You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Peter Vary (Jira)" <ji...@apache.org> on 2019/12/06 10:30:00 UTC

[jira] [Commented] (HIVE-17218) Canonical-ize hostnames for Hive metastore, and HS2 servers.

    [ https://issues.apache.org/jira/browse/HIVE-17218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989618#comment-16989618 ] 

Peter Vary commented on HIVE-17218:
-----------------------------------

Created a jira to revert this change

> Canonical-ize hostnames for Hive metastore, and HS2 servers.
> ------------------------------------------------------------
>
>                 Key: HIVE-17218
>                 URL: https://issues.apache.org/jira/browse/HIVE-17218
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Metastore, Security
>    Affects Versions: 1.2.2, 2.2.0, 3.0.0
>            Reporter: Mithun Radhakrishnan
>            Assignee: Mithun Radhakrishnan
>            Priority: Major
>             Fix For: 3.0.0, 2.4.0
>
>         Attachments: HIVE-17218.1.patch
>
>
> Currently, the {{HiveMetastoreClient}} and {{HiveConnection}} do not canonical-ize the hostnames of the metastore/HS2 servers. In deployments where there are multiple such servers behind a VIP, this causes a number of inconveniences:
> # The client-side configuration (e.g. {{hive.metastore.uris}} in {{hive-site.xml}}) needs to specify the VIP's hostname, and cannot use a simplified CNAME, in the thrift URL. If the {{hive.metastore.kerberos.principal}} is specified using {{_HOST}}, one sees GSS failures as follows:
> {noformat}
> hive --hiveconf hive.metastore.kerberos.principal=hive/_HOST@GRID.MYTH.NET --hiveconf hive.metastore.uris="thrift://simplified-hcat-cname.grid.myth.net:56789"
> ...
> Exception in thread "main" java.lang.RuntimeException: java.lang.RuntimeException: Unable to instantiate org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient
>         at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:542)
>         at org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:677)
>         at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:621)
> ...
> {noformat}
> This is because {{_HOST}} is filled in with the CNAME, and not the canonicalized name.
> # Oozie workflows that use HCat {{<credential>}} have to always use the VIP hostname, and can't use {{_HOST}}-based service principals, if the CNAME differs from the VIP name.
> If the client-code simply canonical-ized the hostnames, it would enable the use of both simplified CNAMEs, and _HOST in service principals.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)