You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Peter Vary (Jira)" <ji...@apache.org> on 2019/12/06 10:30:00 UTC
[jira] [Commented] (HIVE-17218) Canonical-ize hostnames for Hive
metastore, and HS2 servers.
[ https://issues.apache.org/jira/browse/HIVE-17218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989618#comment-16989618 ]
Peter Vary commented on HIVE-17218:
-----------------------------------
Created a jira to revert this change
> Canonical-ize hostnames for Hive metastore, and HS2 servers.
> ------------------------------------------------------------
>
> Key: HIVE-17218
> URL: https://issues.apache.org/jira/browse/HIVE-17218
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2, Metastore, Security
> Affects Versions: 1.2.2, 2.2.0, 3.0.0
> Reporter: Mithun Radhakrishnan
> Assignee: Mithun Radhakrishnan
> Priority: Major
> Fix For: 3.0.0, 2.4.0
>
> Attachments: HIVE-17218.1.patch
>
>
> Currently, the {{HiveMetastoreClient}} and {{HiveConnection}} do not canonical-ize the hostnames of the metastore/HS2 servers. In deployments where there are multiple such servers behind a VIP, this causes a number of inconveniences:
> # The client-side configuration (e.g. {{hive.metastore.uris}} in {{hive-site.xml}}) needs to specify the VIP's hostname, and cannot use a simplified CNAME, in the thrift URL. If the {{hive.metastore.kerberos.principal}} is specified using {{_HOST}}, one sees GSS failures as follows:
> {noformat}
> hive --hiveconf hive.metastore.kerberos.principal=hive/_HOST@GRID.MYTH.NET --hiveconf hive.metastore.uris="thrift://simplified-hcat-cname.grid.myth.net:56789"
> ...
> Exception in thread "main" java.lang.RuntimeException: java.lang.RuntimeException: Unable to instantiate org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient
> at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:542)
> at org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:677)
> at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:621)
> ...
> {noformat}
> This is because {{_HOST}} is filled in with the CNAME, and not the canonicalized name.
> # Oozie workflows that use HCat {{<credential>}} have to always use the VIP hostname, and can't use {{_HOST}}-based service principals, if the CNAME differs from the VIP name.
> If the client-code simply canonical-ized the hostnames, it would enable the use of both simplified CNAMEs, and _HOST in service principals.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)