Naveen Gangam created HIVE-27675:
------------------------------------
Summary: Support keystore/truststore types for hive to zookeeper
integration points
Key: HIVE-27675
URL: https://issues.apache.org/jira/browse/HIVE-27675
Project: Hive
Issue Type: Bug
Components: HiveServer2, JDBC, Standalone Metastore
Affects Versions: 3.1.0
Reporter: Naveen Gangam
Assignee: Naveen Gangam
In HIVE-24253, we added support for HS2/HMS/JDBC DRiver to support other store
types like BCFKS (other than JKS). This allows JDBC Clients to connect to HS2
directly. However, with service discovery enabled, the clients have to connect
zookeeper to determine HS2 endpoints. This connectivity currently does not
support other store types. Similarly, HS2/HMS services also do not provide
ability to use different store types for the zk registration process.
{noformat}
$ beeline
Connecting to
jdbc:hive2://<snip>:2181/default;httpPath=cliservice;principal=hive/_HOST@<SNIP>;retries=5;serviceDiscoveryMode=zooKeeper;ssl=true;sslTrustStore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;transportMode=http;trustStorePassword=RoeCFK11Pq54;trustStoreType=bcfks;zooKeeperNamespace=hiveserver2
Error: org.apache.hive.jdbc.ZooKeeperHiveClientException: Unable to read
HiveServer2 configs from ZooKeeper (state=,code=0)
{noformat}
{noformat}
Opening socket connection to server <SNIP>:2182. Will attempt to
SASL-authenticate using Login Context section 'HiveZooKeeperClient'
2023-08-09 13:28:07,591 WARN io.netty.channel.ChannelInitializer:
[nioEventLoopGroup-3-1]: Failed to initialize a channel. Closing: [id:
0x0937583f]
org.apache.zookeeper.common.X509Exception$SSLContextException: Failed to create
KeyManager
at
org.apache.zookeeper.common.X509Util.createSSLContextAndOptions(X509Util.java:346)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:278)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:454)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initChannel(ClientCnxnSocketNetty.java:444)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initChannel(ClientCnxnSocketNetty.java:429)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:1114)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:514)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:429)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:486)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
[netty-common-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
[netty-common-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
[netty-common-4.1.86.Final.jar:4.1.86.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
[netty-common-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
[netty-common-4.1.86.Final.jar:4.1.86.Final]
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
[netty-common-4.1.86.Final.jar:4.1.86.Final]
at java.lang.Thread.run(Thread.java:750) [?:1.8.0_382]
Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException:
java.io.IOException: Invalid keystore format
at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:471)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
org.apache.zookeeper.common.X509Util.createSSLContextAndOptions(X509Util.java:344)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
... 23 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666)
~[?:1.8.0_382]
at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
~[?:1.8.0_382]
at
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
~[?:1.8.0_382]
at
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
~[?:1.8.0_382]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_382]
at
org.apache.zookeeper.common.StandardTypeFileKeyStoreLoader.loadKeyStore(StandardTypeFileKeyStoreLoader.java:54)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at org.apache.zookeeper.common.X509Util.loadKeyStore(X509Util.java:400)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:460)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
at
org.apache.zookeeper.common.X509Util.createSSLContextAndOptions(X509Util.java:344)
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
... 23 more
2023-08-09 13:28:07,591 INFO org.apache.zookeeper.ClientCnxnSocketNetty:
[nioEventLoopGroup-3-1]: future isn't success, cause:
io.netty.channel.StacklessClosedChannelException: null
at
io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown
Source) ~[netty-transport-4.1.86.Final.jar:4.1.86.Final]
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
