You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by se...@apache.org on 2017/02/14 03:03:06 UTC
[1/2] hive git commit: HIVE-15878 : LLAP text cache: bug in last
merge (Sergey Shelukhin, reviewed by Gopal V)
Repository: hive
Updated Branches:
refs/heads/master 84faae007 -> 694372770
HIVE-15878 : LLAP text cache: bug in last merge (Sergey Shelukhin, reviewed by Gopal V)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/95891261
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/95891261
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/95891261
Branch: refs/heads/master
Commit: 9589126100375c54a8a6e41e271438bce6e07b0f
Parents: 84faae0
Author: Sergey Shelukhin <se...@apache.org>
Authored: Mon Feb 13 19:01:20 2017 -0800
Committer: Sergey Shelukhin <se...@apache.org>
Committed: Mon Feb 13 19:01:20 2017 -0800
----------------------------------------------------------------------
.../hadoop/hive/llap/io/encoded/SerDeEncodedDataReader.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/95891261/llap-server/src/java/org/apache/hadoop/hive/llap/io/encoded/SerDeEncodedDataReader.java
----------------------------------------------------------------------
diff --git a/llap-server/src/java/org/apache/hadoop/hive/llap/io/encoded/SerDeEncodedDataReader.java b/llap-server/src/java/org/apache/hadoop/hive/llap/io/encoded/SerDeEncodedDataReader.java
index 419043a..f6531e8 100644
--- a/llap-server/src/java/org/apache/hadoop/hive/llap/io/encoded/SerDeEncodedDataReader.java
+++ b/llap-server/src/java/org/apache/hadoop/hive/llap/io/encoded/SerDeEncodedDataReader.java
@@ -1475,8 +1475,7 @@ public class SerDeEncodedDataReader extends CallableWithNdc<Void>
Path path, StructObjectInspector oi) throws IOException {
// TODO: this is currently broken. We need to set memory manager to a bogus implementation
// to avoid problems with memory manager actually tracking the usage.
- return OrcFile.createWriter(path, createOrcWriterOptions(
- sourceOi, conf, cacheWriter, allocSize));
+ return OrcFile.createWriter(path, createOrcWriterOptions(oi, conf, cacheWriter, allocSize));
}
}
[2/2] hive git commit: HIVE-15896 : LLAP: improved failures when
security is set up incorrectly (Sergey Shelukhin, reviewed by Jason Dere)
Posted by se...@apache.org.
HIVE-15896 : LLAP: improved failures when security is set up incorrectly (Sergey Shelukhin, reviewed by Jason Dere)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/69437277
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/69437277
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/69437277
Branch: refs/heads/master
Commit: 694372770ba4a96741af07e93b7d4ce9f26ca51a
Parents: 9589126
Author: Sergey Shelukhin <se...@apache.org>
Authored: Mon Feb 13 19:02:44 2017 -0800
Committer: Sergey Shelukhin <se...@apache.org>
Committed: Mon Feb 13 19:02:44 2017 -0800
----------------------------------------------------------------------
.../hadoop/hive/llap/security/SecretManager.java | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/69437277/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
----------------------------------------------------------------------
diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
index 345156f..08f8b32 100644
--- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
+++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
@@ -50,17 +50,29 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
implements SigningSecretManager {
private static final Logger LOG = LoggerFactory.getLogger(SecretManager.class);
private static final String DISABLE_MESSAGE =
- "Set " + ConfVars.LLAP_VALIDATE_ACLS.varname + " to false to disable ACL validation";
+ "Set " + ConfVars.LLAP_VALIDATE_ACLS.varname + " to false to disable ACL validation (note"
+ + " that invalid ACLs on secret key paths would mean that security is compromised)";
private final Configuration conf;
private final String clusterId;
public SecretManager(Configuration conf, String clusterId) {
- super(conf);
+ super(validateConfigBeforeCtor(conf));
this.clusterId = clusterId;
this.conf = conf;
checkForZKDTSMBug();
}
+ private static Configuration validateConfigBeforeCtor(Configuration conf) {
+ setCurator(null); // Ensure there's no threadlocal. We don't expect one.
+ // We don't ever want to create key paths with world visibility. Why is that even an option?!!
+ String authType = conf.get(ZK_DTSM_ZK_AUTH_TYPE);
+ if (!"sasl".equals(authType)) {
+ throw new RuntimeException("Inconsistent configuration: secure cluster, but ZK auth is "
+ + authType + " instead of sasl");
+ }
+ return conf;
+ }
+
@Override
public void startThreads() throws IOException {
String principalUser = LlapUtil.getUserNameFromPrincipal(
@@ -172,7 +184,8 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
String zkPath = "zkdtsm_" + clusterId;
LOG.info("Using {} as ZK secret manager path", zkPath);
zkConf.set(SecretManager.ZK_DTSM_ZNODE_WORKING_PATH, zkPath);
- setZkConfIfNotSet(zkConf, SecretManager.ZK_DTSM_ZK_AUTH_TYPE, "sasl");
+ // Hardcode SASL here. ZKDTSM only supports none or sasl and we never want none.
+ zkConf.set(SecretManager.ZK_DTSM_ZK_AUTH_TYPE, "sasl");
setZkConfIfNotSet(zkConf, SecretManager.ZK_DTSM_ZK_CONNECTION_STRING,
HiveConf.getVar(zkConf, ConfVars.LLAP_ZKSM_ZK_CONNECTION_STRING));