Using MAPRSASL to Authenticate to Hive Metastore on HPE Ezmeral Data Fabric

Describes how to create a Hive data source connection that uses MAPRSASL to authenticate to a Hive Metastore on HPE Ezmeral Data Fabric.

You can connect Unified Analytics to a Hive Metastore in HPE Ezmeral Data Fabric that uses MAPRSASL to authenticate users. In Unified Analytics, create a Hive data source connection and provide the required connection details.

Prerequisites

If you want Unified Analytics to authenticate to the Hive Metastore in an external HPE Ezmeral Data Fabric cluster via MAPRSASL, you must provide the Hive connector (in Unified Analytics) with specific details about the HPE Ezmeral Data Fabric cluster.

To get the HPE Ezmeral Data Fabric cluster details, perform the following tasks before you complete the steps in Creating the Connection to Hive Metastore in HPE Ezmeral Data Fabric

Get the HPE Ezmeral Data Fabric cluster details.
Generate an impersonation ticket.
Create a configuration file.
Verify that ports used by HPE Ezmeral Data Fabric are available. For details, see Port Information.
TIP
When you create a connection to Hive Metastore in HPE Ezmeral Data Fabric from Unified Analytics, you only have to provide this information once because the information is stored in designated configuration files. Subsequent connections can automatically use the cluster details and ticket information stored in the configuration files to access the Hive Metastore in the HPE Ezmeral Data Fabric cluster. For example, if you create subsequent Hive, Iceberg, or Delta Lake data source connections in Unified Analytics, you do not have to enter values in the DF Cluster Details and Hive HDFS DF Ticket fields when you configure the connections. For details, see Modifying the HPE Ezmeral Data Fabric Configuration Files.

Creating the Connection to Hive Metastore in HPE Ezmeral Data Fabric

To create a Unified Analytics connection to Hive Metastore in HPE Ezmeral Data Fabric that uses MAPRSASL to authenticate users, complete the following steps:

Sign in to Unified Analytics.
In the left navigation panel, go to Data Engineering > Data Sources.
On the Data Sources screen, click Add New Data Source on the Structured Data tab.
In the Hive tile, click Create Connection.
In the drawer that opens, add the following fields so they appear in the drawer:
1. In the Hive Advanced Settings search field, type auth and select Hive Metastore Authentication Type when it appears. The field is added to the drawer.
2. Repeat step a, but now select Hive HDFS Authentication Type when it appears. The field is added to the drawer.
3. In the Hive Advanced Settings search field, type DF and select DF Cluster Details. The field is added to the drawer.
4. Repeat step c, but now select DF Cluster Name. The field is added to the drawer.
5. (Optional for Hive Metastore Discovery Only) In the Hive Advanced Settings search field, type impersonation and select Hive HDFS Impersonation Enabled. Also select the Hive HDFS Presto Principal field.

Complete the following fields in the drawer:

Field	Description
Name	Enter a unique name for the Hive connection.
Hive Metastore	Select Thrift or Discovery
Hive Metastore URI	Enter the Hive Metastore URI, for example: `thrift://a2-dev.mip.storage.mycorp.net:9083`
Hive Metastore Authentication Type	Select MAPRSASL.
Hive HDFS Authentication Type	Select MAPRSASL.
DF Cluster Name	Enter the name of the HPE Ezmeral Data Fabric cluster.
Hive Config Resources	Upload the configuration file. For information about how to create the file, see Creating a Configuration File.
DF Cluster Details	Enter cluster details from the `mapr-clusters.conf` file, for example: `bob123 secure=true a2-ab1-dev-vm123456.mip.storage.mycompany.net:7222` For information about how to access the `mapr-clusters.conf` file, see Getting the HPE Ezmeral Data Fabric Cluster Details.
Hive HDFS DF Ticket	Enter the impersonation ticket content, for example: `bob123 rjB4HAbce... =` For information about how to generate a ticket or get ticket content, see Generating an HPE Ezmeral Data Fabric Impersonation Ticket.
Hive HDFS Impersonation Enabled	(Optional for Hive Metastore Discovery Only) Selecting this option enables HDFS impersonation. If you select this option, you must also provide the username for impersonation in the Hive HDFS Presto Principal field.
Hive HDFS Presto Principal	(Optional for Hive Metastore Discovery Only) Enter the username for impersonation.

IMPORTANT

If the Hive configuration with the fs.defaultFS property was not properly specified, the Hive connection must be deleted and recreated after restarting the EzPresto master and worker pods.
You must use the actual name of the HPE Ezmeral Data Fabric cluster in the DF Cluster Name, DF Cluster Details, and Hive HDFS DF Ticket fields, and also in the fs.defaulFS property in the configuration file.

Click Connect.

Getting the HPE Ezmeral Data Fabric Cluster Details

To get the cluster details, complete the following steps:

SSH in to the HPE Ezmeral Data Fabric cluster.
Open the mapr-clusters.conf file:
```
cat /opt/mapr/conf/mapr-clusters.conf
```
Copy the information from the mapr-clusters.conf file and paste it into the DF Cluster Name and DF Cluster Details fields when you complete the fields in the drawer.

For additional information, see mapr-clusters.conf.

Generating an HPE Ezmeral Data Fabric Impersonation Ticket

For Unified Analytics to access the Hive Metastore in HPE Ezmeral Data Fabric, Unified Analytics must impersonate a user that has permission to access the Hive Metastore. Unified Analytics can only impersonate a user with a valid impersonation ticket from HPE Ezmeral Data Fabric.

To generate an impersonation ticket, complete the following steps:

If you are not already signed in to the cluster, SSH in to the HPE Ezmeral Data Fabric cluster.
Complete the steps to generate an impersonation ticket, as described in Generating an Impersonation Ticket with Ticket Generation Privileges.
Copy the contents of the impersonation ticket and paste it into the Hive HDFS DF Ticket field when you complete the fields in the drawer.

Creating a Configuration File

You must provide Unified Analytics with the file path to the HPE Ezmeral Data Fabric cluster. To do so, create a file named config.xml with the following Hadoop configuration property, providing the file path to the HPE Ezmeral Data Fabric cluster:

<configuration> 
<property> 
    <name>fs.defaultFS</name> 
    <value>maprfs://<mapr_cluster_name>/</value> 
</property> 
</configuration>

When you complete the fields in the drawer, upload this file to the Hive Config Resources field.

HPE Ezmeral Unified Analytics Software 1.5 Documentation
Abstract	HPE Ezmeral Unified Analytics Software is a usage-based Software-as-a-Service (SaaS) model that operationalizes hybrid and multi-cloud modern analytical workloads through a simple user interface, easily installed and deployed in minutes. HPE Ezmeral Unified Analytics Software separates compute and storage for flexible, cost-efficient scalability to securely access data stored in multiple data platforms, enabling you to run traditional and advanced analytics workloads with open-source tools.
Published	November 2024
Edition	1.5.0