You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/06/08 00:25:01 UTC

[jira] [Work logged] (HIVE-21899) Utils.getCanonicalHostName() may return IP address depending on DNS infra

     [ https://issues.apache.org/jira/browse/HIVE-21899?focusedWorklogId=442507&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-442507 ]

ASF GitHub Bot logged work on HIVE-21899:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Jun/20 00:24
            Start Date: 08/Jun/20 00:24
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on pull request #748:
URL: https://github.com/apache/hive/pull/748#issuecomment-640302914


   This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
   Feel free to reach out on the dev@hive.apache.org list if the patch is in need of reviews.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 442507)
    Time Spent: 0.5h  (was: 20m)

> Utils.getCanonicalHostName() may return IP address depending on DNS infra
> -------------------------------------------------------------------------
>
>                 Key: HIVE-21899
>                 URL: https://issues.apache.org/jira/browse/HIVE-21899
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Metastore, Security
>    Affects Versions: 3.0.0, 2.4.0, 3.1.0, 3.1.1
>            Reporter: KWON BYUNGCHANG
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HIVE-21899.001.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> if there is not PTR record of hostname A in DNS, 
> org.apache.hive.jdbc.Utils.getCanonicalHostName(“A”) return IP Address.
> And failed connecting secured HS2 or HMS because cannot getting kerberos service ticket of HS2 or HMS using ip address. 
> workaround is adding hostname A and IP to /etc/hosts,  it is uncomfortable.
> below is krb5 debug log.
> note that {{Server not found in Kerberos database}} and {{hive/10.1.1.1@EXAMPLE.COM}}
> {code}
> Picked up JAVA_TOOL_OPTIONS: -Dsun.security.krb5.debug=true
> Connecting to jdbc:hive2://zk1.example.com:2181,zk2.example.com:2181,zk.example.com:2181/default;principal=hive/_HOST@EXAMPLE.COM;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2
> Java config name: /etc/krb5.conf
> Loaded from Java config
> Java config name: /etc/krb5.conf
> Loaded from Java config
> >>> KdcAccessibility: reset
> >>> KdcAccessibility: reset
> >>>DEBUG <CCacheInputStream>  client principal is magnum@EXAMPLE.COM
> >>>DEBUG <CCacheInputStream> server principal is krbtgt/EXAMPLE.COM@EXAMPLE.COM
> >>>DEBUG <CCacheInputStream> key type: 18
> >>>DEBUG <CCacheInputStream> auth time: Thu Jun 20 12:46:45 JST 2019
> >>>DEBUG <CCacheInputStream> start time: Thu Jun 20 12:46:45 JST 2019
> >>>DEBUG <CCacheInputStream> end time: Fri Jun 21 12:46:43 JST 2019
> >>>DEBUG <CCacheInputStream> renew_till time: Thu Jun 27 12:46:43 JST 2019
> >>> CCacheInputStream: readFlags()  FORWARDABLE; RENEWABLE; INITIAL; PRE_AUTH;
> Found ticket for magnum@EXAMPLE.COM to go to krbtgt/EXAMPLE.COM@EXAMPLE.COM expiring on Fri Jun 21 12:46:43 JST 2019
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Found ticket for magnum@EXAMPLE.COM to go to krbtgt/EXAMPLE.COM@EXAMPLE.COM expiring on Fri Jun 21 12:46:43 JST 2019
> Service ticket not found in the subject
> >>> Credentials acquireServiceCreds: same realm
> Using builtin default etypes for default_tgs_enctypes
> default etypes for default_tgs_enctypes: ........
> >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
> >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
> >>> KrbKdcReq send: kdc=kerberos.example.com UDP:88, timeout=30000, number of retries =3, #bytes=661
> >>> KDCCommunication: kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =1, #bytes=661
> >>> KrbKdcReq send: #bytes read=171
> >>> KdcAccessibility: remove kerberos.example.com
> >>> KDCRep: init() encoding tag is 126 req type is 13
> >>>KRBError:
>          cTime is Wed Dec 16 00:15:05 JST 1998 913734905000
>          sTime is Thu Jun 20 12:50:30 JST 2019 1561002630000
>          suSec is 659395
>          error code is 7
>          error Message is Server not found in Kerberos database
>          cname is magnum@EXAMPLE.COM
>          sname is hive/10.1.1.1@EXAMPLE.COM
>          msgType is 30
> KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
>         at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
>         at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
>         at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
>         at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
>         at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
>         at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)