Grokbase Groups Hive commits May 2014
FAQ
Author: jdere
Date: Thu May 1 01:18:29 2014
New Revision: 1591528

URL: http://svn.apache.org/r1591528
Log:
HIVE-6741: HiveServer2 startup fails in secure (kerberos) mode due to backward incompatible hadoop change (Vaibhav Gumashta via Jason Dere)

Modified:
     hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
     hive/trunk/conf/hive-default.xml.template
     hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
     hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java

Modified: hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
URL: http://svn.apache.org/viewvc/hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (original)
+++ hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java Thu May 1 01:18:29 2014
@@ -884,6 +884,9 @@ public class HiveConf extends Configurat
      // binary transport settings
      HIVE_SERVER2_THRIFT_PORT("hive.server2.thrift.port", 10000),
      HIVE_SERVER2_THRIFT_BIND_HOST("hive.server2.thrift.bind.host", ""),
+ // hadoop.rpc.protection being set to a higher level than HiveServer2
+ // does not make sense in most situations.
+ // HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop.
      HIVE_SERVER2_THRIFT_SASL_QOP("hive.server2.thrift.sasl.qop", "auth",
          new StringsValidator("auth", "auth-int", "auth-conf")),
      HIVE_SERVER2_THRIFT_MIN_WORKER_THREADS("hive.server2.thrift.min.worker.threads", 5),

Modified: hive/trunk/conf/hive-default.xml.template
URL: http://svn.apache.org/viewvc/hive/trunk/conf/hive-default.xml.template?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/conf/hive-default.xml.template (original)
+++ hive/trunk/conf/hive-default.xml.template Thu May 1 01:18:29 2014
@@ -2321,7 +2321,9 @@
    <name>hive.server2.thrift.sasl.qop</name>
    <value>auth</value>
    <description>Sasl QOP value; Set it to one of following values to enable higher levels of
- protection for HiveServer2 communication with clients.
+ protection for HiveServer2 communication with clients. hadoop.rpc.protection being set
+ to a higher level than HiveServer2 does not make sense in most situations.
+ HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop.
        "auth" - authentication only (default)
        "auth-int" - authentication plus integrity protection
        "auth-conf" - authentication plus integrity and confidentiality protection

Modified: hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
URL: http://svn.apache.org/viewvc/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java (original)
+++ hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java Thu May 1 01:18:29 2014
@@ -1473,6 +1473,8 @@ public class MetaStoreUtils {
    /**
     * Read and return the meta store Sasl configuration. Currently it uses the default
     * Hadoop SASL configuration and can be configured using "hadoop.rpc.protection"
+ * HADOOP-10211, made a backward incompatible change due to which this call doesn't
+ * work with Hadoop 2.4.0 and later.
     * @param conf
     * @return The SASL configuration
     */

Modified: hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java Thu May 1 01:18:29 2014
@@ -21,7 +21,6 @@ import java.io.IOException;
  import java.net.InetAddress;
  import java.net.InetSocketAddress;
  import java.net.UnknownHostException;
-import java.text.MessageFormat;
  import java.util.HashMap;
  import java.util.Map;

@@ -111,16 +110,6 @@ public class HiveAuthFactory {
      Map<String, String> saslProps = new HashMap<String, String>();
      SaslQOP saslQOP =
          SaslQOP.fromString(conf.getVar(ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP));
- // hadoop.rpc.protection being set to a higher level than hive.server2.thrift.rpc.protection
- // does not make sense in most situations. Log warning message in such cases.
- Map<String, String> hadoopSaslProps = ShimLoader.getHadoopThriftAuthBridge().
- getHadoopSaslProperties(conf);
- SaslQOP hadoopSaslQOP = SaslQOP.fromString(hadoopSaslProps.get(Sasl.QOP));
- if(hadoopSaslQOP.ordinal() > saslQOP.ordinal()) {
- LOG.warn(MessageFormat.format("\"hadoop.rpc.protection\" is set to higher security level " +
- "{0} then {1} which is set to {2}", hadoopSaslQOP.toString(),
- ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP.varname, saslQOP.toString()));
- }
      saslProps.put(Sasl.QOP, saslQOP.toString());
      saslProps.put(Sasl.SERVER_AUTH, "true");
      return saslProps;

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommits @
categorieshive, hadoop
postedMay 1, '14 at 1:37a
activeMay 1, '14 at 1:37a
posts1
users1
websitehive.apache.org

1 user in discussion

Jdere: 1 post

People

Translate

site design / logo © 2021 Grokbase