deniskuzZ commented on code in PR #5652:
URL: https://github.com/apache/hive/pull/5652#discussion_r2016109173
##########
service/src/java/org/apache/hive/service/server/HiveServer2.java:
##########
@@ -534,6 +456,103 @@ public synchronized void init(HiveConf hiveConf) {
// Extra time for releasing the resources if timeout sets to 0
ShutdownHookManager.addGracefulShutDownHook(() -> graceful_stop(),
timeout == 0 ? 30 : timeout);
}
+
+ private void addHAContextAttributes(HttpServer.Builder builder, HiveConf
hiveConf) {
+ builder.setContextAttribute("hs2.isLeader", isLeader);
+ builder.setContextAttribute("hs2.failover.callback", new
FailoverHandlerCallback(hs2HARegistry));
+ }
+
+ private static HttpServer.Builder createHttpServerBuilder(String webHost,
int port, String name, String contextPath,
+ HiveConf hiveConf, CLIService cliService, PamAuthenticator
pamAuthenticator) throws IOException {
+ HttpServer.Builder builder = new HttpServer.Builder(name);
+ builder.setConf(hiveConf);
+ builder.setHost(webHost);
+ builder.setPort(port);
+ builder.setContextPath(contextPath);
+
builder.setMaxThreads(hiveConf.getIntVar(ConfVars.HIVE_SERVER2_WEBUI_MAX_THREADS));
+ builder.setAdmins(hiveConf.getVar(ConfVars.USERS_IN_ADMIN_ROLE));
+ // SessionManager is initialized
+ builder.setContextAttribute("hive.sm", cliService.getSessionManager());
+ hiveConf.set("startcode", String.valueOf(System.currentTimeMillis()));
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL)) {
+ String keyStorePath =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PATH);
+ if (StringUtils.isBlank(keyStorePath)) {
+ throw new
IllegalArgumentException(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PATH.varname
+ + " Not configured for SSL connection");
+ }
+ builder.setKeyStorePassword(ShimLoader.getHadoopShims().getPassword(
+ hiveConf,
ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD.varname));
+ builder.setKeyStorePath(keyStorePath);
+
builder.setKeyStoreType(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE));
+ builder.setKeyManagerFactoryAlgorithm(
+
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYMANAGERFACTORY_ALGORITHM));
+
builder.setExcludeCiphersuites(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_EXCLUDE_CIPHERSUITES));
+ builder.setUseSSL(true);
+ }
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SPNEGO)) {
+ String spnegoPrincipal =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_PRINCIPAL);
+ String spnegoKeytab =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_KEYTAB);
+ if (StringUtils.isBlank(spnegoPrincipal) ||
StringUtils.isBlank(spnegoKeytab)) {
+ throw new IllegalArgumentException(
+ ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_PRINCIPAL.varname
+ + "/" + ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_KEYTAB.varname
+ + " Not configured for SPNEGO authentication");
+ }
+ builder.setSPNEGOPrincipal(spnegoPrincipal);
+ builder.setSPNEGOKeytab(spnegoKeytab);
+ builder.setUseSPNEGO(true);
+ }
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_ENABLE_CORS)) {
+ builder.setEnableCORS(true);
+ String allowedOrigins =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_ORIGINS);
+ String allowedMethods =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_METHODS);
+ String allowedHeaders =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_HEADERS);
+ if (StringUtils.isBlank(allowedOrigins) ||
StringUtils.isBlank(allowedMethods) || StringUtils.isBlank(allowedHeaders)) {
+ throw new IllegalArgumentException("CORS enabled. But " +
+ ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_ORIGINS.varname + "/" +
+ ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_METHODS.varname + "/" +
+ ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_HEADERS.varname + "/" +
+ " is not configured");
+ }
+ builder.setAllowedOrigins(allowedOrigins);
+ builder.setAllowedMethods(allowedMethods);
+ builder.setAllowedHeaders(allowedHeaders);
+ LOG.info("CORS enabled - allowed-origins: {} allowed-methods: {}
allowed-headers: {}", allowedOrigins,
+ allowedMethods, allowedHeaders);
+ }
+ if(hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_XFRAME_ENABLED)) {
+
builder.configureXFrame(true).setXFrameOption(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_XFRAME_VALUE));
+ }
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_PAM)) {
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL)) {
+ String hiveServer2PamServices =
hiveConf.getVar(ConfVars.HIVE_SERVER2_PAM_SERVICES);
+ if (hiveServer2PamServices == null ||
hiveServer2PamServices.isEmpty()) {
+ throw new
IllegalArgumentException(ConfVars.HIVE_SERVER2_PAM_SERVICES.varname + " are not
configured.");
+ }
+ builder.setPAMAuthenticator(pamAuthenticator == null ? new
PamAuthenticator(hiveConf) : pamAuthenticator);
+ builder.setUsePAM(true);
+ } else if (hiveConf.getBoolVar(ConfVars.HIVE_IN_TEST)) {
+ builder.setPAMAuthenticator(pamAuthenticator == null ? new
PamAuthenticator(hiveConf) : pamAuthenticator);
+ builder.setUsePAM(true);
+ } else {
+ throw new
IllegalArgumentException(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL.varname + " has
false value. It is recommended to set to true when PAM is used.");
+ }
+ }
+
+ return builder;
+ }
+
+ private void initHAHealthChecker(HttpServer webServer, HiveConf hiveConf)
throws IOException {
+ if (serviceDiscovery && activePassiveHA) {
+ String webHost = hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_BIND_HOST);
+ int healthCheckPort =
hiveConf.getIntVar(ConfVars.HIVE_SERVER2_ACTIVE_PASSIVE_HA_HEALTHCHECK_PORT);
+ HttpServer.Builder builder = createHttpServerBuilder(webHost,
healthCheckPort, "health-ha",
+ "/health-ha", hiveConf, cliService, pamAuthenticator);
+ addHAContextAttributes(builder, hiveConf);
+ builder.addServlet("leader", HS2HAHealthChecker.class);
Review Comment:
why do we use "leader" as the name for `endpoint`? should it be
`ha-healthcheck` / `health-ha`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org
