Repository: hive Updated Branches: refs/heads/master f9e6522c9 -> 446cb5da7
HIVE-18919 : remove separate keytab setting for ZK in LLAP (Sergey Shelukhin, reviewed by Ashutosh Chauhan) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/446cb5da Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/446cb5da Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/446cb5da Branch: refs/heads/master Commit: 446cb5da7c6bdba08db3ab9ecb517bb2c0344bfd Parents: f9e6522 Author: sergey <ser...@apache.org> Authored: Tue Mar 13 13:10:25 2018 -0700 Committer: sergey <ser...@apache.org> Committed: Tue Mar 13 13:10:25 2018 -0700 ---------------------------------------------------------------------- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java | 7 ------- .../org/apache/hadoop/hive/llap/security/SecretManager.java | 8 +++----- .../org/apache/hadoop/hive/ql/processors/SetProcessor.java | 5 ++++- 3 files changed, 7 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/446cb5da/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java ---------------------------------------------------------------------- diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index aedd1ec..30c24d9 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -360,8 +360,6 @@ public class HiveConf extends Configuration { llapDaemonVarsSetLocal.add(ConfVars.LLAP_IO_THREADPOOL_SIZE.varname); llapDaemonVarsSetLocal.add(ConfVars.LLAP_KERBEROS_PRINCIPAL.varname); llapDaemonVarsSetLocal.add(ConfVars.LLAP_KERBEROS_KEYTAB_FILE.varname); - llapDaemonVarsSetLocal.add(ConfVars.LLAP_ZKSM_KERBEROS_PRINCIPAL.varname); - llapDaemonVarsSetLocal.add(ConfVars.LLAP_ZKSM_KERBEROS_KEYTAB_FILE.varname); llapDaemonVarsSetLocal.add(ConfVars.LLAP_ZKSM_ZK_CONNECTION_STRING.varname); llapDaemonVarsSetLocal.add(ConfVars.LLAP_SECURITY_ACL.varname); llapDaemonVarsSetLocal.add(ConfVars.LLAP_MANAGEMENT_ACL.varname); @@ -3272,11 +3270,6 @@ public class HiveConf extends Configuration { "The name of the LLAP daemon's service principal."), LLAP_KERBEROS_KEYTAB_FILE("hive.llap.daemon.keytab.file", "", "The path to the Kerberos Keytab file containing the LLAP daemon's service principal."), - LLAP_ZKSM_KERBEROS_PRINCIPAL("hive.llap.zk.sm.principal", "", - "The name of the principal to use to talk to ZooKeeper for ZooKeeper SecretManager."), - LLAP_ZKSM_KERBEROS_KEYTAB_FILE("hive.llap.zk.sm.keytab.file", "", - "The path to the Kerberos Keytab file containing the principal to use to talk to\n" + - "ZooKeeper for ZooKeeper SecretManager."), LLAP_WEBUI_SPNEGO_KEYTAB_FILE("hive.llap.webui.spnego.keytab", "", "The path to the Kerberos Keytab file containing the LLAP WebUI SPNEGO principal.\n" + "Typical value would look like /etc/security/keytabs/spnego.service.keytab."), http://git-wip-us.apache.org/repos/asf/hive/blob/446cb5da/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java ---------------------------------------------------------------------- diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java index de38e99..3723608 100644 --- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java +++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java @@ -165,8 +165,6 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent private static LlapZkConf createLlapZkConf( Configuration conf, String llapPrincipal, String llapKeytab, String clusterId) { - String principal = HiveConf.getVar(conf, ConfVars.LLAP_ZKSM_KERBEROS_PRINCIPAL, llapPrincipal); - String keyTab = HiveConf.getVar(conf, ConfVars.LLAP_ZKSM_KERBEROS_KEYTAB_FILE, llapKeytab); // Override the default delegation token lifetime for LLAP. // Also set all the necessary ZK settings to defaults and LLAP configs, if not set. final Configuration zkConf = new Configuration(conf); @@ -176,11 +174,11 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent zkConf.setLong(DelegationTokenManager.RENEW_INTERVAL, tokenLifetime); try { zkConf.set(ZK_DTSM_ZK_KERBEROS_PRINCIPAL, - SecurityUtil.getServerPrincipal(principal, "0.0.0.0")); + SecurityUtil.getServerPrincipal(llapPrincipal, "0.0.0.0")); } catch (IOException e) { throw new RuntimeException(e); } - zkConf.set(ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab); + zkConf.set(ZK_DTSM_ZK_KERBEROS_KEYTAB, llapKeytab); String zkPath = "zkdtsm_" + clusterId; LOG.info("Using {} as ZK secret manager path", zkPath); zkConf.set(ZK_DTSM_ZNODE_WORKING_PATH, zkPath); @@ -199,7 +197,7 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent UserGroupInformation zkUgi = null; try { - zkUgi = LlapUtil.loginWithKerberos(principal, keyTab); + zkUgi = LlapUtil.loginWithKerberos(llapPrincipal, llapKeytab); } catch (IOException e) { throw new RuntimeException(e); } http://git-wip-us.apache.org/repos/asf/hive/blob/446cb5da/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java b/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java index db0fef1..4ede853 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/processors/SetProcessor.java @@ -58,7 +58,10 @@ public class SetProcessor implements CommandProcessor { private static final Set<String> removedConfigs = Sets.newHashSet("hive.mapred.supports.subdirectories", "hive.enforce.sorting","hive.enforce.bucketing", - "hive.outerjoin.supports.filters"); + "hive.outerjoin.supports.filters", + "hive.llap.zk.sm.principal", + "hive.llap.zk.sm.keytab.file" + ); // Allow the user to set the ORC properties without getting an error. static { for(OrcConf var: OrcConf.values()) {