Mithun Radhakrishnan created HIVE-17218:
-------------------------------------------
Summary: Canonical-ize hostnames for Hive metastore, and HS2
servers.
Key: HIVE-17218
URL: https://issues.apache.org/jira/browse/HIVE-17218
Project: Hive
Issue Type: Bug
Components: HiveServer2, Metastore, Security
Affects Versions: 2.2.0, 1.2.2, 3.0.0
Reporter: Mithun Radhakrishnan
Assignee: Mithun Radhakrishnan
Currently, the {{HiveMetastoreClient}} and {{HiveConnection}} do not
canonical-ize the hostnames of the metastore/HS2 servers. In deployments where
there are multiple such servers behind a VIP, this causes a number of
inconveniences:
# The client-side configuration (e.g. {{hive.metastore.uris}} in
{{hive-site.xml}}) needs to specify the VIP's hostname, and cannot use a
simplified CNAME, in the thrift URL. If the
{{hive.metastore.kerberos.principal}} is specified using {{_HOST}}, one sees
GSS failures as follows:
{noformat}
hive --hiveconf hive.metastore.kerberos.principal=hive/[email protected]
--hiveconf
hive.metastore.uris="thrift://simplified-hcat-cname.grid.myth.net:56789"
...
Exception in thread "main" java.lang.RuntimeException:
java.lang.RuntimeException: Unable to instantiate
org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient
at
org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:542)
at org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:677)
at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:621)
...
{noformat}
This is because {{_HOST}} is filled in with the CNAME, and not the
canonicalized name.
# Oozie workflows that use HCat {{<credential>}} have to always use the VIP
hostname, and can't use {{_HOST}}-based service principals, if the CNAME
differs from the VIP name.
If the client-code simply canonical-ized the hostnames, it would enable the use
of both simplified CNAMEs, and _HOST in service principals.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
