[ https://issues.apache.org/jira/browse/HIVE-18982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Prasanth Jayachandran updated HIVE-18982: ----------------------------------------- Comment: was deleted (was: Based on offline feedback from [~gopalv] added llap specific commands under HiveCommandOperation to get Hive authorization. Also updated the patch to get use LLAP management API for security. 2 commands are add 1) LLAP cluster commands (only info is implemented in this patch) 2) LLAP cache commands (only purge is implemented in this patch) "llap cluster -info;" has no authorization, any user can read this information. "llap cache -purge;" requires users to have admin role. Some examples: {code:title=user in non-admin role trying to purge the cache} 0: jdbc:hive2://localhost:10000> set hive.security.authorization.enabled; +-------------------------------------------+ | set | +-------------------------------------------+ | hive.security.authorization.enabled=true | +-------------------------------------------+ 1 row selected (0.165 seconds) 0: jdbc:hive2://localhost:10000> llap cache -purge; Error: Error while processing statement: Permission denied: Principal [name=pjayachandran, type=USER] does not have following privileges for operation LLAP_CACHE_PURGE [ADMIN PRIVILEGE on INPUT] (state=,code=1) {code} {code:title=user in admin role trying to purge the cache} 0: jdbc:hive2://localhost:10000> set role admin; No rows affected (1.019 seconds) 0: jdbc:hive2://localhost:10000> llap cache -purge; +------------+--------------------+ | hostName | purgedMemoryBytes | +------------+--------------------+ | localhost | 50429952 | +------------+--------------------+ {code} {code:title=when authZ is disabled, user can read cluster info} 0: jdbc:hive2://localhost:10000> set hive.security.authorization.enabled; +--------------------------------------------+ | set | +--------------------------------------------+ | hive.security.authorization.enabled=false | +--------------------------------------------+ 1 row selected (0.159 seconds) 0: jdbc:hive2://localhost:10000> llap cluster -info; +----------------+---------------------------------------+------------+----------+-------------+---------+ | applicationId | workerIdentity | hostname | rpcPort | memory | vcores | +----------------+---------------------------------------+------------+----------+-------------+---------+ | null | 873b7438-01b1-4974-90e2-1c5631602db9 | localhost | 15001 | 3145728000 | 3 | +----------------+---------------------------------------+------------+----------+-------------+---------+ {code} ignore "null" applicationId as this is my local setup which is not deployed via slider or yarn services. ) > Provide a CLI option to manually trigger failover > ------------------------------------------------- > > Key: HIVE-18982 > URL: https://issues.apache.org/jira/browse/HIVE-18982 > Project: Hive > Issue Type: Sub-task > Components: HiveServer2 > Affects Versions: 3.0.0 > Reporter: Prasanth Jayachandran > Assignee: Prasanth Jayachandran > Priority: Major > Fix For: 3.0.0 > > Attachments: HIVE-18982.1.patch, HIVE-18982.2.patch, > HIVE-18982.3.patch, HIVE-18982.4.patch, HIVE-18982.5.patch > > > HIVE-18281 added active-passive HA. There might be a administrative need to > trigger a manual failover of HS2 Active server. Add command line tool to view > list of all HS2 instances and trigger manual failover (only under force > mode). The clients currently connected to active HS2 will be closed. In > future, more options to existing clients connections can be handled via > configs/options (like wait until timeout, wait until current sessions are > closed etc.) -- This message was sent by Atlassian JIRA (v7.6.3#76005)