...
Info | ||
---|---|---|
| ||
Introduced in Hive version 0.11. See HIVE-2935. |
How to Configure
Configuration Properties in the hive-site.xml
File
Panel |
---|
hive.server2.thrift.min.worker.threads – Minimum number of worker threads, default 5. hive.server2.thrift.max.worker.threads – Maximum number of worker threads, default 500. hive.server2.thrift.port – TCP port number to listen on, default 10000. hive.server2.thrift.bind.host – TCP interface to bind to. |
Optional Environment Settings
Panel |
---|
HIVE_SERVER2_THRIFT_BIND_HOST – Optional TCP host interface to bind to. Overrides the configuration file setting. |
Running in HTTP mode
Starting in Hive 0.13, HiveServer2 provides support for sending Thrift RPC messages over HTTP transport (HIVE-4752). This is particularly useful to support a proxying intermediary between the client and the server (for example, for load balancing or security reasons). Currently, you can run HiveServer2 in either TCP mode or the HTTP mode, but not in both. For the corresponding JDBC URL, check this link: HiveServer2 Clients -- JDBC Connection URLs. Use the following settings to enable HTTP mode:
Panel |
---|
hive.server2.transport.mode – Set this to http. |
Optional Environment Settings
Panel |
---|
hive.server2.thrift.http.port – HTTP port number to listen on; default is 10001. hive.server2.thrift.http.path – The service endpoint; default is cliservice. hive.server2.thrift.http.min.worker.threads – Minimum worker threads in the server pool; default is 5. hive.server2.thrift.http.max.worker.threads – Maximum worker threads in the server pool; default is 500. |
How to Start
Code Block |
---|
$HIVE_HOME/bin/hiveserver2 |
...
HiveServer2 supports Anonymous (no authentication) with and without SASL, Kerberos (GSSAPI), pass through LDAP, Pluggable Custom Authentication and Pluggable Authentication Modules (PAM, supported Hive 0.13 onwards).
Configuration
Panel |
---|
hive.server2.authentication – Authentication mode, default NONE. Options are NONE, NOSASL, KERBEROS, LDAP, PAM and CUSTOM. hive.server2.authentication.kerberos.principal – Kerberos principal for server. hive.server2.authentication.kerberos.keytab – Keytab for server principal. hive.server2.authentication.ldap.url – LDAP URL. hive.server2.authentication.ldap.baseDN – LDAP base DN. hive.server2.custom.authentication.class – Custom authentication class that implements the |
Impersonation
By default HiveServer2 performs the query processing as the user who submitted the query. But if the following parameter is set to false, the query will run as the user that the hiveserver2
process runs as.
...
Panel |
---|
fs.hdfs.impl.disable.cache – Disable HDFS filesystem cache, default false. fs.file.impl.disable.cache – Disable local filesystem cache, default false. |
Integrity/Confidentiality Protection
Changes in HIVE-4911, which is available in Hive 0.12, enable integrity protection and confidentiality protection (beyond just the default of authentication) for communication between the Hive JDBC driver and HiveServer2. You can use the SASL QOP property to configure this.
- This is only when Kerberos is used for the HS2 client (JDBC/ODBC application) authentication with HiveServer2.
- hive.server2.thrift.sasl.qop in
hive-site.xml
has to be set to one of the valid QOP values ('auth', 'auth-int' or 'auth-conf').
SSL Encryption
Changes in HIVE-5351, which will be available in Hive 0.13, provides support for SSL encryption. To enable, set the following configurations in hive-site.xml
:
Panel |
---|
hive.server2.use.SSL – Set this to true. hive.server2.keystore.path – Set this to your keystore path. hive.server2.keystore.password – Set this to your keystore password. |
Pluggable Authentication Modules (PAM)
HIVE-6466, which will be available in Hive 0.13, provides support for PAM. To configure PAM:
- Download the JPAM native library for the relevant architecture.
- Unzip and copy libjpam.so to a directory (<libjmap-directory>) on the system.
- Add the directory to the LD_LIBRARY_PATH environment variable like so:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<libjmap-directory>
...