abstractdog commented on a change in pull request #2911:
URL: https://github.com/apache/hive/pull/2911#discussion_r781557895
##########
File path: ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java
##########
@@ -350,6 +351,16 @@ protected void openInternal(String[]
additionalFilesNotFromConf,
setupSessionAcls(tezConfig, conf);
+ /*
+ * Update HADOOP_CREDSTORE_PASSWORD for the TezAM.
+ * If there is a job specific credential store, it will be set.
+ * HiveConfUtil.updateJobCredentialProviders should not be used here,
+ * as it changes the credential store path too, which causes the dag
submission fail,
+ * as this config has an effect in HS2 (on TezClient codepath), and the
original hadoop
+ * credential store should be used.
+ */
+ HiveConfUtil.updateCredentialProviderPasswordForJobs(tezConfig);
Review comment:
the credential store password appears in the launch-container.sh script,
which is created by yarn, and it contains the environment variables, I think
this is the same as in case of any other execution engine that's localized by
yarn, but I'm sure that launch-container.sh is not included into application
logs, so it's only readable of somebody having access to the cluster nodes
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
