----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56191/ -----------------------------------------------------------
Review request for sentry, Alexander Kolbasov, Hao Hao, kalyan kumar kalvagadda, and Vadim Spector. Repository: sentry Description ------- SENTRY-1619: Fix the secure HMS connection code in HMSFollower -- HMSFollower has bugs in implementing logic that's preventing secure HMS connection from taking place. 1. Need to use the right principal and keytab to use for the connection. 2. Fix the while blocks to allow the connection setup to happen. Diffs ----- sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java 749c2ce8f89fe5960af5a4b48ff45a38091350f4 Diff: https://reviews.apache.org/r/56191/diff/ Testing ------- Sentry server log: ```bash 2017-02-01 14:02:48,537 INFO org.apache.sentry.service.thrift.HMSFollower: HMSFollower is being initialized 2017-02-01 14:02:50,545 INFO DataNucleus.Persistence: Property datanucleus.cache.level2 unknown - will be ignored 2017-02-01 14:02:51,911 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 1. Setting to 20 2017-02-01 14:02:57,186 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 1. Setting to 20 2017-02-01 14:02:57,335 INFO org.apache.sentry.service.thrift.SentryService: Attempting to start... 2017-02-01 14:02:57,345 INFO org.apache.sentry.service.thrift.SentryKerberosContext: Logging in with new Context 2017-02-01 14:02:57,403 INFO org.apache.sentry.service.thrift.SentryService: ProcessorFactory being used: org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory 2017-02-01 14:02:57,711 INFO DataNucleus.Persistence: Property datanucleus.cache.level2 unknown - will be ignored 2017-02-01 14:02:58,969 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 1. Setting to 20 2017-02-01 14:02:59,035 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 1. Setting to 20 2017-02-01 14:02:59,533 INFO org.apache.sentry.hdfs.SentryPlugin: Sentry HDFS plugin initialized !! 2017-02-01 14:02:59,561 INFO org.apache.sentry.service.thrift.SentryService: ProcessorFactory being used: org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessorFactory 2017-02-01 14:02:59,699 INFO DataNucleus.Persistence: Property datanucleus.cache.level2 unknown - will be ignored 2017-02-01 14:03:00,776 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 1. Setting to 20 2017-02-01 14:03:00,854 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 1. Setting to 20 2017-02-01 14:03:00,917 INFO org.apache.sentry.service.thrift.SentryService: ProcessorFactory being used: org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory 2017-02-01 14:03:00,917 INFO org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory: Calling registerProcessor from SentryHDFSServiceProcessorFactory 2017-02-01 14:03:00,945 INFO org.apache.sentry.service.thrift.SentryService: Serving on nightly-1.gce.cloudera.com/172.31.112.33:8038 2017-02-01 14:03:01,133 INFO org.eclipse.jetty.server.Server: jetty-7.6.16.v20140903 2017-02-01 14:03:01,159 INFO org.eclipse.jetty.server.handler.ContextHandler: started o.e.j.s.h.ContextHandler{/,null} 2017-02-01 14:03:01,180 INFO org.eclipse.jetty.server.handler.ContextHandler: started o.e.j.s.ServletContextHandler{/,null} 2017-02-01 14:03:01,211 INFO org.eclipse.jetty.server.AbstractConnector: Started [email protected]:29000 2017-02-01 14:03:01,510 WARN org.apache.sentry.hdfs.SentryPlugin: Recieved Authz Path FULL update [6].. 2017-02-01 14:04:23,514 INFO org.apache.sentry.service.thrift.HMSFollower: Making a kerberos connection to HMS 2017-02-01 14:04:46,255 INFO org.apache.sentry.service.thrift.HMSFollower: Using kerberos principal: sentry/[email protected] 2017-02-01 14:05:15,016 INFO org.apache.sentry.service.thrift.SentryKerberosContext: Logging in with new Context 2017-02-01 14:05:20,783 INFO org.apache.sentry.service.thrift.HMSFollower: Established kerberos context, will now connect to HMS 2017-02-01 14:05:35,212 INFO hive.metastore: Trying to connect to metastore with URI thrift://nightly-1.gce.cloudera.com:9083 2017-02-01 14:05:37,210 INFO hive.metastore: Opened a connection to metastore, current connections: 1 2017-02-01 14:05:37,212 INFO hive.metastore: Connected to metastore. ``` Thanks, Vamsee Yarlagadda
