You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Hive QA (Jira)" <ji...@apache.org> on 2019/12/07 11:01:00 UTC

[jira] [Commented] (HIVE-21899) Utils.getCanonicalHostName() may return IP address depending on DNS infra

    [ https://issues.apache.org/jira/browse/HIVE-21899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16990439#comment-16990439 ] 

Hive QA commented on HIVE-21899:
--------------------------------

| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  1s{color} | {color:green} The patch does not contain any @author tags. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  9m 20s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 20s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 11s{color} | {color:green} master passed {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue}  0m 29s{color} | {color:blue} jdbc in master has 16 extant Findbugs warnings. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 14s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  0m 36s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 19s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  0m 19s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 11s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m  0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  0m 35s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 14s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 15s{color} | {color:green} The patch does not generate ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black} 13m 13s{color} | {color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Optional Tests |  asflicense  javac  javadoc  findbugs  checkstyle  compile  |
| uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-19791/dev-support/hive-personality.sh |
| git revision | master / e6ef282 |
| Default Java | 1.8.0_111 |
| findbugs | v3.0.1 |
| modules | C: jdbc U: jdbc |
| Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-19791/yetus.txt |
| Powered by | Apache Yetus    http://yetus.apache.org |


This message was automatically generated.



> Utils.getCanonicalHostName() may return IP address depending on DNS infra
> -------------------------------------------------------------------------
>
>                 Key: HIVE-21899
>                 URL: https://issues.apache.org/jira/browse/HIVE-21899
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Metastore, Security
>    Affects Versions: 3.0.0, 2.4.0, 3.1.0, 3.1.1
>            Reporter: KWON BYUNGCHANG
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HIVE-21899.001.patch
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> if there is not PTR record of hostname A in DNS, 
> org.apache.hive.jdbc.Utils.getCanonicalHostName(“A”) return IP Address.
> And failed connecting secured HS2 or HMS because cannot getting kerberos service ticket of HS2 or HMS using ip address. 
> workaround is adding hostname A and IP to /etc/hosts,  it is uncomfortable.
> below is krb5 debug log.
> note that {{Server not found in Kerberos database}} and {{hive/10.1.1.1@EXAMPLE.COM}}
> {code}
> Picked up JAVA_TOOL_OPTIONS: -Dsun.security.krb5.debug=true
> Connecting to jdbc:hive2://zk1.example.com:2181,zk2.example.com:2181,zk.example.com:2181/default;principal=hive/_HOST@EXAMPLE.COM;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2
> Java config name: /etc/krb5.conf
> Loaded from Java config
> Java config name: /etc/krb5.conf
> Loaded from Java config
> >>> KdcAccessibility: reset
> >>> KdcAccessibility: reset
> >>>DEBUG <CCacheInputStream>  client principal is magnum@EXAMPLE.COM
> >>>DEBUG <CCacheInputStream> server principal is krbtgt/EXAMPLE.COM@EXAMPLE.COM
> >>>DEBUG <CCacheInputStream> key type: 18
> >>>DEBUG <CCacheInputStream> auth time: Thu Jun 20 12:46:45 JST 2019
> >>>DEBUG <CCacheInputStream> start time: Thu Jun 20 12:46:45 JST 2019
> >>>DEBUG <CCacheInputStream> end time: Fri Jun 21 12:46:43 JST 2019
> >>>DEBUG <CCacheInputStream> renew_till time: Thu Jun 27 12:46:43 JST 2019
> >>> CCacheInputStream: readFlags()  FORWARDABLE; RENEWABLE; INITIAL; PRE_AUTH;
> Found ticket for magnum@EXAMPLE.COM to go to krbtgt/EXAMPLE.COM@EXAMPLE.COM expiring on Fri Jun 21 12:46:43 JST 2019
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Found ticket for magnum@EXAMPLE.COM to go to krbtgt/EXAMPLE.COM@EXAMPLE.COM expiring on Fri Jun 21 12:46:43 JST 2019
> Service ticket not found in the subject
> >>> Credentials acquireServiceCreds: same realm
> Using builtin default etypes for default_tgs_enctypes
> default etypes for default_tgs_enctypes: ........
> >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
> >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
> >>> KrbKdcReq send: kdc=kerberos.example.com UDP:88, timeout=30000, number of retries =3, #bytes=661
> >>> KDCCommunication: kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =1, #bytes=661
> >>> KrbKdcReq send: #bytes read=171
> >>> KdcAccessibility: remove kerberos.example.com
> >>> KDCRep: init() encoding tag is 126 req type is 13
> >>>KRBError:
>          cTime is Wed Dec 16 00:15:05 JST 1998 913734905000
>          sTime is Thu Jun 20 12:50:30 JST 2019 1561002630000
>          suSec is 659395
>          error code is 7
>          error Message is Server not found in Kerberos database
>          cname is magnum@EXAMPLE.COM
>          sname is hive/10.1.1.1@EXAMPLE.COM
>          msgType is 30
> KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
>         at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
>         at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
>         at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
>         at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
>         at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
>         at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)