Enable Drill Impersonation with Hive
About this task
To configure Drill impersonation to work with Hive impersonation in a secure or insecure MapR cluster:
- Modify the
drill-env.sh
anddrill-override.conf
files on each Drill node. - Update the Hive storage plugin configuration in Drill.
- Restart Warden.
Prerequisites
The configurations described in this document have the following dependencies:
- MapR version 4.1 or later
- Drill 1.1 or later installed with Drillbits running as the
mapr
user. -
Supported version of Hive installed with the following:
- User impersonation enabled
- Configured Hive remote metastore repository
- (Optional) SQL standard based
authorization or storage based
authorization configured
NOTE: See the Drill Support Matrix for supported versions of Hive.
Procedure
-
Modify <DRILL_HOME>/conf/drill-env.sh to include the required environment
variables on each Drill node.
-
In an insecure cluster, include the following environment variable:
export MAPR_IMPERSONATION_ENABLED=true
-
In a secure cluster, include the following environment variables:
export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Djava.security.auth.login.config=/opt/mapr/conf/mapr.login.conf -Dzookeeper.sasl.client=true” export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Dmapr_sec_enabled=true -Dhadoop.login=maprsasl_keytab -Dzookeeper.saslprovider=com.mapr.security.maprsasl.MaprSaslProvider -Dmapr.library.flatclass" export MAPR_TICKETFILE_LOCATION=/opt/mapr/conf/mapruserticket
-
In an insecure cluster, include the following environment variable:
-
Modify <DRILL_HOME>/conf/drill-override.conf file on each Drill node (in
secure and insecure clusters) to enable impersonation in Drill, and set the
maximum number of chained user hops that Drill allows. Add the following
configuration properties to the
drill.exe
block indrill-override.conf
:drill.exec: { cluster-id: "<drill_cluster_name>", zk.connect: "<hostname>:5181,<hostname>:5181,<hostname>:5181" impersonation: { enabled: true, max_chained_user_hops: 3 } }
-
Modify the Hive storage plugin configuration in the Drill Web UI based on the
authorization and security scenario for the cluster. You can only access the
Drill Web UI for a running Drillbit.
Complete the following steps to modify the Hive storage plugin configuration:
-
Issue the following command on all nodes to restart the Warden service:
clush –a “service mapr-warden restart”