You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by se...@apache.org on 2018/03/13 20:15:00 UTC
hive git commit: HIVE-18919 : remove separate keytab setting for ZK
in LLAP (Sergey Shelukhin, reviewed by Ashutosh Chauhan)
Repository: hive
Updated Branches:
refs/heads/master f9e6522c9 -> 446cb5da7
HIVE-18919 : remove separate keytab setting for ZK in LLAP (Sergey Shelukhin, reviewed by Ashutosh Chauhan)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/446cb5da
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/446cb5da
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/446cb5da
Branch: refs/heads/master
Commit: 446cb5da7c6bdba08db3ab9ecb517bb2c0344bfd
Parents: f9e6522
Author: sergey <se...@apache.org>
Authored: Tue Mar 13 13:10:25 2018 -0700
Committer: sergey <se...@apache.org>
Committed: Tue Mar 13 13:10:25 2018 -0700
----------------------------------------------------------------------
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java | 7 -------
.../org/apache/hadoop/hive/llap/security/SecretManager.java | 8 +++-----
.../org/apache/hadoop/hive/ql/processors/SetProcessor.java | 5 ++++-
3 files changed, 7 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/446cb5da/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
----------------------------------------------------------------------
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index aedd1ec..30c24d9 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -360,8 +360,6 @@ public class HiveConf extends Configuration {
llapDaemonVarsSetLocal.add(ConfVars.LLAP_IO_THREADPOOL_SIZE.varname);
llapDaemonVarsSetLocal.add(ConfVars.LLAP_KERBEROS_PRINCIPAL.varname);
llapDaemonVarsSetLocal.add(ConfVars.LLAP_KERBEROS_KEYTAB_FILE.varname);
- llapDaemonVarsSetLocal.add(ConfVars.LLAP_ZKSM_KERBEROS_PRINCIPAL.varname);
- llapDaemonVarsSetLocal.add(ConfVars.LLAP_ZKSM_KERBEROS_KEYTAB_FILE.varname);
llapDaemonVarsSetLocal.add(ConfVars.LLAP_ZKSM_ZK_CONNECTION_STRING.varname);
llapDaemonVarsSetLocal.add(ConfVars.LLAP_SECURITY_ACL.varname);
llapDaemonVarsSetLocal.add(ConfVars.LLAP_MANAGEMENT_ACL.varname);
@@ -3272,11 +3270,6 @@ public class HiveConf extends Configuration {
"The name of the LLAP daemon's service principal."),
LLAP_KERBEROS_KEYTAB_FILE("hive.llap.daemon.keytab.file", "",
"The path to the Kerberos Keytab file containing the LLAP daemon's service principal."),
- LLAP_ZKSM_KERBEROS_PRINCIPAL("hive.llap.zk.sm.principal", "",
- "The name of the principal to use to talk to ZooKeeper for ZooKeeper SecretManager."),
- LLAP_ZKSM_KERBEROS_KEYTAB_FILE("hive.llap.zk.sm.keytab.file", "",
- "The path to the Kerberos Keytab file containing the principal to use to talk to\n" +
- "ZooKeeper for ZooKeeper SecretManager."),
LLAP_WEBUI_SPNEGO_KEYTAB_FILE("hive.llap.webui.spnego.keytab", "",
"The path to the Kerberos Keytab file containing the LLAP WebUI SPNEGO principal.\n" +
"Typical value would look like /etc/security/keytabs/spnego.service.keytab."),
http://git-wip-us.apache.org/repos/asf/hive/blob/446cb5da/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
----------------------------------------------------------------------
diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
index de38e99..3723608 100644
--- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
+++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
@@ -165,8 +165,6 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
private static LlapZkConf createLlapZkConf(
Configuration conf, String llapPrincipal, String llapKeytab, String clusterId) {
- String principal = HiveConf.getVar(conf, ConfVars.LLAP_ZKSM_KERBEROS_PRINCIPAL, llapPrincipal);
- String keyTab = HiveConf.getVar(conf, ConfVars.LLAP_ZKSM_KERBEROS_KEYTAB_FILE, llapKeytab);
// Override the default delegation token lifetime for LLAP.
// Also set all the necessary ZK settings to defaults and LLAP configs, if not set.
final Configuration zkConf = new Configuration(conf);
@@ -176,11 +174,11 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
zkConf.setLong(DelegationTokenManager.RENEW_INTERVAL, tokenLifetime);
try {
zkConf.set(ZK_DTSM_ZK_KERBEROS_PRINCIPAL,
- SecurityUtil.getServerPrincipal(principal, "0.0.0.0"));
+ SecurityUtil.getServerPrincipal(llapPrincipal, "0.0.0.0"));
} catch (IOException e) {
throw new RuntimeException(e);
}
- zkConf.set(ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab);
+ zkConf.set(ZK_DTSM_ZK_KERBEROS_KEYTAB, llapKeytab);
String zkPath = "zkdtsm_" + clusterId;
LOG.info("Using {} as ZK secret manager path", zkPath);
zkConf.set(ZK_DTSM_ZNODE_WORKING_PATH, zkPath);
@@ -199,7 +197,7 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
UserGroupInformation zkUgi = null;
try {
- zkUgi = LlapUtil.loginWithKerberos(principal, keyTab);
+ zkUgi = LlapUtil.loginWithKerberos(llapPrincipal, llapKeytab);
} catch (IOException e) {
throw new RuntimeException(e);
}
http://git-wip-us.apache.org/repos/asf/hive/blob/446cb5da/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java b/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java
index db0fef1..4ede853 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java
@@ -58,7 +58,10 @@ public class SetProcessor implements CommandProcessor {
private static final Set<String> removedConfigs =
Sets.newHashSet("hive.mapred.supports.subdirectories",
"hive.enforce.sorting","hive.enforce.bucketing",
- "hive.outerjoin.supports.filters");
+ "hive.outerjoin.supports.filters",
+ "hive.llap.zk.sm.principal",
+ "hive.llap.zk.sm.keytab.file"
+ );
// Allow the user to set the ORC properties without getting an error.
static {
for(OrcConf var: OrcConf.values()) {