[jira] [Created] (HIVE-27675) Support keystore/truststore types for hive to zookeeper integration points

Fri, 08 Sep 2023 10:17:04 -0700 

Naveen Gangam created HIVE-27675:
------------------------------------

             Summary: Support keystore/truststore types for hive to zookeeper 
integration points
                 Key: HIVE-27675
                 URL: https://issues.apache.org/jira/browse/HIVE-27675
             Project: Hive
          Issue Type: Bug
          Components: HiveServer2, JDBC, Standalone Metastore
    Affects Versions: 3.1.0
            Reporter: Naveen Gangam
            Assignee: Naveen Gangam


In HIVE-24253, we added support for HS2/HMS/JDBC DRiver to support other store 
types like BCFKS (other than JKS). This allows JDBC Clients to connect to HS2 
directly. However, with service discovery enabled, the clients have to connect 
zookeeper to determine HS2 endpoints. This connectivity currently does not 
support other store types. Similarly, HS2/HMS services also do not provide 
ability to use different store types for the zk registration process.
{noformat}
$ beeline 
Connecting to 
jdbc:hive2://<snip>:2181/default;httpPath=cliservice;principal=hive/_HOST@<SNIP>;retries=5;serviceDiscoveryMode=zooKeeper;ssl=true;sslTrustStore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;transportMode=http;trustStorePassword=RoeCFK11Pq54;trustStoreType=bcfks;zooKeeperNamespace=hiveserver2
Error: org.apache.hive.jdbc.ZooKeeperHiveClientException: Unable to read 
HiveServer2 configs from ZooKeeper (state=,code=0) 
{noformat}


{noformat}
Opening socket connection to server <SNIP>:2182. Will attempt to 
SASL-authenticate using Login Context section 'HiveZooKeeperClient'
2023-08-09 13:28:07,591 WARN  io.netty.channel.ChannelInitializer: 
[nioEventLoopGroup-3-1]: Failed to initialize a channel. Closing: [id: 
0x0937583f]
org.apache.zookeeper.common.X509Exception$SSLContextException: Failed to create 
KeyManager
        at 
org.apache.zookeeper.common.X509Util.createSSLContextAndOptions(X509Util.java:346)
 ~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:278) 
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:454)
 ~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initChannel(ClientCnxnSocketNetty.java:444)
 ~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initChannel(ClientCnxnSocketNetty.java:429)
 ~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129) 
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112) 
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:1114)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:514)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:429)
 [netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:486) 
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
 [netty-common-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
 [netty-common-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
 [netty-common-4.1.86.Final.jar:4.1.86.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569) 
[netty-transport-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
 [netty-common-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) 
[netty-common-4.1.86.Final.jar:4.1.86.Final]
        at 
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
 [netty-common-4.1.86.Final.jar:4.1.86.Final]
        at java.lang.Thread.run(Thread.java:750) [?:1.8.0_382]
Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: 
java.io.IOException: Invalid keystore format
        at 
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:471) 
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
org.apache.zookeeper.common.X509Util.createSSLContextAndOptions(X509Util.java:344)
 ~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        ... 23 more
Caused by: java.io.IOException: Invalid keystore format
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666) 
~[?:1.8.0_382]
        at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57) 
~[?:1.8.0_382]
        at 
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) 
~[?:1.8.0_382]
        at 
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
 ~[?:1.8.0_382]
        at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_382]
        at 
org.apache.zookeeper.common.StandardTypeFileKeyStoreLoader.loadKeyStore(StandardTypeFileKeyStoreLoader.java:54)
 ~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at org.apache.zookeeper.common.X509Util.loadKeyStore(X509Util.java:400) 
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:460) 
~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        at 
org.apache.zookeeper.common.X509Util.createSSLContextAndOptions(X509Util.java:344)
 ~[zookeeper-3.5.5.7.2.16.300-7.jar:3.5.5.7.2.16.300-7]
        ... 23 more
2023-08-09 13:28:07,591 INFO  org.apache.zookeeper.ClientCnxnSocketNetty: 
[nioEventLoopGroup-3-1]: future isn't success, cause:
io.netty.channel.StacklessClosedChannelException: null
        at 
io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown
 Source) ~[netty-transport-4.1.86.Final.jar:4.1.86.Final]
{noformat}




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to