FAQ
Repository: hive
Updated Branches:
   refs/heads/master a4d207f4e -> 4df2a013f


HIVE-13044: Enable TLS encryption to HMS backend database (Reviewed by Chaoyu Tang, Yongzhi Chen)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/4df2a013
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/4df2a013
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/4df2a013

Branch: refs/heads/master
Commit: 4df2a013fa49b48ab0dcc00dba4d20ebe8126700
Parents: a4d207f
Author: Aihua Xu <aihuaxu@apache.org>
Authored: Fri Feb 12 15:18:45 2016 -0500
Committer: Aihua Xu <aihuaxu@apache.org>
Committed: Tue Feb 23 09:39:39 2016 -0500

----------------------------------------------------------------------
  .../org/apache/hadoop/hive/conf/HiveConf.java | 7 ++++++-
  .../hadoop/hive/metastore/ObjectStore.java | 21 ++++++++++++++++++++
  2 files changed, 27 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/4df2a013/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
----------------------------------------------------------------------
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index 48e8491..9cb626e 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -549,7 +549,12 @@ public class HiveConf extends Configuration {
          "Set this to true if multiple threads access metastore through JDO concurrently."),
      METASTORECONNECTURLKEY("javax.jdo.option.ConnectionURL",
          "jdbc:derby:;databaseName=metastore_db;create=true",
- "JDBC connect string for a JDBC metastore"),
+ "JDBC connect string for a JDBC metastore.\n" +
+ "To use SSL to encrypt/authenticate the connection, provide database-specific SSL flag in the connection URL.\n" +
+ "For example, jdbc:postgresql://myhost/db?ssl=true for postgres database."),
+ METASTORE_DBACCESS_SSL_PROPS("hive.metastore.dbaccess.ssl.properties", "",
+ "Comma-separated SSL properties for metastore to access database when JDO connection URL\n" +
+ "enables SSL access. e.g. javax.net.ssl.trustStore=/tmp/truststore,javax.net.ssl.trustStorePassword=pwd."),
      HMSHANDLERATTEMPTS("hive.hmshandler.retry.attempts", 10,
          "The number of times to retry a HMSHandler call if there were a connection error."),
      HMSHANDLERINTERVAL("hive.hmshandler.retry.interval", "2000ms",

http://git-wip-us.apache.org/repos/asf/hive/blob/4df2a013/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
----------------------------------------------------------------------
diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java b/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
index 8d05f49..d4852b0 100644
--- a/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
+++ b/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
@@ -269,6 +269,7 @@ public class ObjectStore implements RawStore, Configurable {
      try {
        isInitialized = false;
        hiveConf = conf;
+ configureSSL(conf);
        Properties propsFromConf = getDataSourceProps(conf);
        boolean propsChanged = !propsFromConf.equals(prop);

@@ -354,6 +355,25 @@ public class ObjectStore implements RawStore, Configurable {
      }
    }

+ /**
+ * Configure the SSL properties of the connection from provided config
+ * @param conf
+ */
+ private static void configureSSL(Configuration conf) {
+ // SSL support
+ String sslPropString = conf.get(HiveConf.ConfVars.METASTORE_DBACCESS_SSL_PROPS.varname);
+ if (org.apache.commons.lang.StringUtils.isNotEmpty(sslPropString)) {
+ LOG.info("Metastore setting SSL properties of the connection to backed DB");
+ for (String sslProp : sslPropString.split(",")) {
+ String[] pair = sslProp.trim().split("=");
+ if (pair != null && pair.length == 2) {
+ System.setProperty(pair[0].trim(), pair[1].trim());
+ } else {
+ LOG.warn("Invalid metastore property value for " + HiveConf.ConfVars.METASTORE_DBACCESS_SSL_PROPS);
+ }
+ }
+ }
+ }

    /**
     * Properties specified in hive-default.xml override the properties specified
@@ -393,6 +413,7 @@ public class ObjectStore implements RawStore, Configurable {
          }
        }
      }
+
      return prop;
    }

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 1 | next ›
Discussion Overview
groupcommits @
categorieshive, hadoop
postedFeb 23, '16 at 2:42p
activeFeb 23, '16 at 2:42p
posts1
users1
websitehive.apache.org

1 user in discussion

Aihuaxu: 1 post

People

Translate

site design / logo © 2021 Grokbase