[jira] [Commented] (HIVE-6741) HiveServer2 startup fails in secure (kerberos) mode due to backward incompatible hadoop change

[Prasad Mujumdar (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HIVE-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947145#comment-13947145
 ] 

Prasad Mujumdar commented on HIVE-6741:
---------------------------------------

[~vaibhavgumashta] This is an incompatible change and hence would be better to 
do this along with the hadoop upgrade. The code being removed is applicable to 
Hadoop 2.3. We might not switch to Hadoop 2.4 at all for Hive 0.14 as well, or 
may be Hadoop 2.4 will change the logic later during it's release cycle etc. In 
such cases the patch won't be adding any value.
Also [https://issues.apache.org/jira/browse/HIVE-6657|HIVE-6657] is proposing 
to add miniKdc based test in Hive. I guess that would catch this problem once 
we upgrade, so won't miss out this patch.

Regarding the actual patch, is the new unconditional log message needed at all 
? It's getting printed be printed regardless the hadoop.rpc.protection and 
hive.server2.thrift.sasl.qop config. Would it make sense to just add it to docs 
and remove the message ?


> HiveServer2 startup fails in secure (kerberos) mode due to backward 
> incompatible hadoop change
> ----------------------------------------------------------------------------------------------
>
>                 Key: HIVE-6741
>                 URL: https://issues.apache.org/jira/browse/HIVE-6741
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 0.14.0
>            Reporter: Vaibhav Gumashta
>            Assignee: Vaibhav Gumashta
>            Priority: Blocker
>             Fix For: 0.14.0
>
>         Attachments: HIVE-6741.1.patch
>
>
>  [HADOOP-10211|https://issues.apache.org/jira/browse/HADOOP-10211] made a 
> backward incompatible change due to which the following hive call returns a 
> null map 
> ([HiveAuthFactory-old|https://github.com/apache/hive/blob/fc3fdb19668369c56994d11df3207e14f2c5dba8/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java#L115]):
> {code}
> Map<String, String> hadoopSaslProps =  ShimLoader.getHadoopThriftAuthBridge().
>         getHadoopSaslProperties(conf); 
> SaslQOP hadoopSaslQOP = SaslQOP.fromString(hadoopSaslProps.get(Sasl.QOP));
> if(hadoopSaslQOP.ordinal() > saslQOP.ordinal()) {
> LOG.warn(MessageFormat.format("\"hadoop.rpc.protection\" is set to higher 
> security level " +
>           "{0} then {1} which is set to {2}", hadoopSaslQOP.toString(),
>           ConfVars.HIVE_SERVER2_THRIFT_SASL_QOP.varname, saslQOP.toString()));
> }
> {code}
> Since this code path is only used for logging hadoop sasl qop values in case 
> hadoop's qop > hive's qop, we can do away with this and add a general log 
> message.



--
This message was sent by Atlassian JIRA
(v6.2#6252)