Actually we can run Hive 3.1.2 with Ranger!
To run Hive 3.1.2 with Ranger 2.0.0, you could set:
hive.security.authorization.enabled=true
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator
hive.security.authorization.manager=org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
hive.privilege.synchronizer=true
For Ranger 2.0.0, RangerHiveAuthorizerBase.getHivePolicyProvider() returns
null, so it is okay to set hive.privilege.synchronizer to true, and you
don't have to set up ZooKeeper.
To run Hive 3.1.2 with Ranger 2.1.0 but without ZooKeeper, you need to set
hive.privilege.synchronizer to false because
RangerHiveAuthorizer.getHivePolicyProvider() returns
RangerHivePolicyProvider. If hive.privilege.synchronizer is set to true,
ZooKeeper should be running.
So, with Ranger 2.0.0 or 2.1.0, you can run Hive 3.1.2 without ZooKeeper.
(Of course, you can run it with ZooKeeper, too.) It may take a while (like
a few seconds) for a new Ranger policy to be delivered to HiveServer2, but
this does not seem like an issue in practice.
--- Sungwoo
On Tue, Sep 21, 2021 at 6:50 PM Antoine DUBOIS <antoine.dub...@cc.in2p3.fr>
wrote:
> Yes I can.
> You cannot use Ranger without having to configure an instance of zookeeper
> to run for unclear reasons.
>
> public void startPrivilegeSynchonizer(HiveConf hiveConf) throws Exception {
>
> PolicyProviderContainer policyContainer = new PolicyProviderContainer();
> HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
> if (authorizer.getHivePolicyProvider() != null) {
> policyContainer.addAuthorizer(authorizer);
> }
> if (hiveConf.get(MetastoreConf.ConfVars.PRE_EVENT_LISTENERS.getVarname())
> != null &&
>
> hiveConf.get(MetastoreConf.ConfVars.PRE_EVENT_LISTENERS.getVarname()).contains(
>
> "org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener")
> &&
>
> hiveConf.get(MetastoreConf.ConfVars.HIVE_AUTHORIZATION_MANAGER.getVarname())!=
> null) {
> List<HiveMetastoreAuthorizationProvider> providers =
> HiveUtils.getMetaStoreAuthorizeProviderManagers(
> hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER,
> SessionState.get().getAuthenticator());
> for (HiveMetastoreAuthorizationProvider provider : providers) {
> if (provider.getHivePolicyProvider() != null) {
> policyContainer.addAuthorizationProvider(provider);
> }
> }
> }
> [...]
>
> if (policyContainer.size() > 0) {
> zKClientForPrivSync = startZookeeperClient(hiveConf);
> String rootNamespace =
> hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_ZOOKEEPER_NAMESPACE);
>
>
> So as long as you are using ranger you must use zookeeper and
> configuration in this case is unclear.
> I never managed to make it work properly.
> It seems like version 3.1.2 is no longer developed or supported and only
> 2.x is still under developpement.
> Looks like cloudera buying HDP makes development less active in the end...
>
> ------------------------------
> *De: *"Battula, Brahma Reddy" <bbatt...@visa.com>
> *À: *user@hive.apache.org
> *Envoyé: *Vendredi 17 Septembre 2021 21:15:51
> *Objet: *Re: Future release of hive
>
>
>
> Can you please give more details on issues which you faced with hive-3.1.2
> and ranger-2.1.0..?
>
>
>
>
>
> *From: *Antoine DUBOIS <antoine.dub...@cc.in2p3.fr>
> *Date: *Tuesday, 14 September 2021 at 6:20 PM
> *To: *user@hive.apache.org <user@hive.apache.org>
> *Subject: *Future release of hive
>
> Hello
>
> After trying to use hive 3.1.2 for several weeks with ranger, I stop.
> It's seems way too complicated and tedious.
>
> I wonder when or even if there will be any more release in the 3.0 branch.
>
> I wonder if Hive 3.0 was just an experience as it seems maintenance is not
> really there.
> Is there any plan for Hive 4.0 or should I use Hive 2.8 knowing I'm using
> Hadoop 3 ?
> Any insight on hive release cycle woudl be awesome.
>
>
>
> i hope you have a nice day.
>
>
>
> Antoine DUBOIS
>
>
>
>
