Step 3: Modify the Hive Storage Plugin in Drill

Modify the Hive storage plugin configuration in the Drill Web UI based on the authorization and security scenario for the cluster. You can only access the Drill Web UI for a running Drillbit.

Complete the following steps to modify the Hive storage plugin configuration:

  1. Navigate to http://<drillbit_hostname>:8047, and select the Storage tab.
  2. Click Update next to the hive option.
  3. In the configuration window, add the required properties based on the authorization type and security scenario:
    Storage Based Authorization or No Authorization Enabled
    For a non-secure cluster, add the following properties to the configuration:
    {
     type:"hive",
     enabled: true,
     configProps : {
       "hive.metastore.uris" : "thrift://<metastore_hostname>:9083",
       "fs.default.name" : "maprfs:///",
       "hive.metastore.sasl.enabled" : "false",
       "hive.server2.enable.doAs" : "true",
       "hive.metastore.execute.setugi" : "true"
     }
    }
    For a secure cluster, add the following properties to the configuration:
    {
    "type": "hive",
    "enabled": true,
    "configProps": {
      "hive.metastore.uris": "thrift://<metastore_hostname>:9083",
      "fs.default.name": "maprfs:///",
      "hive.server2.enable.doAs": "true"
       }
    } 
    Add the following additional properties if the Hive metastore is configured with Kerberos in a secure cluster; include a comma after each line except for the last:
    "hive.metastore.kerberos.principal": "hive/<metastore_thrift_server>"
    "hive.metastore.sasl.enabled": "true"
    SQL Standard Based Authorization
    For an non-secure cluster, add the following properties to the configuration:
    {
     type:"hive",
     enabled: true,
     configProps : {
       "hive.metastore.uris" : "thrift://<metastore_hostname>:9083",
       "fs.default.name" : "maprfs:///",
       "hive.security.authorization.enabled" : "true",
       "hive.security.authenticator.manager" : "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator",
       "hive.security.authorization.manager" : "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory",
       "hive.metastore.sasl.enabled" : "false",
       "hive.server2.enable.doAs" : "false",
       "hive.metastore.execute.setugi" : "false"
     }
    }
    For a secure cluster, add the following properties to the configuration:
    {
    "type": "hive",
    "enabled": true,
    "configProps": {
      "hive.metastore.uris": " thrift://<metastore_hostname>:9083",
      "fs.default.name": "maprfs:///",
      "hive.security.authorization.enabled": "true",
      "hive.security.authenticator.manager": "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator",
      "hive.security.authorization.manager": "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory",
      "hive.server2.enable.doAs": "false",
      "hive.metastore.execute.setugi": "true"
     }
    }
    Add the following additional properties if the Hive metastore is configured with Kerberos in a secure cluster; include a comma after each line except for the last:
    "hive.metastore.kerberos.principal": "hive/<metastore_thrift_server>"
    "hive.metastore.sasl.enabled": "true"