You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Prasanth Jayachandran (JIRA)" <ji...@apache.org> on 2018/03/27 22:02:00 UTC
[jira] [Issue Comment Deleted] (HIVE-18982) Provide a CLI option to
manually trigger failover
[ https://issues.apache.org/jira/browse/HIVE-18982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Prasanth Jayachandran updated HIVE-18982:
-----------------------------------------
Comment: was deleted
(was: Based on offline feedback from [~gopalv] added llap specific commands under HiveCommandOperation to get Hive authorization. Also updated the patch to get use LLAP management API for security.
2 commands are add
1) LLAP cluster commands (only info is implemented in this patch)
2) LLAP cache commands (only purge is implemented in this patch)
"llap cluster -info;" has no authorization, any user can read this information.
"llap cache -purge;" requires users to have admin role.
Some examples:
{code:title=user in non-admin role trying to purge the cache}
0: jdbc:hive2://localhost:10000> set hive.security.authorization.enabled;
+-------------------------------------------+
| set |
+-------------------------------------------+
| hive.security.authorization.enabled=true |
+-------------------------------------------+
1 row selected (0.165 seconds)
0: jdbc:hive2://localhost:10000> llap cache -purge;
Error: Error while processing statement: Permission denied: Principal [name=pjayachandran, type=USER] does not have following privileges for operation LLAP_CACHE_PURGE [ADMIN PRIVILEGE on INPUT] (state=,code=1)
{code}
{code:title=user in admin role trying to purge the cache}
0: jdbc:hive2://localhost:10000> set role admin;
No rows affected (1.019 seconds)
0: jdbc:hive2://localhost:10000> llap cache -purge;
+------------+--------------------+
| hostName | purgedMemoryBytes |
+------------+--------------------+
| localhost | 50429952 |
+------------+--------------------+
{code}
{code:title=when authZ is disabled, user can read cluster info}
0: jdbc:hive2://localhost:10000> set hive.security.authorization.enabled;
+--------------------------------------------+
| set |
+--------------------------------------------+
| hive.security.authorization.enabled=false |
+--------------------------------------------+
1 row selected (0.159 seconds)
0: jdbc:hive2://localhost:10000> llap cluster -info;
+----------------+---------------------------------------+------------+----------+-------------+---------+
| applicationId | workerIdentity | hostname | rpcPort | memory | vcores |
+----------------+---------------------------------------+------------+----------+-------------+---------+
| null | 873b7438-01b1-4974-90e2-1c5631602db9 | localhost | 15001 | 3145728000 | 3 |
+----------------+---------------------------------------+------------+----------+-------------+---------+
{code}
ignore "null" applicationId as this is my local setup which is not deployed via slider or yarn services. )
> Provide a CLI option to manually trigger failover
> -------------------------------------------------
>
> Key: HIVE-18982
> URL: https://issues.apache.org/jira/browse/HIVE-18982
> Project: Hive
> Issue Type: Sub-task
> Components: HiveServer2
> Affects Versions: 3.0.0
> Reporter: Prasanth Jayachandran
> Assignee: Prasanth Jayachandran
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: HIVE-18982.1.patch, HIVE-18982.2.patch, HIVE-18982.3.patch, HIVE-18982.4.patch, HIVE-18982.5.patch
>
>
> HIVE-18281 added active-passive HA. There might be a administrative need to trigger a manual failover of HS2 Active server. Add command line tool to view list of all HS2 instances and trigger manual failover (only under force mode). The clients currently connected to active HS2 will be closed. In future, more options to existing clients connections can be handled via configs/options (like wait until timeout, wait until current sessions are closed etc.)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)