hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jd...@apache.org
Subject svn commit: r1591528 - in /hive/trunk: common/src/java/org/apache/hadoop/hive/conf/ conf/ metastore/src/java/org/apache/hadoop/hive/metastore/ service/src/java/org/apache/hive/service/auth/
Date Thu, 01 May 2014 01:18:29 GMT
Author: jdere
Date: Thu May  1 01:18:29 2014
New Revision: 1591528

URL: http://svn.apache.org/r1591528
Log:
HIVE-6741: HiveServer2 startup fails in secure (kerberos) mode due to backward incompatible
hadoop change (Vaibhav Gumashta via Jason Dere)

Modified:
    hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
    hive/trunk/conf/hive-default.xml.template
    hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
    hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java

Modified: hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
URL: http://svn.apache.org/viewvc/hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (original)
+++ hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java Thu May  1 01:18:29
2014
@@ -884,6 +884,9 @@ public class HiveConf extends Configurat
     // binary transport settings
     HIVE_SERVER2_THRIFT_PORT("hive.server2.thrift.port", 10000),
     HIVE_SERVER2_THRIFT_BIND_HOST("hive.server2.thrift.bind.host", ""),
+    // hadoop.rpc.protection being set to a higher level than HiveServer2
+    // does not make sense in most situations.
+    // HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop.
     HIVE_SERVER2_THRIFT_SASL_QOP("hive.server2.thrift.sasl.qop", "auth",
         new StringsValidator("auth", "auth-int", "auth-conf")),
     HIVE_SERVER2_THRIFT_MIN_WORKER_THREADS("hive.server2.thrift.min.worker.threads", 5),

Modified: hive/trunk/conf/hive-default.xml.template
URL: http://svn.apache.org/viewvc/hive/trunk/conf/hive-default.xml.template?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/conf/hive-default.xml.template (original)
+++ hive/trunk/conf/hive-default.xml.template Thu May  1 01:18:29 2014
@@ -2321,7 +2321,9 @@
   <name>hive.server2.thrift.sasl.qop</name>
   <value>auth</value>
   <description>Sasl QOP value; Set it to one of following values to enable higher levels
of
-     protection for HiveServer2 communication with clients.
+     protection for HiveServer2 communication with clients. hadoop.rpc.protection being set

+     to a higher level than HiveServer2 does not make sense in most situations. 
+     HiveServer2 ignores hadoop.rpc.protection in favor of hive.server2.thrift.sasl.qop.
       "auth" - authentication only (default)
       "auth-int" - authentication plus integrity protection
       "auth-conf" - authentication plus integrity and confidentiality protection

Modified: hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
URL: http://svn.apache.org/viewvc/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java (original)
+++ hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java Thu
May  1 01:18:29 2014
@@ -1473,6 +1473,8 @@ public class MetaStoreUtils {
   /**
    * Read and return the meta store Sasl configuration. Currently it uses the default
    * Hadoop SASL configuration and can be configured using "hadoop.rpc.protection"
+   * HADOOP-10211, made a backward incompatible change due to which this call doesn't
+   * work with Hadoop 2.4.0 and later.
    * @param conf
    * @return The SASL configuration
    */

Modified: hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java?rev=1591528&r1=1591527&r2=1591528&view=diff
==============================================================================
--- hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java (original)
+++ hive/trunk/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java Thu May
 1 01:18:29 2014
@@ -21,7 +21,6 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
-import java.text.MessageFormat;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -111,16 +110,6 @@ public class HiveAuthFactory {
     Map<String, String> saslProps = new HashMap<String, String>();
     SaslQOP saslQOP =
         SaslQOP.fromString(conf.getVar(ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP));
-    // hadoop.rpc.protection being set to a higher level than hive.server2.thrift.rpc.protection
-    // does not make sense in most situations. Log warning message in such cases.
-    Map<String, String> hadoopSaslProps =  ShimLoader.getHadoopThriftAuthBridge().
-        getHadoopSaslProperties(conf);
-    SaslQOP hadoopSaslQOP = SaslQOP.fromString(hadoopSaslProps.get(Sasl.QOP));
-    if(hadoopSaslQOP.ordinal() > saslQOP.ordinal()) {
-      LOG.warn(MessageFormat.format("\"hadoop.rpc.protection\" is set to higher security
level " +
-          "{0} then {1} which is set to {2}", hadoopSaslQOP.toString(),
-          ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP.varname, saslQOP.toString()));
-    }
     saslProps.put(Sasl.QOP, saslQOP.toString());
     saslProps.put(Sasl.SERVER_AUTH, "true");
     return saslProps;



Mime
View raw message