hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Morio Ramdenbourg (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-20992) Split the config "hive.metastore.dbaccess.ssl.properties" into more meaningful configs
Date Fri, 30 Nov 2018 22:50:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-20992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Morio Ramdenbourg updated HIVE-20992:
-------------------------------------
    Description: 
HIVE-13044 brought in the ability to enable TLS encryption from the HMS Service to the HMSDB
by configuring the following two properties:
 # _javax.jdo.option.ConnectionURL_: JDBC connect string for a JDBC metastore. To use SSL
to encrypt/authenticate the connection, provide database-specific SSL flag in the connection
URL. (E.g. "jdbc:postgresql://myhost/db?ssl=true")
 # _hive.metastore.dbaccess.ssl.properties_: Comma-separated SSL properties for metastore
to access database when JDO connection URL. (E.g. javax.net.ssl.trustStore=/tmp/truststore,javax.net.ssl.trustStorePassword=pwd)

However, the latter configuration option is opaque and poses some problems. The most glaring
of which is it takes in _any_ [java.lang.System|https://docs.oracle.com/javase/7/docs/api/java/lang/System.html]
system property, whether it is [TLS-related|https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization]
or not. This can cause some unintended side-effects for other components of the HMS, especially
if it overrides an already-set system property. If the user truly wishes to add an unrelated
Java property, setting it statically using the "-D" option of the _java_ command is more appropriate.

I propose we split _hive.metastore.dbaccess.ssl.properties_ into the following properties:
 * *_hive.metastore.dbaccess.ssl.use.SSL_* - Set this to true to use TLS encryption from the
HMS Service to the HMSDB
 * *_hive.metastore.dbaccess.ssl.truststore.path_* - TLS truststore file location
 * *_hive.metastore.dbaccess.ssl.truststore.password_* - Password of the truststore file

We should guide the user towards an easier TLS configuration experience. This is the minimum required
properties to configure TLS to the HMSDB. If we need other options, such as the keystore
location/password for dual-authentication, then we can add those on afterwards.

Also, document these changes - [javax.jdo.option.ConnectionURL|https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-javax.jdo.option.ConnectionURL]
does not have up-to-date documentation, and these new parameters will need documentation as
well.

Note "TLS" refers to both SSL and TLS. TLS is simply the successor of SSL.

  was:
HIVE-13044 brought in the ability to enable TLS encryption from the HMS Service to the HMSDB
by configuring the following two properties:
 # _javax.jdo.option.ConnectionURL_: JDBC connect string for a JDBC metastore. To use SSL
to encrypt/authenticate the connection, provide database-specific SSL flag in the connection
URL. (E.g. "jdbc:postgresql://myhost/db?ssl=true")
 # _hive.metastore.dbaccess.ssl.properties_: Comma-separated SSL properties for metastore
to access database when JDO connection URL. (E.g. javax.net.ssl.trustStore=/tmp/truststore,javax.net.ssl.trustStorePassword=pwd)

However, the latter configuration option is opaque and poses some problems. The most glaring
of which is it takes in _any_ [java.lang.System|https://docs.oracle.com/javase/7/docs/api/java/lang/System.html]
system property, whether it is [TLS-related|https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization]
or not. This can cause some unintended side-effects for other components of the HMS, especially
if it overrides an already-set system property. If the user truly wishes to add an unrelated
Java property, setting it statically using the "-D" option of the _java_ command is more appropriate.

I propose we split _hive.metastore.dbaccess.ssl.properties_ into the following properties:
 * *_hive.metastore.dbaccess.ssl.use.SSL_* - Set this to true to use TLS encryption from the
HMS Service to the HMSDB
 * *_hive.metastore.dbaccess.ssl.truststore.path_* - TLS truststore file location
 * *_hive.metastore.dbaccess.ssl.truststore.password_* - Password of the truststore file

We should guide the user towards an easier TLS configuration experience. This is the minimum
requirement to configure TLS to the HMSDB. If we need other options, such as the keystore
location/password for dual-authentication, then we can add those on afterwards.

Also, document these changes - [javax.jdo.option.ConnectionURL|https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-javax.jdo.option.ConnectionURL]
does not have up-to-date documentation, and these new parameters will need documentation as
well.

Note "TLS" refers to both SSL and TLS. TLS is simply the successor of SSL.


> Split the config "hive.metastore.dbaccess.ssl.properties" into more meaningful configs
> --------------------------------------------------------------------------------------
>
>                 Key: HIVE-20992
>                 URL: https://issues.apache.org/jira/browse/HIVE-20992
>             Project: Hive
>          Issue Type: Improvement
>          Components: Metastore, Security, Standalone Metastore
>    Affects Versions: 4.0.0
>            Reporter: Morio Ramdenbourg
>            Assignee: Morio Ramdenbourg
>            Priority: Minor
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> HIVE-13044 brought in the ability to enable TLS encryption from the HMS Service to the
HMSDB by configuring the following two properties:
>  # _javax.jdo.option.ConnectionURL_: JDBC connect string for a JDBC metastore. To use
SSL to encrypt/authenticate the connection, provide database-specific SSL flag in the connection
URL. (E.g. "jdbc:postgresql://myhost/db?ssl=true")
>  # _hive.metastore.dbaccess.ssl.properties_: Comma-separated SSL properties for metastore
to access database when JDO connection URL. (E.g. javax.net.ssl.trustStore=/tmp/truststore,javax.net.ssl.trustStorePassword=pwd)
> However, the latter configuration option is opaque and poses some problems. The most
glaring of which is it takes in _any_ [java.lang.System|https://docs.oracle.com/javase/7/docs/api/java/lang/System.html]
system property, whether it is [TLS-related|https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization]
or not. This can cause some unintended side-effects for other components of the HMS, especially
if it overrides an already-set system property. If the user truly wishes to add an unrelated
Java property, setting it statically using the "-D" option of the _java_ command is more appropriate.
> I propose we split _hive.metastore.dbaccess.ssl.properties_ into the following properties:
>  * *_hive.metastore.dbaccess.ssl.use.SSL_* - Set this to true to use TLS encryption from
the HMS Service to the HMSDB
>  * *_hive.metastore.dbaccess.ssl.truststore.path_* - TLS truststore file location
>  * *_hive.metastore.dbaccess.ssl.truststore.password_* - Password of the truststore file
> We should guide the user towards an easier TLS configuration experience. This is the
minimum required properties to configure TLS to the HMSDB. If we need other options, such
as the keystore location/password for dual-authentication, then we can add those on afterwards.
> Also, document these changes - [javax.jdo.option.ConnectionURL|https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-javax.jdo.option.ConnectionURL]
does not have up-to-date documentation, and these new parameters will need documentation as
well.
> Note "TLS" refers to both SSL and TLS. TLS is simply the successor of SSL.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message