pause_duration_window false
HiveServer2 Process Health Test Enables the health test that the HiveServer2's process state is consistent with the role configuration true hiveserver2_scm_health_enabled false
Log Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Warning: 10 GiB, Critical: 5 GiB log_directory_free_space_absolute_thresholds false
Log Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Log Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never log_directory_free_space_percentage_thresholds false
Navigator Audit Failure Thresholds The health test thresholds for failures encountered when monitoring audits within a recent period specified by the mgmt_navigator_failure_window configuration for the role. The value that can be specified for this threshold is the number of bytes of audits data that is left to be sent to audit server. mgmt.navigator.failure.thresholds Warning: Never, Critical: Any mgmt_navigator_failure_thresholds false
Monitoring Period For Audit Failures The period to review when checking if audits are blocked and not getting processed. mgmt.navigator.failure.window 20 minute(s) mgmt_navigator_failure_window false
Navigator Audit Pipeline Health Check Enable test of audit events processing pipeline. This will test if audit events are not getting processed by Audit Server for a role that generates audit. mgmt.navigator.status.check.enabled true mgmt_navigator_status_check_enabled false
Process Swap Memory Thresholds The health test thresholds on the swap memory usage of the process. This takes precedence over the host level threshold. Warning: 200 B, Critical: Never process_swap_memory_thresholds false
Role Triggers The configured triggers for this role. This is a JSON-formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:
  • triggerName (mandatory) - The name of the trigger. This value must be unique for the specific role.
  • triggerExpression (mandatory) - A tsquery expression representing the trigger.
  • streamThreshold (optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire.
  • enabled (optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.
  • expressionEditorConfig (optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here can lead to inconsistencies.
For example, the following JSON formatted trigger configured for a DataNode fires if the DataNode has more than 1500 file descriptors opened:[{"triggerName": "sample-trigger", "triggerExpression": "IF (SELECT fd_open WHERE roleName=$ROLENAME and last(fd_open) > 1500) DO health:bad", "streamThreshold": 0, "enabled": "true"}]See the trigger rules documentation for more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.
[] role_triggers true
Unexpected Exits Thresholds The health test thresholds for unexpected exits encountered within a recent period specified by the unexpected_exits_window configuration for the role. Warning: Never, Critical: Any unexpected_exits_thresholds false
Unexpected Exits Monitoring Period The period to review when computing unexpected exits. 5 minute(s) unexpected_exits_window false

Other

Display Name Description Related Name Default Value API Name Required
HiveServer2 Enable Impersonation HiveServer2 will impersonate the beeline client user when talking to other services such as MapReduce and HDFS. hive.server2.enable.doAs true hiveserver2_enable_impersonation false
HiveServer2 Load Balancer Address of the load balancer used for HiveServer2 roles, specified in host:port format. If port is not specified, the port used by HiveServer2 is used. Note: Changing this property regenerates Kerberos keytabs for all HiveServer2 roles. hiveserver2_load_balancer false

Performance

Display Name Description Related Name Default Value API Name Required
Hive Auto Convert Join Noconditional Size If Hive auto convert join is on, and the sum of the size for n-1 of the tables/partitions for a n-way join is smaller than the specified size, the join is directly converted to a MapJoin (there is no conditional task). hive.auto.convert.join.noconditionaltask.size 20 MiB hiveserver2_auto_convert_join_noconditionaltask_size false
Store Intermediate Data on Blobstore When writing data to a table on a blobstore (such as S3), whether or not the blobstore should be used to store intermediate data during Hive query execution. Setting this to true can degrade performance for queries that spawn multiple MR / Spark jobs, but is useful for queries whose intermediate data cannot fit in the allocated HDFS cluster. hive.blobstore.use.blobstore.as.scratchdir false hiveserver2_blobstore_use_blobstore_as_scratchdir false
Enable Stats Optimization Enable optimization that checks if a query can be answered using statistics. If so, answers the query using only statistics stored in metastore. hive.compute.query.using.stats false hiveserver2_compute_query_using_stats false
Enable Cost-Based Optimizer for Hive Enabled the Calcite-based Cost-Based Optimizer for HiveServer2. hive.cbo.enable false hiveserver2_enable_cbo false
Enable MapJoin Optimization Enable optimization that converts common join into MapJoin based on input file size. hive.auto.convert.join true hiveserver2_enable_mapjoin false
Fetch Task Query Conversion Some select queries can be converted to a single FETCH task instead of a MapReduce task, minimizing latency. A value of none disables all conversion, minimal converts simple queries such as SELECT * and filter on partition columns, and more converts SELECT queries including FILTERS. hive.fetch.task.conversion minimal hiveserver2_fetch_task_conversion false
Fetch Task Query Conversion Threshold Above this size, queries are converted to fetch tasks. hive.fetch.task.conversion.threshold 256 MiB hiveserver2_fetch_task_conversion_threshold false
Input Listing Max Threads Maximum number of threads that Hive uses to list input files. Increasing this value can improve performance when there are a lot of partitions being read, or when running on blobstores. hive.exec.input.listing.max.threads 15 hiveserver2_input_listing_max_threads false
Maximum ReduceSink Top-K Memory Usage The maximum percentage of heap to be used for hash in ReduceSink operator for Top-K selection. 0 means the optimization is disabled. Accepted values are between 0 and 1. hive.limit.pushdown.memory.usage 0.1 hiveserver2_limit_pushdown_memory_usage false
Load Dynamic Partitions Thread Count Number of threads used to load dynamically generated partitions. Loading requires renaming the file its final location, and updating some metadata about the new partition. Increasing this can improve performance when there are a lot of partitions dynamically generated. hive.load.dynamic.partitions.thread 15 hiveserver2_load_dynamic_partitions_thread_count false
Enable Map-Side Aggregation Enable map-side partial aggregation, which cause the mapper to generate fewer rows. This reduces the data to be sorted and distributed to reducers. hive.map.aggr true hiveserver2_map_aggr false
Ratio of Memory Usage for Map-Side Aggregation Portion of total memory used in map-side partial aggregation. When exceeded, the partially aggregated results will be flushed from the map task to the reducers. hive.map.aggr.hash.percentmemory 0.5 hiveserver2_map_aggr_hash_memory_ratio false
Enable Merging Small Files - Map-Only Job Merge small files at the end of a map-only job. When enabled, a map-only job is created to merge the files in the destination table/partitions. hive.merge.mapfiles true hiveserver2_merge_mapfiles false
Enable Merging Small Files - Map-Reduce Job Merge small files at the end of a map-reduce job. When enabled, a map-only job is created to merge the files in the destination table/partitions. hive.merge.mapredfiles false hiveserver2_merge_mapredfiles false
Desired File Size After Merging The desired file size after merging. This should be larger than hive.merge.smallfiles.avgsize. hive.merge.size.per.task 256 MiB hiveserver2_merge_size_per_task false
Small File Average Size Merge Threshold When the average output file size of a job is less than the value of this property, Hive will start an additional map-only job to merge the output files into bigger files. This is only done for map-only jobs if hive.merge.mapfiles is true, for map-reduce jobs if hive.merge.mapredfiles is true, and for Spark jobs if hive.merge.sparkfiles is true. hive.merge.smallfiles.avgsize 16 MiB hiveserver2_merge_smallfiles_avgsize false
Enable Merging Small Files - Spark Job Merge small files at the end of a Spark job. When enabled, a map-only job is created to merge the files in the destination table/partitions. hive.merge.sparkfiles true hiveserver2_merge_sparkfiles false
MSCK Repair Batch Size Batch size for the msck repair command (recover partitions command). If the value is greater than zero, new partition information will be sent from HiveServer2 to the Metastore in batches, which can potentially improve memory usage in the Metastore and avoid client read timeout exceptions. If this value is 0, all partition information will sent in a single Thrift call. hive.msck.repair.batch.size 0 hiveserver2_msck_repair_batch_size false
Move Files Thread Count The number of threads used by HiveServer2 to move data from the staging directory to another location (typically to the final table location). A separate thread pool of workers of this size is used for each query, which means this configuration can be set on a per-query basis too. hive.mv.files.thread 15 hiveserver2_mv_files_thread false
Hive Optimize Sorted Merge Bucket Join Whether to try sorted merge bucket (SMB) join. hive.optimize.bucketmapjoin.sortedmerge false hiveserver2_optimize_bucketmapjoin_sortedmerge false
Enable Automatic Use of Indexes Whether to use the indexing optimization for all queries. hive.optimize.index.filter true hiveserver2_optimize_index_filter false
Enable ReduceDeDuplication Optimization Remove extra map-reduce jobs if the data is already clustered by the same key, eliminating the need to repartition the dataset again. hive.optimize.reducededuplication true hiveserver2_optimize_reducededuplication false
Mininum Reducers for ReduceDeDuplication Optimization When the number of ReduceSink operators after merging is less than this number, the ReduceDeDuplication optimization will be disabled. hive.optimize.reducededuplication.min.reducer 4 hiveserver2_optimize_reducededuplication_min_reducer false
Enable Sorted Dynamic Partition Optimizer When dynamic partition is enabled, reducers keep only one record writer at all times, which lowers the memory pressure on reducers. hive.optimize.sort.dynamic.partition false hiveserver2_optimize_sort_dynamic_partition false
Hive SMB Join Cache Rows The number of rows with the same key value to be cached in memory per SMB-joined table. hive.smbjoin.cache.rows 10000 hiveserver2_smbjoin_cache_rows false
Spark Driver Maximum Java Heap Size Maximum size of each Spark driver's Java heap memory when Hive is running on Spark. spark.driver.memory 256 MiB hiveserver2_spark_driver_memory false
Enable Dynamic Executor Allocation When enabled, Spark will add and remove executors dynamically to Hive jobs. This is done based on the workload. spark.dynamicAllocation.enabled true hiveserver2_spark_dynamic_allocation_enabled true
Initial Number of Executors Initial number of executors used by the application at any given time. This is required if the dynamic executor allocation feature is enabled. spark.dynamicAllocation.initialExecutors 1 hiveserver2_spark_dynamic_allocation_initial_executors true
Upper Bound on Number of Executors Upper bound on the number of executors used by the application at any given time. This is used by dynamic executor allocation. spark.dynamicAllocation.maxExecutors 2147483647 hiveserver2_spark_dynamic_allocation_max_executors true
Lower Bound on Number of Executors Lower bound on the number of executors used by the application at any given time. This is used by dynamic executor allocation. spark.dynamicAllocation.minExecutors 1 hiveserver2_spark_dynamic_allocation_min_executors true
Spark Executor Cores Number of cores per Spark executor. spark.executor.cores 1 hiveserver2_spark_executor_cores true
Spark Executors Per Application Number of Spark executors assigned to each application. This should not be set when Dynamic Executor Allocation is enabled. spark.executor.instances hiveserver2_spark_executor_instances false
Spark Executor Maximum Java Heap Size Maximum size of each Spark executor's Java heap memory when Hive is running on Spark. spark.executor.memory 256 MiB hiveserver2_spark_executor_memory true
Spark Driver Memory Overhead This is the amount of extra off-heap memory that can be requested from YARN, per driver. This, together with spark.driver.memory, is the total memory that YARN can use to create JVM for a driver process. spark.yarn.driver.memoryOverhead 26 MiB hiveserver2_spark_yarn_driver_memory_overhead false
Spark Executor Memory Overhead This is the amount of extra off-heap memory that can be requested from YARN, per executor process. This, together with spark.executor.memory, is the total memory that YARN can use to create JVM for an executor process. spark.yarn.executor.memoryOverhead 26 MiB hiveserver2_spark_yarn_executor_memory_overhead true
Load Column Statistics Whether column stats for a table are fetched during explain. hive.stats.fetch.column.stats true hiveserver2_stats_fetch_column_stats false
Enable Vectorization Optimization Enable optimization that vectorizes query execution by streamlining operations by processing a block of 1024 rows at a time. hive.vectorized.execution.enabled true hiveserver2_vectorized_enabled false
Vectorized GroupBy Check Interval In vectorized group-by, the number of row entries added to the hash table before re-checking average variable size for memory usage estimation. hive.vectorized.groupby.checkinterval 4096 hiveserver2_vectorized_groupby_checkinterval false
Vectorized GroupBy Flush Ratio Ratio between 0.0 and 1.0 of entries in the vectorized group-by aggregation hash that is flushed when the memory threshold is exceeded. hive.vectorized.groupby.flush.percent 0.1 hiveserver2_vectorized_groupby_flush_ratio false
Enable Reduce-Side Vectorization Whether to vectorize the reduce side of query execution. hive.vectorized.execution.reduce.enabled false hiveserver2_vectorized_reduce_enabled false
Default Execution Engine The default execution engine for running hive queries. Can be set to mr for MapReduce or spark for Spark. hive.execution.engine mr hs2_execution_engine false
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Spark RPC Server Address The server address of HiverServer2 host to be used for communication between Hive client and remote Spark driver. Default is empty, which means the address will be determined in the same way as for hive.server2.thrift.bind.host. This is only necessary if the host has mutiple network addresses and if a different network address other than hive.server2.thrift.bind.host is to be used. hive.spark.client.rpc.server.address hive_spark_client_rpc_server_address false
Bind HiveServer2 to Wildcard Address If enabled, the HiveServer2 binds to the wildcard address ("0.0.0.0") on all of its ports. hive.server2.webui.host true hiveserver2_webui_bind_wildcard false
HiveServer2 WebUI Port The port the HiveServer2 WebUI will listen on. This can be set to 0 to disable the WebUI. hive.server2.webui.port 10002 hiveserver2_webui_port false
HiveServer2 Port Port on which HiveServer2 will listen for connections. hive.server2.thrift.port 10000 hs2_thrift_address_port false

Resource Management

Display Name Description Related Name Default Value API Name Required
Java Heap Size of HiveServer2 in Bytes Maximum size in bytes for the Java Process heap memory. Passed to Java -Xmx. 4 GiB hiveserver2_java_heapsize false
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Security

Display Name Description Related Name Default Value API Name Required
Enable TLS/SSL for HiveServer2 WebUI Encrypt communication between clients and HiveServer2 WebUI using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). hive.server2.webui.use.ssl false ssl_enabled false
HiveServer2 WebUI TLS/SSL Server JKS Keystore File Location The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when HiveServer2 WebUI is acting as a TLS/SSL server. The keystore must be in JKS format. hive.server2.webui.keystore.path ssl_server_keystore_location false
HiveServer2 WebUI TLS/SSL Server JKS Keystore File Password The password for the HiveServer2 WebUI JKS keystore file. hive.server2.webui.keystore.password ssl_server_keystore_password false

Stacks Collection

Display Name Description Related Name Default Value API Name Required
Stacks Collection Data Retention The amount of stacks data that is retained. After the retention limit is reached, the oldest data is deleted. stacks_collection_data_retention 100 MiB stacks_collection_data_retention false
Stacks Collection Directory The directory in which stacks logs are placed. If not set, stacks are logged into a stacks subdirectory of the role's log directory. stacks_collection_directory stacks_collection_directory false
Stacks Collection Enabled Whether or not periodic stacks collection is enabled. stacks_collection_enabled false stacks_collection_enabled true
Stacks Collection Frequency The frequency with which stacks are collected. stacks_collection_frequency 5.0 second(s) stacks_collection_frequency false
Stacks Collection Method The method used to collect stacks. The jstack option involves periodically running the jstack command against the role's daemon process. The servlet method is available for those roles that have an HTTP server endpoint exposing the current stacks traces of all threads. When the servlet method is selected, that HTTP endpoint is periodically scraped. stacks_collection_method jstack stacks_collection_method false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: HiveServer2 Advanced Configuration Snippet (Safety Valve) for hive-site.xml Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Advanced Configuration Snippet (Safety Valve) for hive-site.xml parameter. false role_config_suppression_hive_hs2_config_safety_valve true
Suppress Parameter Validation: HiveServer2 Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_hive_hs2_env_safety_valve true
Suppress Parameter Validation: HiveServer2 Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Log Directory parameter. false role_config_suppression_hive_log_dir true
Suppress Parameter Validation: Metrics Sample File Location Whether to suppress configuration warnings produced by the built-in parameter validation for the Metrics Sample File Location parameter. false role_config_suppression_hive_metrics_sample_file_location true
Suppress Parameter Validation: HiveServer2 Operations Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Operations Log Directory parameter. false role_config_suppression_hive_server2_logging_operation_log_location true
Suppress Parameter Validation: Spark RPC Server Address Whether to suppress configuration warnings produced by the built-in parameter validation for the Spark RPC Server Address parameter. false role_config_suppression_hive_spark_client_rpc_server_address true
Suppress Parameter Validation: Hive Downloaded Resources Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Downloaded Resources Directory parameter. false role_config_suppression_hiveserver2_downloaded_resources_dir true
Suppress Parameter Validation: Hive Local Scratch Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Local Scratch Directory parameter. false role_config_suppression_hiveserver2_exec_local_scratchdir true
Suppress Parameter Validation: Hive HDFS Scratch Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive HDFS Scratch Directory parameter. false role_config_suppression_hiveserver2_exec_scratchdir true
Suppress Parameter Validation: Fair Scheduler XML Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Fair Scheduler XML Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_hiveserver2_fair_scheduler_safety_valve true
Suppress Parameter Validation: Java Configuration Options for HiveServer2 Whether to suppress configuration warnings produced by the built-in parameter validation for the Java Configuration Options for HiveServer2 parameter. false role_config_suppression_hiveserver2_java_opts true
Suppress Parameter Validation: HiveServer2 Load Balancer Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Load Balancer parameter. false role_config_suppression_hiveserver2_load_balancer true
Suppress Parameter Validation: Spark Executor Cores Whether to suppress configuration warnings produced by the built-in parameter validation for the Spark Executor Cores parameter. false role_config_suppression_hiveserver2_spark_executor_cores true
Suppress Parameter Validation: HiveServer2 WebUI Port Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 WebUI Port parameter. false role_config_suppression_hiveserver2_webui_port true
Suppress Parameter Validation: HiveServer2 Advanced Configuration Snippet (Safety Valve) for core-site.xml Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Advanced Configuration Snippet (Safety Valve) for core-site.xml parameter. false role_config_suppression_hs2_core_site_safety_valve true
Suppress Parameter Validation: HiveServer2 Port Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Port parameter. false role_config_suppression_hs2_thrift_address_port true
Suppress Parameter Validation: HiveServer2 Logging Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 Logging Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_log4j_safety_valve true
Suppress Parameter Validation: Heap Dump Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Heap Dump Directory parameter. false role_config_suppression_oom_heap_dump_dir true
Suppress Parameter Validation: Role Triggers Whether to suppress configuration warnings produced by the built-in parameter validation for the Role Triggers parameter. false role_config_suppression_role_triggers true
Suppress Parameter Validation: HiveServer2 WebUI TLS/SSL Server JKS Keystore File Location Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 WebUI TLS/SSL Server JKS Keystore File Location parameter. false role_config_suppression_ssl_server_keystore_location true
Suppress Parameter Validation: HiveServer2 WebUI TLS/SSL Server JKS Keystore File Password Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 WebUI TLS/SSL Server JKS Keystore File Password parameter. false role_config_suppression_ssl_server_keystore_password true
Suppress Parameter Validation: Stacks Collection Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Stacks Collection Directory parameter. false role_config_suppression_stacks_collection_directory true
Suppress Health Test: Audit Pipeline Test Whether to suppress the results of the Audit Pipeline Test heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_audit_health true
Suppress Health Test: File Descriptors Whether to suppress the results of the File Descriptors heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_file_descriptor true
Suppress Health Test: Heap Dump Directory Free Space Whether to suppress the results of the Heap Dump Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_heap_dump_directory_free_space true
Suppress Health Test: Host Health Whether to suppress the results of the Host Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_host_health true
Suppress Health Test: Log Directory Free Space Whether to suppress the results of the Log Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_log_directory_free_space true
Suppress Health Test: Pause Duration Whether to suppress the results of the Pause Duration heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_pause_duration true
Suppress Health Test: Process Status Whether to suppress the results of the Process Status heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_scm_health true
Suppress Health Test: Swap Memory Usage Whether to suppress the results of the Swap Memory Usage heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_swap_memory_usage true
Suppress Health Test: Unexpected Exits Whether to suppress the results of the Unexpected Exits heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hiveserver2_unexpected_exits true
Suppress Health Test: Hive Downloaded Resources Directory Free Space Whether to suppress the results of the Hive Downloaded Resources Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hs2_downloaded_resources_directory_free_space true
Suppress Health Test: Hive Local Scratch Directory Free Space Whether to suppress the results of the Hive Local Scratch Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hive_exec_hs2_exec_local_scratch_directory_free_space true

Service-Wide

Advanced

Display Name Description Related Name Default Value API Name Required
Hive Auxiliary JARs Directory Directory containing auxiliary JARs used by Hive. This should be a directory location and not a classpath containing one or more JARs. This directory must be created and managed manually on hosts that run the Hive Metastore Server, HiveServer2, or the Hive CLI. The directory location is set in the environment as HIVE_AUX_JARS_PATH and will generally override the hive.aux.jars.path property set in XML files, even if hive.aux.jars.path is set in an advanced configuration snippet. hive_aux_jars_path_dir false
Bypass Hive Metastore Server Instead of talking to Hive Metastore Server for Metastore information, Hive clients will talk directly to the Metastore database. false hive_bypass_metastore_server false
Hive Service Advanced Configuration Snippet (Safety Valve) for core-site.xml For advanced use only, a string to be inserted into core-site.xml. Applies to configurations of all roles in this service except client configuration. hive_core_site_safety_valve false
Hive Copy Large File Size Smaller than this size, Hive uses a single-threaded copy; larger than this size, Hive uses DistCp. hive.exec.copyfile.maxsize 32 MiB hive_exec_copyfile_maxsize false
Hive Execution Service Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration. HIVE_EXEC_service_env_safety_valve false
Server Name for Sentry Authorization The server name used when defining privilege rules in Sentry authorization. Sentry uses this name as an alias for the Hive service. It does not correspond to any physical server name. hive.sentry.server server1 hive_sentry_server false
Hive Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml For advanced use only, a string to be inserted into sentry-site.xml. Applies to configurations of all roles in this service except client configuration. hive_server2_sentry_safety_valve false
Hive Service Advanced Configuration Snippet (Safety Valve) for hive-site.xml For advanced use only, a string to be inserted into hive-site.xml. Applies to configurations of all roles in this service except client configuration. hive_service_config_safety_valve false
Hive Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties For advanced use only, a string to be inserted into the client configuration for navigator.client.properties. navigator_client_config_safety_valve false
Hive Client Advanced Configuration Snippet (Safety Valve) for navigator.lineage.client.properties For advanced use only, a string to be inserted into the client configuration for navigator.lineage.client.properties. navigator_lineage_client_config_safety_valve false
System Group The group that this service's processes should run as. hive process_groupname true
System User The user that this service's processes should run as. hive process_username true

Cloudera Navigator

Display Name Description Related Name Default Value API Name Required
Enable Audit Collection Enable collection of audit events from the service's roles. navigator.audit.enabled true navigator_audit_enabled false
Audit Event Filter Event filters are defined in a JSON object like the following: { "defaultAction" : ("accept", "discard"), "rules" : [ { "action" : ("accept", "discard"), "fields" : [ { "name" : "fieldName", "match" : "regex" } ] } ] } A filter has a default action and a list of rules, in order of precedence. Each rule defines an action, and a list of fields to match against the audit event. A rule is "accepted" if all the listed field entries match the audit event. At that point, the action declared by the rule is taken. If no rules match the event, the default action is taken. Actions default to "accept" if not defined in the JSON object. The following is the list of fields that can be filtered for Hive events:
  • userName: the user performing the action.
  • ipAddress: the IP from where the request originated.
  • operation: the Hive operation being performed.
  • databaseName: the databaseName for the operation.
  • tableName: the tableName for the operation.
The default Hive audit event filter discards HDFS directory events generated by Hive jobs that reference the /tmp directory.
navigator.event.filter comment: [ The default Hive audit event filter discards HDFS directory events , generated by Hive jobs that reference the /tmp directory. ], defaultAction: accept, rules: [ action: discard, fields: [ name: operation, match: QUERY , name: objectType, match: DFS_DIR , name: resourcePath, match: /tmp/hive-(?:.+)?/hive_(?:.+)?/-mr-.* ] ] navigator_audit_event_filter false
Audit Queue Policy Action to take when the audit event queue is full. Drop the event or shutdown the affected process. navigator.batch.queue_policy DROP navigator_audit_queue_policy false
Audit Event Tracker Configures the rules for event tracking and coalescing. This feature is used to define equivalency between different audit events. When events match, according to a set of configurable parameters, only one entry in the audit list is generated for all the matching events. Tracking works by keeping a reference to events when they first appear, and comparing other incoming events against the "tracked" events according to the rules defined here. Event trackers are defined in a JSON object like the following: { "timeToLive" : [integer], "fields" : [ { "type" : [string], "name" : [string] } ] } Where:
  • timeToLive: maximum amount of time an event will be tracked, in milliseconds. Must be provided. This defines how long, since it's first seen, an event will be tracked. A value of 0 disables tracking.
  • fields: list of fields to compare when matching events against tracked events.
Each field has an evaluator type associated with it. The evaluator defines how the field data is to be compared. The following evaluators are available:
  • value: uses the field value for comparison.
  • userName: treats the field value as a userNname, and ignores any host-specific data. This is useful for environment using Kerberos, so that only the principal name and realm are compared.
The following is the list of fields that can be used to compare Hive events:
  • operation: the Hive operation being performed.
  • username: the user performing the action.
  • ipAddress: the IP from where the request originated.
  • allowed: whether the operation was allowed or denied.
  • databaseName: the database affected by the operation.
  • tableName: the table or view affected by the operation.
  • objectType: the type of object affected by the operation.
  • resourcePath: the path of the resource affected by the operation.
navigator_event_tracker navigator_event_tracker false
Enable Lineage Collection Enable collection of lineage from the service's roles. true navigator_lineage_enabled false

Logs

Display Name Description Related Name Default Value API Name Required
Audit Log Directory Path to the directory where audit logs will be written. The directory will be created if it doesn't exist. audit_event_log_dir /var/log/hive/audit audit_event_log_dir false
Hive Lineage Log Directory The directory in which Hive lineage log files are written. lineage_event_log_dir /var/log/hive/lineage lineage_event_log_dir true
Hive Maximum Lineage Log File Size The maximum size, in megabytes, per log file for Hive lineage logs. Typically used by log4j or logback. max_lineage_log_file_size 100 MiB max_lineage_log_file_size false
Maximum Audit Log File Size Maximum size of audit log file in MB before it is rolled over. navigator.audit_log_max_file_size 100 MiB navigator_audit_log_max_file_size false
Number of Audit Logs to Retain Maximum number of rolled-over audit logs to retain. The logs are not deleted if they contain audit events that have not yet been propagated to the Audit Server. navigator.client.max_num_audit_log 10 navigator_client_max_num_audit_log false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Service Level Health Alerts When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold true enable_alerts false
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false
Healthy HiveServer2 Monitoring Thresholds The health test thresholds of the overall HiveServer2 health. The check returns "Concerning" health if the percentage of "Healthy" HiveServer2s falls below the warning threshold. The check is unhealthy if the total percentage of "Healthy" and "Concerning" HiveServer2s falls below the critical threshold. Warning: 99.0 %, Critical: 51.0 % hive_exec_hiveserver2s_healthy_thresholds false
Service Triggers The configured triggers for this service. This is a JSON-formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:
  • triggerName (mandatory) - The name of the trigger. This value must be unique for the specific service.
  • triggerExpression (mandatory) - A tsquery expression representing the trigger.
  • streamThreshold (optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire.
  • enabled (optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.
  • expressionEditorConfig (optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here can lead to inconsistencies.
For example, the followig JSON formatted trigger fires if there are more than 10 DataNodes with more than 500 file descriptors opened:[{"triggerName": "sample-trigger", "triggerExpression": "IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad", "streamThreshold": 10, "enabled": "true"}]See the trigger rules documentation for more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.
[] service_triggers true
Service Monitor Client Config Overrides For advanced use only, a list of configuration properties that will be used by the Service Monitor instead of the current client configuration for the service. <property> <name>hive.metastore.client.socket.timeout</name> <value>60</value> </property> smon_client_config_overrides false
Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones. smon_derived_configs_safety_valve false

Other

Display Name Description Related Name Default Value API Name Required
HBase Service Name of the HBase service that this Hive service instance depends on. hbase_service false
Hive Bytes Per Reducer Size per reducer. If the input size is 10GiB and this is set to 1GiB, Hive will use 10 reducers. hive.exec.reducers.bytes.per.reducer 64 MiB hive_bytes_per_reducer false
Hive Max Reducers Max number of reducers to use. If the configuration parameter Hive Reduce Tasks is negative, Hive will limit the number of reducers to the value of this parameter. hive.exec.reducers.max 1099 hive_max_reducers false
Hive Reduce Tasks Default number of reduce tasks per job. Usually set to a prime number close to the number of available hosts. Ignored when mapred.job.tracker is "local". Hadoop sets this to 1 by default, while Hive uses -1 as the default. When set to -1, Hive will automatically determine an appropriate number of reducers for each job. mapred.reduce.tasks -1 hive_reduce_tasks false
Set User and Group Information In unsecure mode, setting this property to true will cause the Metastore Server to execute DFS operations using the client's reported user and group permissions. Cloudera Manager will set this for all clients and servers. hive.metastore.execute.setugi true hive_set_ugi true
Hive Metastore Connector Name of the Hive Metastore Connector from the data context that this service instance depends on. hms_connector false
MapReduce Service MapReduce jobs are run against this service. mapreduce_yarn_service true
Sentry Service Name of the Sentry service that this Hive service instance depends on. If selected, Hive uses this Sentry service to look up authorization privileges. Before enabling Sentry, read the requirements and configuration steps in Setting Up The Sentry Service . sentry_service false
Spark On YARN Service Name of the Spark on YARN service that this Hive service instance depends on. If selected, Hive jobs can use the Spark execution engine instead of MapReduce2. Requires that Hive depends on YARN. See Configuring Hive on Spark for more information about Hive on Spark. In CDH releases lower than 5.7, Hive on Spark also requires setting Enable Hive on Spark to true. spark_on_yarn_service false
ZooKeeper Service Name of the ZooKeeper service that this Hive service instance depends on. zookeeper_service false

Policy File Based Sentry

Display Name Description Related Name Default Value API Name Required
Sentry User to Group Mapping Class The class to use in Sentry authorization for user to group mapping. Sentry authorization may be configured to use either Hadoop user to group mapping or local groups defined in the policy file. Hadoop user to group mapping may be configured in the Cloudera Manager HDFS service configuration page under the Security section. hive.sentry.provider org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider hive_sentry_provider false
Sentry Global Policy File HDFS path to the global policy file for Sentry authorization. This should be a relative path (and not a full HDFS URL). The global policy file must be in Sentry policy file format. hive.sentry.provider.resource /user/hive/sentry/sentry-provider.ini hive_sentry_provider_resource false
Allow URIs in Database Policy File Allows URIs when defining privileges in per-database policy files. Warning: Typically, this configuration should be disabled. Enabling it would allow database policy file owner (which is generally not Hive admin user) to grant load privileges to any directory with read access to Hive admin user, including databases controlled by other database policy files. sentry.allow.uri.db.policyfile false sentry_allow_uri_db_policyfile false
Enable Sentry Authorization using Policy Files Use Sentry to enable role-based, fine-grained authorization. This configuration enables Sentry using policy files. To enable Sentry using the Sentry service instead, add the Sentry service as a dependency to the Hive service. The Sentry service provides concurrent and secure access to authorization policy metadata and is the recommended option for enabling Sentry. Sentry is supported only on CDH 4.4 or later deployments. Before enabling Sentry, read the requirements and configuration steps in Setting Up Hive Authorization with Sentry . hive.sentry.enabled false sentry_enabled false

Proxy

Display Name Description Related Name Default Value API Name Required
Hive Metastore Access Control and Proxy User Groups Override This configuration overrides the value set for Hive Proxy User Groups configuration in HDFS service for use by Hive Metastore Server. Specify a comma-delimited list of groups that you want to allow access to Hive Metastore metadata and allow the Hive user to impersonate. A value of '*' allows all groups. The default value of empty inherits the value set for Hive Proxy User Groups configuration in the HDFS service. hadoop.proxyuser.hive.groups hive_proxy_user_groups_list false

Security

Display Name Description Related Name Default Value API Name Required
Enable LDAP Authentication When checked, LDAP-based authentication for users is enabled. false hiveserver2_enable_ldap_auth false
Enable TLS/SSL for HiveServer2 Encrypt communication between clients and HiveServer2 using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). hive.server2.use.SSL false hiveserver2_enable_ssl false
HiveServer2 TLS/SSL Server JKS Keystore File Password The password for the HiveServer2 JKS keystore file. hive.server2.keystore.password hiveserver2_keystore_password false
HiveServer2 TLS/SSL Server JKS Keystore File Location The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when HiveServer2 is acting as a TLS/SSL server. The keystore must be in JKS format. hive.server2.keystore.path hiveserver2_keystore_path false
LDAP BaseDN This parameter is useful when authenticating against a non-Active Directory server, such as OpenLDAP. When set, this parameter is used to convert the username into the LDAP Distinguished Name (DN), so that the resulting DN looks like uid=username,this parameter. For example, if this parameter is set to "ou=People,dc=cloudera,dc=com", and the username passed in is "mike", the resulting authentication passed to the LDAP server look like "uid=mike,ou=People,dc=cloudera,dc=com". This parameter is mutually exclusive with Active Directory Domain. hive.server2.authentication.ldap.baseDN hiveserver2_ldap_basedn false
Active Directory Domain This parameter is useful when authenticating against an Active Directory server. This value is appended to all usernames before authenticating against AD. For example, if this parameter is set to "my.domain.com", and the user authenticating is "mike", then "mike@my.domain.com" is passed to AD. If this field is unset, the username remains unaltered before being passed to AD. hive.server2.authentication.ldap.Domain hiveserver2_ldap_domain false
LDAP URL The URL of the LDAP server. The URL must be prefixed with ldap:// or ldaps://. The URL can optionally specify a custom port, for example: ldaps://ldap_server.example.com:1636. Note that usernames and passwords will be transmitted in the clear unless either an ldaps:// URL is used, or "Enable LDAP TLS" is turned on (where available). Also note that encryption must be in use between the client and this service for the same reason.For more detail on the LDAP URL format, see RFC 2255 . A space-separated list of URLs can be entered; in this case the URLs will each be tried in turn until one replies. hive.server2.authentication.ldap.url hiveserver2_ldap_uri false
HiveServer2 TLS/SSL Client Trust Store File The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that HiveServer2 might connect to. This is used when HiveServer2 is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead. hiveserver2_truststore_file false
HiveServer2 TLS/SSL Client Trust Store Password The password for the HiveServer2 TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information. hiveserver2_truststore_password false
Kerberos Principal Kerberos principal short name used by all roles of this service. hive kerberos_princ_name true
Bypass Sentry Authorization Users List of users that are allowed to bypass Sentry Authorization in the Hive metastore. These are usually service users that already ensure that all activity has been authorized, such as hive and impala. Only applies when Hive is using Sentry Service. sentry.metastore.service.users hive impala hue hdfs sentry_metastore_service_users false

Sentry HDFS Sync Cache

Display Name Description Related Name Default Value API Name Required
Abort on Initialization Failure If set to true, the Hive metastore will treat a problem with cache initialization as a fatal error. sentry.hdfs.sync.metastore.cache.fail.on.partial.update true sentry_hdfs_sync_metastore_cache_fail_on_partial_update false
Number of Threads on Initialization The number of threads used during Hive Metastore Sentry HDFS Sync Cache Initialization. sentry.hdfs.sync.metastore.cache.init.threads 10 sentry_hdfs_sync_metastore_cache_init_threads false
Number of Partitions per RPC on Initialization The number of partitions per RPC retrieved during Hive Metastore Sentry HDFS Sync Cache Initialization. sentry.hdfs.sync.metastore.cache.max-partitions-per-rpc 100 sentry_hdfs_sync_metastore_cache_partitions_per_rpc false
Max Number of Retries on Initialization The maximum number of retries allowed during Hive Metastore Sentry HDFS Sync cache initialization. sentry.hdfs.sync.metastore.cache.retry.max.num 1 sentry_hdfs_sync_metastore_cache_retry_max_num false
Retry Wait Time on Initialization Wait duration in milliseconds for each retry during Hive Metastore Sentry HDFS Sync Cache Initialization. sentry.hdfs.sync.metastore.cache.retry.wait.duration.millis 1 second(s) sentry_hdfs_sync_metastore_cache_retry_wait_duration_millis false
Number of Tables per RPC on Initialization The number of tables per RPC retrieved during Hive Metastore Sentry HDFS Sync Cache Initialization. sentry.hdfs.sync.metastore.cache.max-tables-per-rpc 100 sentry_hdfs_sync_metastore_cache_tables_per_rpc false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Parameter Validation: Audit Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Log Directory parameter. false service_config_suppression_audit_event_log_dir true
Suppress Parameter Validation: Hive Auxiliary JARs Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Auxiliary JARs Directory parameter. false service_config_suppression_hive_aux_jars_path_dir true
Suppress Configuration Validator: Client TLS/SSL In Use With LDAP Authentication Validator Whether to suppress configuration warnings produced by the Client TLS/SSL In Use With LDAP Authentication Validator configuration validator. false service_config_suppression_hive_client_ssl_recommended_with_ldap_auth_validator true
Suppress Parameter Validation: Hive Service Advanced Configuration Snippet (Safety Valve) for core-site.xml Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Service Advanced Configuration Snippet (Safety Valve) for core-site.xml parameter. false service_config_suppression_hive_core_site_safety_valve true
Suppress Parameter Validation: Hive Execution Service Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Execution Service Environment Advanced Configuration Snippet (Safety Valve) parameter. false service_config_suppression_hive_exec_service_env_safety_valve true
Suppress Configuration Validator: Hive on Spark Dependency Validator Whether to suppress configuration warnings produced by the Hive on Spark Dependency Validator configuration validator. false service_config_suppression_hive_on_spark_missing_dependency true
Suppress Configuration Validator: Hive Proxy Groups Validator Whether to suppress configuration warnings produced by the Hive Proxy Groups Validator configuration validator. false service_config_suppression_hive_proxy_groups_validator true
Suppress Parameter Validation: Hive Metastore Access Control and Proxy User Groups Override Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Metastore Access Control and Proxy User Groups Override parameter. false service_config_suppression_hive_proxy_user_groups_list true
Suppress Parameter Validation: Sentry Global Policy File Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Global Policy File parameter. false service_config_suppression_hive_sentry_provider_resource true
Suppress Parameter Validation: Server Name for Sentry Authorization Whether to suppress configuration warnings produced by the built-in parameter validation for the Server Name for Sentry Authorization parameter. false service_config_suppression_hive_sentry_server true
Suppress Configuration Validator: Hive Sentry Validator Whether to suppress configuration warnings produced by the Hive Sentry Validator configuration validator. false service_config_suppression_hive_sentry_validator true
Suppress Parameter Validation: Hive Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml parameter. false service_config_suppression_hive_server2_sentry_safety_valve true
Suppress Parameter Validation: Hive Service Advanced Configuration Snippet (Safety Valve) for hive-site.xml Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Service Advanced Configuration Snippet (Safety Valve) for hive-site.xml parameter. false service_config_suppression_hive_service_config_safety_valve true
Suppress Configuration Validator: HiveServer2 Count Validator Whether to suppress configuration warnings produced by the HiveServer2 Count Validator configuration validator. false service_config_suppression_hiveserver2_count_validator true
Suppress Parameter Validation: HiveServer2 TLS/SSL Server JKS Keystore File Password Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 TLS/SSL Server JKS Keystore File Password parameter. false service_config_suppression_hiveserver2_keystore_password true
Suppress Parameter Validation: HiveServer2 TLS/SSL Server JKS Keystore File Location Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 TLS/SSL Server JKS Keystore File Location parameter. false service_config_suppression_hiveserver2_keystore_path true
Suppress Parameter Validation: LDAP BaseDN Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP BaseDN parameter. false service_config_suppression_hiveserver2_ldap_basedn true
Suppress Parameter Validation: Active Directory Domain Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Domain parameter. false service_config_suppression_hiveserver2_ldap_domain true
Suppress Parameter Validation: LDAP URL Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP URL parameter. false service_config_suppression_hiveserver2_ldap_uri true
Suppress Parameter Validation: HiveServer2 TLS/SSL Client Trust Store File Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 TLS/SSL Client Trust Store File parameter. false service_config_suppression_hiveserver2_truststore_file true
Suppress Parameter Validation: HiveServer2 TLS/SSL Client Trust Store Password Whether to suppress configuration warnings produced by the built-in parameter validation for the HiveServer2 TLS/SSL Client Trust Store Password parameter. false service_config_suppression_hiveserver2_truststore_password true
Suppress Parameter Validation: Kerberos Principal Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Principal parameter. false service_config_suppression_kerberos_princ_name true
Suppress Parameter Validation: Hive Lineage Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Lineage Log Directory parameter. false service_config_suppression_lineage_event_log_dir true
Suppress Parameter Validation: Audit Event Filter Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Event Filter parameter. false service_config_suppression_navigator_audit_event_filter true
Suppress Parameter Validation: Hive Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties parameter. false service_config_suppression_navigator_client_config_safety_valve true
Suppress Parameter Validation: Audit Event Tracker Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Event Tracker parameter. false service_config_suppression_navigator_event_tracker true
Suppress Parameter Validation: Hive Client Advanced Configuration Snippet (Safety Valve) for navigator.lineage.client.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Client Advanced Configuration Snippet (Safety Valve) for navigator.lineage.client.properties parameter. false service_config_suppression_navigator_lineage_client_config_safety_valve true
Suppress Parameter Validation: System Group Whether to suppress configuration warnings produced by the built-in parameter validation for the System Group parameter. false service_config_suppression_process_groupname true
Suppress Parameter Validation: System User Whether to suppress configuration warnings produced by the built-in parameter validation for the System User parameter. false service_config_suppression_process_username true
Suppress Parameter Validation: Bypass Sentry Authorization Users Whether to suppress configuration warnings produced by the built-in parameter validation for the Bypass Sentry Authorization Users parameter. false service_config_suppression_sentry_metastore_service_users true
Suppress Configuration Validator: Sentry Policy Files Validator Whether to suppress configuration warnings produced by the Sentry Policy Files Validator configuration validator. false service_config_suppression_sentry_policy_files_validator true
Suppress Parameter Validation: Service Triggers Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Triggers parameter. false service_config_suppression_service_triggers true
Suppress Parameter Validation: Service Monitor Client Config Overrides Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Client Config Overrides parameter. false service_config_suppression_smon_client_config_overrides true
Suppress Parameter Validation: Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) parameter. false service_config_suppression_smon_derived_configs_safety_valve true
Suppress Health Test: HiveServer2 Health Whether to suppress the results of the HiveServer2 Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false service_health_suppression_hive_exec_hiveserver2s_healthy true