livy-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harsch, Tim" <>
Subject user impersonation in Livy not working
Date Tue, 10 Jul 2018 15:52:51 GMT
I have been unable to get proxyUsers to work with Livy.   I seem to have Kerberos configured
correctly, as evidenced by the last beeline command.  When I start a livy session the server
log will usually say something like: “owner: kylo, proxyUser: Some(dladmin)” so it seems
the server should know what to do.   But no matter what I try I always get “org.apache.spark.sql.AnalysisException:
Table not found”

# Ambari config

# Livy Configuration
livy.impersonation.enabled = true
livy.server.auth.type = kerberos
livy.server.launch.kerberos.principal = kylo/
livy.server.launch.kerberos.keytab = /etc/security/keytabs/kylo.keytab
livy.server.auth.kerberos.principal = HTTP/
livy.server.auth.kerberos.keytab = /etc/security/keytabs/spnego.service.keytab
livy.server.access_control.enabled = true
livy.server.access_control.users = kylo,dladmin
livy.server.access_control.modify-users = kylo
livy.superusers = kylo

# Curl connect
kinit -kt /etc/security/keytabs/kylo.keytab kylo/
curl --negotiate -u : -s -X POST --data '{"kind": "spark", "proxyUser": "dladmin"}' -H "Content-Type:
curl --negotiate -u : -s -X GET
* NOTE: verify proxyUser="dladmin" in response.  it will be null if impersonation is not enabled

# submit this code to Livy:
sqlContext.sql("select * from default.d4").show()

# Response:
"code": "sqlContext.sql(\"select * from default.d4\").show()",
"id": 0,
"output": {
"ename": "Error",
"evalue": "org.apache.spark.sql.AnalysisException: Table not found: `default`.`d4`;",

# Can "dladmin" see table data?
[root@sandbox more]# beeline -u "jdbc:hive2://localhost:10000/;principal=hive/;;hive.server2.proxy.user=dladmin"
Connecting to jdbc:hive2://localhost:10000/;principal=hive/;;hive.server2.proxy.user=dladmin
Connected to: Apache Hive (version 1.2.1000.
Driver: Hive JDBC (version 1.2.1000.
Beeline version 1.2.1000. by Apache Hive
0: jdbc:hive2://localhost:10000/> select * from default.d4;
| d4.d4 |
| d4 |
1 row selected (0.132 seconds)

View raw message