the server log showing below error org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): Unauthorized connection for super-user: root from IP xx.xx.xx.xx
could anyone please tell me why dremio still use root user to connect hdfs instead of other user when I enable the impersonation feature? in my dremio cluster , I use root to start dremio
The Dremio process user still needs access to HDFS to read data - Dremio will use impersonation to check if the current user has access to the data, but the actual reading is done as the process user.
I did a workaround to fix the issue . I exchanged admin user to start dremio service which that mean I will use admin user to connect hive databases and also I will use the same user to access hdfs, all the user is going to access will be controled by my ranger. even I done this, I stil faced two below issue
unable to reconise my hdp cluster
unable to fetch chinese character
after, searching and troubleshotting, I copy hdfs-site,hive-site to my dremio conf folder which sovle the first issue. and I added one praremeter in dremio-env under conf (DREMIO_JAVA_SERVER_EXTRA_OPTS=’-Dsaffron.default.charset=UTF-16LE -Dsaffron.default.nationalcharset=UTF-16LE -Dsaffron.default.collation.name=UTF-16LE$en_US’) which solve the second issue.
from now on, the dremio can work properly connected to remote hdp cluster
In HDFS you have to do what the article you linked says: in HDFS, enable proxy user for the process user and then allow that user to proxy as the users who you need impersonation for (or do a * to allow all).