Copilot commented on code in PR #752:
URL: https://github.com/apache/ranger/pull/752#discussion_r2575436132
##########
dev-support/ranger-docker/scripts/hive/ranger-hive.sh:
##########
@@ -91,11 +91,11 @@ cd "${HIVE_HOME}" || exit
# Start Hive MetaStore
echo "Starting Hive MetaStore..."
-su -c "nohup ${HIVE_HOME}/bin/hive --service metastore > metastore.log 2>&1 &"
hive
+su -c "export HADOOP_CLIENT_OPTS='${HADOOP_CLIENT_OPTS}
-Dlog4j2.configurationFile=file:${HIVE_HOME}/conf/hive-metastore-log4j2.properties'
&& nohup ${HIVE_HOME}/bin/hive --service metastore &" hive
Review Comment:
[nitpick] The removal of output redirection (`> metastore.log 2>&1`) means
that stdout and stderr from the metastore process will now go to the
console/container logs instead of being suppressed. While log4j2 will handle
application logging to `/opt/hive/logs/metastore.log`, any startup messages or
errors written directly to stdout/stderr will now clutter the container logs.
Consider adding `> /dev/null 2>&1` after the `&` to suppress console output
while relying on log4j2 for proper logging, or redirecting to a startup log
file if startup diagnostics are needed.
```suggestion
su -c "export HADOOP_CLIENT_OPTS='${HADOOP_CLIENT_OPTS}
-Dlog4j2.configurationFile=file:${HIVE_HOME}/conf/hive-metastore-log4j2.properties'
&& nohup ${HIVE_HOME}/bin/hive --service metastore > /dev/null 2>&1 &" hive
```
##########
dev-support/ranger-docker/scripts/hive/ranger-hive.sh:
##########
@@ -91,11 +91,11 @@ cd "${HIVE_HOME}" || exit
# Start Hive MetaStore
echo "Starting Hive MetaStore..."
-su -c "nohup ${HIVE_HOME}/bin/hive --service metastore > metastore.log 2>&1 &"
hive
+su -c "export HADOOP_CLIENT_OPTS='${HADOOP_CLIENT_OPTS}
-Dlog4j2.configurationFile=file:${HIVE_HOME}/conf/hive-metastore-log4j2.properties'
&& nohup ${HIVE_HOME}/bin/hive --service metastore &" hive
# Start HiveServer2
echo "Starting HiveServer2..."
-su -c "nohup ${HIVE_HOME}/bin/hiveserver2 > hive-server2.log 2>&1 &" hive
+su -c "export HADOOP_CLIENT_OPTS='${HADOOP_CLIENT_OPTS}
-Dlog4j2.configurationFile=file:${HIVE_HOME}/conf/hive-log4j2.properties' &&
nohup ${HIVE_HOME}/bin/hiveserver2 &" hive
Review Comment:
[nitpick] The removal of output redirection (`> hive-server2.log 2>&1`)
means that stdout and stderr from the HiveServer2 process will now go to the
console/container logs instead of being suppressed. While log4j2 will handle
application logging to `/opt/hive/logs/hiveserver2.log`, any startup messages
or errors written directly to stdout/stderr will now clutter the container
logs. Consider adding `> /dev/null 2>&1` after the `&` to suppress console
output while relying on log4j2 for proper logging, or redirecting to a startup
log file if startup diagnostics are needed.
```suggestion
su -c "export HADOOP_CLIENT_OPTS='${HADOOP_CLIENT_OPTS}
-Dlog4j2.configurationFile=file:${HIVE_HOME}/conf/hive-log4j2.properties' &&
nohup ${HIVE_HOME}/bin/hiveserver2 > /dev/null 2>&1 &" hive
```
##########
dev-support/ranger-docker/scripts/hive/hive-log4j2.properties:
##########
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = INFO
+name = HiveLog4j2
+packages = org.apache.hadoop.hive.ql.log
+
+# list of properties
+# Change to DEBUG for detailed troubleshooting
+property.hive.log.level = DEBUG
Review Comment:
[nitpick] The HiveServer2 log level is set to DEBUG while the HiveMetaStore
log level is set to INFO. This inconsistency may be intentional for debugging
purposes, but for production environments, consider using INFO level for both
services to reduce log verbosity and storage requirements. If DEBUG level is
needed temporarily, document this in a comment or ensure it's reverted before
production deployment.
```suggestion
property.hive.log.level = INFO
```
##########
dev-support/ranger-docker/scripts/hive/hive-log4j2.properties:
##########
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = INFO
+name = HiveLog4j2
+packages = org.apache.hadoop.hive.ql.log
+
+# list of properties
+# Change to DEBUG for detailed troubleshooting
+property.hive.log.level = DEBUG
+property.hive.root.logger = DRFA
+property.hive.log.dir = /opt/hive/logs
+property.hive.log.file = hiveserver2.log
+property.hive.perflogger.log.level = INFO
+
+# list of all appenders
+appenders = console, DRFA
+
+# console appender
+appender.console.type = Console
+appender.console.name = console
+appender.console.target = SYSTEM_ERR
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+
+# daily rolling file appender
+appender.DRFA.type = RollingRandomAccessFile
+appender.DRFA.name = DRFA
+appender.DRFA.fileName = ${hive.log.dir}/${hive.log.file}
+# Use %pid in the filePattern to append <process-id>@<host-name> to the
filename if you want separate log files for different CLI session
+appender.DRFA.filePattern = ${hive.log.dir}/${hive.log.file}.%d{yyyy-MM-dd}
+appender.DRFA.layout.type = PatternLayout
+appender.DRFA.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+appender.DRFA.policies.type = Policies
+appender.DRFA.policies.time.type = TimeBasedTriggeringPolicy
+appender.DRFA.policies.time.interval = 1
+appender.DRFA.policies.time.modulate = true
+appender.DRFA.strategy.type = DefaultRolloverStrategy
+appender.DRFA.strategy.max = 30
+
+# list of all loggers
+loggers = NIOServerCnxn, ClientCnxnSocketNIO, DataNucleus, Datastore, JPOX,
PerfLogger, AmazonAws, ApacheHttp, RangerAuth
+
+logger.NIOServerCnxn.name = org.apache.zookeeper.server.NIOServerCnxn
+logger.NIOServerCnxn.level = WARN
+
+logger.ClientCnxnSocketNIO.name = org.apache.zookeeper.ClientCnxnSocketNIO
+logger.ClientCnxnSocketNIO.level = WARN
+
+logger.DataNucleus.name = DataNucleus
+logger.DataNucleus.level = ERROR
+
+logger.Datastore.name = Datastore
+logger.Datastore.level = ERROR
+
+logger.JPOX.name = JPOX
+logger.JPOX.level = ERROR
+
+logger.AmazonAws.name=com.amazonaws
+logger.AmazonAws.level = INFO
+
+logger.ApacheHttp.name=org.apache.http
+logger.ApacheHttp.level = INFO
+
+logger.PerfLogger.name = org.apache.hadoop.hive.ql.log.PerfLogger
+logger.PerfLogger.level = ${hive.perflogger.log.level}
+
+# Ranger authorization logger
+logger.RangerAuth.name = org.apache.ranger
+logger.RangerAuth.level = DEBUG
Review Comment:
[nitpick] The Ranger authorization logger is set to DEBUG level, which will
produce verbose logging. While this is useful for debugging Ranger integration
issues in a development environment, consider using INFO level for production
deployments to reduce log volume and improve performance.
```suggestion
logger.RangerAuth.level = INFO
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
