Re: Review Request 56191: SENTRY-1619: Fix the secure HMS connection code in HMSFollower

Vamsee Yarlagadda Wed, 01 Feb 2017 19:41:08 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56191/
-----------------------------------------------------------


(Updated Feb. 2, 2017, 3:40 a.m.)


Review request for sentry, Alexander Kolbasov, Lei Xu, Hao Hao, kalyan kumar 
kalvagadda, and Vadim Spector.


Changes
-------

Addressed Sasha's comments.

1. Increased retries for HMS connection.
2. After exhausting # of reties, HMSFollower would log the exception and return 
back the control to SentryService.java. And HMSFollower gets subsequently run 
by the next scheduled thread execution logic defined as per: 
(https://github.com/apache/sentry/blob/d5176b2ea2e80d51f49d9e13075d794436fbe504/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java#L161-L162)


Repository: sentry


Description
-------

SENTRY-1619: Fix the secure HMS connection code in HMSFollower
-- HMSFollower has bugs in implementing logic that's preventing secure HMS 
connection from taking place.

1. Need to use the right principal and keytab to use for the connection.
2. Fix the while blocks to allow the connection setup to happen.


Diffs (updated)
-----

  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java
 749c2ce8f89fe5960af5a4b48ff45a38091350f4 

Diff: https://reviews.apache.org/r/56191/diff/


Testing
-------

Sentry server log:
```bash
2017-02-01 14:02:48,537 INFO org.apache.sentry.service.thrift.HMSFollower: 
HMSFollower is being initialized
2017-02-01 14:02:50,545 INFO DataNucleus.Persistence: Property 
datanucleus.cache.level2 unknown - will be ignored
2017-02-01 14:02:51,911 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 
1. Setting to 20
2017-02-01 14:02:57,186 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 
1. Setting to 20
2017-02-01 14:02:57,335 INFO org.apache.sentry.service.thrift.SentryService: 
Attempting to start...
2017-02-01 14:02:57,345 INFO 
org.apache.sentry.service.thrift.SentryKerberosContext: Logging in with new 
Context
2017-02-01 14:02:57,403 INFO org.apache.sentry.service.thrift.SentryService: 
ProcessorFactory being used: 
org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory
2017-02-01 14:02:57,711 INFO DataNucleus.Persistence: Property 
datanucleus.cache.level2 unknown - will be ignored
2017-02-01 14:02:58,969 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 
1. Setting to 20
2017-02-01 14:02:59,035 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 
1. Setting to 20
2017-02-01 14:02:59,533 INFO org.apache.sentry.hdfs.SentryPlugin: Sentry HDFS 
plugin initialized !!
2017-02-01 14:02:59,561 INFO org.apache.sentry.service.thrift.SentryService: 
ProcessorFactory being used: 
org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessorFactory
2017-02-01 14:02:59,699 INFO DataNucleus.Persistence: Property 
datanucleus.cache.level2 unknown - will be ignored
2017-02-01 14:03:00,776 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 
1. Setting to 20
2017-02-01 14:03:00,854 WARN com.jolbox.bonecp.BoneCPConfig: Max Connections < 
1. Setting to 20
2017-02-01 14:03:00,917 INFO org.apache.sentry.service.thrift.SentryService: 
ProcessorFactory being used: 
org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory
2017-02-01 14:03:00,917 INFO 
org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory: Calling 
registerProcessor from SentryHDFSServiceProcessorFactory
2017-02-01 14:03:00,945 INFO org.apache.sentry.service.thrift.SentryService: 
Serving on nightly-1.gce.cloudera.com/172.31.112.33:8038
2017-02-01 14:03:01,133 INFO org.eclipse.jetty.server.Server: 
jetty-7.6.16.v20140903
2017-02-01 14:03:01,159 INFO org.eclipse.jetty.server.handler.ContextHandler: 
started o.e.j.s.h.ContextHandler{/,null}
2017-02-01 14:03:01,180 INFO org.eclipse.jetty.server.handler.ContextHandler: 
started o.e.j.s.ServletContextHandler{/,null}
2017-02-01 14:03:01,211 INFO org.eclipse.jetty.server.AbstractConnector: 
Started [email protected]:29000
2017-02-01 14:03:01,510 WARN org.apache.sentry.hdfs.SentryPlugin: Recieved 
Authz Path FULL update [6]..

2017-02-01 14:04:23,514 INFO org.apache.sentry.service.thrift.HMSFollower: 
Making a kerberos connection to HMS
2017-02-01 14:04:46,255 INFO org.apache.sentry.service.thrift.HMSFollower: 
Using kerberos principal: sentry/[email protected]
2017-02-01 14:05:15,016 INFO 
org.apache.sentry.service.thrift.SentryKerberosContext: Logging in with new 
Context
2017-02-01 14:05:20,783 INFO org.apache.sentry.service.thrift.HMSFollower: 
Established kerberos context, will now connect to HMS
2017-02-01 14:05:35,212 INFO hive.metastore: Trying to connect to metastore 
with URI thrift://nightly-1.gce.cloudera.com:9083
2017-02-01 14:05:37,210 INFO hive.metastore: Opened a connection to metastore, 
current connections: 1
2017-02-01 14:05:37,212 INFO hive.metastore: Connected to metastore.

```


Thanks,

Vamsee Yarlagadda

Re: Review Request 56191: SENTRY-1619: Fix the secure HMS connection code in HMSFollower

Reply via email to