HIVE-16724 : increase session timeout for LLAP ZK token manager (Sergey Shelukhin, reviewed by Jason Dere)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/bb2f25c1 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/bb2f25c1 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/bb2f25c1 Branch: refs/heads/hive-14535 Commit: bb2f25c1a189b031a9601cb00a3dc2f5d6f5ac4a Parents: 8d951fa Author: sergey <ser...@apache.org> Authored: Fri May 19 17:34:24 2017 -0700 Committer: sergey <ser...@apache.org> Committed: Fri May 19 17:34:24 2017 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/conf/HiveConf.java | 2 ++ .../hive/llap/security/SecretManager.java | 20 ++++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/bb2f25c1/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java ---------------------------------------------------------------------- diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 1c37b6e..7dedd23 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -3074,6 +3074,8 @@ public class HiveConf extends Configuration { "By default, the clients are required to provide tokens to access HDFS/etc."), LLAP_ZKSM_ZK_CONNECTION_STRING("hive.llap.zk.sm.connectionString", "", "ZooKeeper connection string for ZooKeeper SecretManager."), + LLAP_ZKSM_ZK_SESSION_TIMEOUT("hive.llap.zk.sm.session.timeout", "40s", new TimeValidator( + TimeUnit.MILLISECONDS), "ZooKeeper session timeout for ZK SecretManager."), LLAP_ZK_REGISTRY_USER("hive.llap.zk.registry.user", "", "In the LLAP ZooKeeper-based registry, specifies the username in the Zookeeper path.\n" + "This should be the hive user or whichever user is running the LLAP daemon."), http://git-wip-us.apache.org/repos/asf/hive/blob/bb2f25c1/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java ---------------------------------------------------------------------- diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java index 08f8b32..8e4f233 100644 --- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java +++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java @@ -175,18 +175,26 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent zkConf.setLong(DelegationTokenManager.MAX_LIFETIME, tokenLifetime); zkConf.setLong(DelegationTokenManager.RENEW_INTERVAL, tokenLifetime); try { - zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_PRINCIPAL, + zkConf.set(ZK_DTSM_ZK_KERBEROS_PRINCIPAL, SecurityUtil.getServerPrincipal(principal, "0.0.0.0")); } catch (IOException e) { throw new RuntimeException(e); } - zkConf.set(SecretManager.ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab); + zkConf.set(ZK_DTSM_ZK_KERBEROS_KEYTAB, keyTab); String zkPath = "zkdtsm_" + clusterId; LOG.info("Using {} as ZK secret manager path", zkPath); - zkConf.set(SecretManager.ZK_DTSM_ZNODE_WORKING_PATH, zkPath); + zkConf.set(ZK_DTSM_ZNODE_WORKING_PATH, zkPath); // Hardcode SASL here. ZKDTSM only supports none or sasl and we never want none. - zkConf.set(SecretManager.ZK_DTSM_ZK_AUTH_TYPE, "sasl"); - setZkConfIfNotSet(zkConf, SecretManager.ZK_DTSM_ZK_CONNECTION_STRING, + zkConf.set(ZK_DTSM_ZK_AUTH_TYPE, "sasl"); + long sessionTimeoutMs = HiveConf.getTimeVar( + zkConf, ConfVars.LLAP_ZKSM_ZK_SESSION_TIMEOUT, TimeUnit.MILLISECONDS); + long newRetryCount = + (ZK_DTSM_ZK_NUM_RETRIES_DEFAULT * sessionTimeoutMs) / ZK_DTSM_ZK_SESSION_TIMEOUT_DEFAULT; + long connTimeoutMs = Math.max(sessionTimeoutMs, ZK_DTSM_ZK_CONNECTION_TIMEOUT_DEFAULT); + zkConf.set(ZK_DTSM_ZK_SESSION_TIMEOUT, Long.toString(sessionTimeoutMs)); + zkConf.set(ZK_DTSM_ZK_CONNECTION_TIMEOUT, Long.toString(connTimeoutMs)); + zkConf.set(ZK_DTSM_ZK_NUM_RETRIES, Long.toString(newRetryCount)); + setZkConfIfNotSet(zkConf, ZK_DTSM_ZK_CONNECTION_STRING, HiveConf.getVar(zkConf, ConfVars.LLAP_ZKSM_ZK_CONNECTION_STRING)); UserGroupInformation zkUgi = null; @@ -201,7 +209,7 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent public static SecretManager createSecretManager(Configuration conf, String clusterId) { String llapPrincipal = HiveConf.getVar(conf, ConfVars.LLAP_KERBEROS_PRINCIPAL), llapKeytab = HiveConf.getVar(conf, ConfVars.LLAP_KERBEROS_KEYTAB_FILE); - return SecretManager.createSecretManager(conf, llapPrincipal, llapKeytab, clusterId); + return createSecretManager(conf, llapPrincipal, llapKeytab, clusterId); } public static SecretManager createSecretManager(