hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mithun Radhakrishnan (JIRA)" <>
Subject [jira] [Created] (HIVE-17218) Canonical-ize hostnames for Hive metastore, and HS2 servers.
Date Mon, 31 Jul 2017 21:27:00 GMT
Mithun Radhakrishnan created HIVE-17218:

             Summary: Canonical-ize hostnames for Hive metastore, and HS2 servers.
                 Key: HIVE-17218
             Project: Hive
          Issue Type: Bug
          Components: HiveServer2, Metastore, Security
    Affects Versions: 2.2.0, 1.2.2, 3.0.0
            Reporter: Mithun Radhakrishnan
            Assignee: Mithun Radhakrishnan

Currently, the {{HiveMetastoreClient}} and {{HiveConnection}} do not canonical-ize the hostnames
of the metastore/HS2 servers. In deployments where there are multiple such servers behind
a VIP, this causes a number of inconveniences:
# The client-side configuration (e.g. {{hive.metastore.uris}} in {{hive-site.xml}}) needs
to specify the VIP's hostname, and cannot use a simplified CNAME, in the thrift URL. If the
{{hive.metastore.kerberos.principal}} is specified using {{_HOST}}, one sees GSS failures
as follows:
hive --hiveconf hive.metastore.kerberos.principal=hive/_HOST@GRID.MYTH.NET --hiveconf hive.metastore.uris="thrift://"
Exception in thread "main" java.lang.RuntimeException: java.lang.RuntimeException: Unable
to instantiate org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient
        at org.apache.hadoop.hive.ql.session.SessionState.start(
        at org.apache.hadoop.hive.cli.CliDriver.main(
This is because {{_HOST}} is filled in with the CNAME, and not the canonicalized name.
# Oozie workflows that use HCat {{<credential>}} have to always use the VIP hostname,
and can't use {{_HOST}}-based service principals, if the CNAME differs from the VIP name.

If the client-code simply canonical-ized the hostnames, it would enable the use of both simplified
CNAMEs, and _HOST in service principals.

This message was sent by Atlassian JIRA

View raw message