This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor edits, typo fixes, remove duplicate Thrift IDL link, add Thrift doc link

HiveServer2

Table of Contents

HiveServer2 (HS2) is a server interface that enables remote clients to execute queries against hive Hive and retrieve the results. The current thirft RPC based implementation implementation, based on Thrift RPC, is an improved version of HiveServer that and supports multi-client concurrency and authentication. It is designed to provide better support for open API clients like JDBC and ODBC.

  • The

...

...

  • .
  • Thrift documentation is available at http://

...

...

...

This document describes how to setup set up the server. How to use a client with this server is described in Hive client setup doc the HiveServer2 Clients document.

Info
titleVersion

Introduced in Hive version 0.11. See HIVE-2935.

How to

...

Configure

Configuration properties Properties in the hive-site.xml File

Panel

hive.server2.thrift.min.worker.threads - Number – Minimum number of minimum worker threads, default 5.
hive.server2.thrift.max.worker.threads - Number – Maximum number of minimum worker threads, default 100.
hive.server2.thrift.port - Tcp – TCP port number to listen on, default 10000.
hive.server2.thrift.bind.host - Tcp – TCP interface to bind to.

Optional Environment settingsSettings

Panel

HIVE_SERVER2_THRIFT_BIND_HOST - optional tcp – Optional TCP host interface to bind to. Overrides the config configuration file setting.
HIVE_SERVER2_THRIFT_PORT - optional tcp port# – Optional TCP port number to listen on, default 10000. Overrides the config configuration file setting.

How to

...

Start

Code Block
$HIVE_HOME/bin/hiveserver2

...

Code Block
$HIVE_HOME/bin/hive --service hiveserver2

Authentication/Security

...

Configuration

HiveServer2 support supports Anonymous (no authauthentication), Kerberos, pass through LDAP and pluggable custom authentication.

...

Panel

hive.server2.authentication - Authentication mode, default NONE. Options are NONE, KERBEROS, LDAP and CUSTOM.
hive.server2.authentication.kerberos.principal - Kerberos principal for server.
hive.server2.authentication.kerberos.keytab - Keytab for server principal.
hive.server2.authentication.ldap.url - LDAP url.
hive.server2.authentication.ldap.baseDN - LDAP base DN.
hive.server2.custom.authentication.class - Custom authentication class that implements org.apache.hive.service.auth.PasswdAuthenticationProvider interface.

Impersonation

By default HiveServer2 performs the query processing as the user who submitted the query. If this But if the following parameter is set to false, the query would will run as the user that the hiveserver2 process runs as.

Panel

hive.server2.enable.doAs - Impersonate the connected user, default true.

To prevent memory leak leaks in unsecure mode, disable file system caches , by setting the following params parameters to true:

Panel

fs.hdfs.impl.disable.cache - Disable hdfs HDFS filesystem cache, default false.
fs.file.impl.disable.cache - Disable local filesystem cache, default false.

Integrity/Confidentiality

...

Protection

Changes in HIVE-4911, which should be is available in hive Hive 0.12, enable integrity protection and confidentiality protection (beyond just the default of authentication) , for communication between hive jdbc the Hive JDBC driver and hive server2 HiveServer2. You can use the SASL QOP property to configure this.

  • This is only when kerberos Kerberos is used for the HS2 client (jdbcJDBC/odbc ODBC application) authentication with HS2HiveServer2.
  • hive.server2.thrift.sasl.qop in hive-site.xml has to be set to one of the valid QOP values ('auth', 'auth-int' or 'auth-conf').