[
https://issues.apache.org/jira/browse/IMPALA-7130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vincent Tran resolved IMPALA-7130.
----------------------------------
Resolution: Fixed
IMPALA-7130: impala-shell -b / --kerberos_host_fqdn flag overrides value passed
in via -i / --impalad
After additional testing around IMPALA-2782, it was discovered
that impala-shell starts the session displaying the expected
hostname (as passed -i flag) on the prompt. This gives the
impression that the load balancer was bypassed, however the
actual TSSLSocket is still created with the hostname passed
in via the -b or --kerberos_host_fqdn flag.
This change ensures that the hostname used to create the
TSSLSocket will always be the one passed in via the -i flag
on impala-shell. This change is required by IMPALA-2782.
Testing:
Using netcat, we verified that the impala daemon host[:port]
value passed into the -i/--impalad option is indeed the one
impala-shell tries to connect to in both cases (with and
without -b)
Change-Id: Ibee05bd0dbe8c6ae108b890f0ae0f6900149773a
Reviewed-on: http://gerrit.cloudera.org:8080/10580
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
> impala-shell -b / --kerberos_host_fqdn flag overrides value passed in via -i
> ----------------------------------------------------------------------------
>
> Key: IMPALA-7130
> URL: https://issues.apache.org/jira/browse/IMPALA-7130
> Project: IMPALA
> Issue Type: Bug
> Components: Clients
> Affects Versions: Impala 3.0, Impala 2.12.0
> Reporter: Vincent Tran
> Assignee: Vincent Tran
> Priority: Critical
>
> When impala-shell -b / --kerberos_host_fqdn is used, the value will override
> one passed in via -i / --impalad.
> This leads to the socket being created with the former value in the case when
> -b is used.
> The problematic section of code is here
> {noformat}
> if self.kerberos_host_fqdn is not None:
> host, port = (self.kerberos_host_fqdn.split(':')[0].encode('ascii',
> 'ignore'),
> int(self.impalad[1]))
> else:
> host, port = self.impalad[0].encode('ascii', 'ignore'),
> int(self.impalad[1])
> if self.use_ssl:
> if self.ca_cert is None:
> # No CA cert means don't try to verify the certificate
> sock = TSSLSocketWithWildcardSAN(host, port, validate=False)
> else:
> sock = TSSLSocketWithWildcardSAN(host, port, validate=True,
> ca_certs=self.ca_cert)
> else:
> sock = TSocket(host, port)
> if not (self.use_ldap or self.use_kerberos):
> return TBufferedTransport(sock)
> {noformat}
> The proposed fix is to always create the socket with the host passed in via -i
> {noformat}
> self.impalad[0].encode('ascii', 'ignore')
> {noformat}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
