deniskuzZ commented on code in PR #5652:
URL: https://github.com/apache/hive/pull/5652#discussion_r2014537409
##########
service/src/java/org/apache/hive/service/server/HiveServer2.java:
##########
@@ -534,6 +455,102 @@ public synchronized void init(HiveConf hiveConf) {
// Extra time for releasing the resources if timeout sets to 0
ShutdownHookManager.addGracefulShutDownHook(() -> graceful_stop(),
timeout == 0 ? 30 : timeout);
}
+
+ private void addHAContextAttributes(HttpServer.Builder builder, HiveConf
hiveConf) {
+ builder.setContextAttribute("hs2.isLeader", isLeader);
+ builder.setContextAttribute("hs2.failover.callback", new
FailoverHandlerCallback(hs2HARegistry));
+ builder.setContextAttribute("hiveconf", hiveConf);
+ }
+
+ private HttpServer.Builder initBuilder(String webHost, int port, String
name, String contextPath, HiveConf hiveConf) throws IOException {
+ HttpServer.Builder builder = new HttpServer.Builder(name);
+ builder.setPort(port);
+ builder.setConf(hiveConf);
+ builder.setHost(webHost);
+ builder.setContextPath(contextPath);
+
builder.setMaxThreads(hiveConf.getIntVar(ConfVars.HIVE_SERVER2_WEBUI_MAX_THREADS));
+ builder.setAdmins(hiveConf.getVar(ConfVars.USERS_IN_ADMIN_ROLE));
+ // SessionManager is initialized
+ builder.setContextAttribute("hive.sm", cliService.getSessionManager());
+ hiveConf.set("startcode", String.valueOf(System.currentTimeMillis()));
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL)) {
+ String keyStorePath =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PATH);
+ if (StringUtils.isBlank(keyStorePath)) {
+ throw new
IllegalArgumentException(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PATH.varname
+ + " Not configured for SSL connection");
+ }
+ builder.setKeyStorePassword(ShimLoader.getHadoopShims().getPassword(
+ hiveConf,
ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_PASSWORD.varname));
+ builder.setKeyStorePath(keyStorePath);
+
builder.setKeyStoreType(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYSTORE_TYPE));
+ builder.setKeyManagerFactoryAlgorithm(
+
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_KEYMANAGERFACTORY_ALGORITHM));
+
builder.setExcludeCiphersuites(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SSL_EXCLUDE_CIPHERSUITES));
+ builder.setUseSSL(true);
+ }
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SPNEGO)) {
+ String spnegoPrincipal =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_PRINCIPAL);
+ String spnegoKeytab =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_KEYTAB);
+ if (StringUtils.isBlank(spnegoPrincipal) ||
StringUtils.isBlank(spnegoKeytab)) {
+ throw new IllegalArgumentException(
+ ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_PRINCIPAL.varname
+ + "/" + ConfVars.HIVE_SERVER2_WEBUI_SPNEGO_KEYTAB.varname
+ + " Not configured for SPNEGO authentication");
+ }
+ builder.setSPNEGOPrincipal(spnegoPrincipal);
+ builder.setSPNEGOKeytab(spnegoKeytab);
+ builder.setUseSPNEGO(true);
+ }
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_ENABLE_CORS)) {
+ builder.setEnableCORS(true);
+ String allowedOrigins =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_ORIGINS);
+ String allowedMethods =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_METHODS);
+ String allowedHeaders =
hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_HEADERS);
+ if (StringUtils.isBlank(allowedOrigins) ||
StringUtils.isBlank(allowedMethods) || StringUtils.isBlank(allowedHeaders)) {
+ throw new IllegalArgumentException("CORS enabled. But " +
+ ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_ORIGINS.varname + "/" +
+ ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_METHODS.varname + "/" +
+ ConfVars.HIVE_SERVER2_WEBUI_CORS_ALLOWED_HEADERS.varname + "/" +
+ " is not configured");
+ }
+ builder.setAllowedOrigins(allowedOrigins);
+ builder.setAllowedMethods(allowedMethods);
+ builder.setAllowedHeaders(allowedHeaders);
+ LOG.info("CORS enabled - allowed-origins: {} allowed-methods: {}
allowed-headers: {}", allowedOrigins,
+ allowedMethods, allowedHeaders);
+ }
+ if(hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_XFRAME_ENABLED)){
+
builder.configureXFrame(true).setXFrameOption(hiveConf.getVar(ConfVars.HIVE_SERVER2_WEBUI_XFRAME_VALUE));
+ }
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_PAM)) {
+ if (hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL)) {
+ String hiveServer2PamServices =
hiveConf.getVar(ConfVars.HIVE_SERVER2_PAM_SERVICES);
+ if (hiveServer2PamServices == null ||
hiveServer2PamServices.isEmpty()) {
+ throw new
IllegalArgumentException(ConfVars.HIVE_SERVER2_PAM_SERVICES.varname + " are not
configured.");
+ }
+ builder.setPAMAuthenticator(pamAuthenticator == null ? new
PamAuthenticator(hiveConf) : pamAuthenticator);
+ builder.setUsePAM(true);
+ } else if (hiveConf.getBoolVar(ConfVars.HIVE_IN_TEST)) {
+ builder.setPAMAuthenticator(pamAuthenticator == null ? new
PamAuthenticator(hiveConf) : pamAuthenticator);
+ builder.setUsePAM(true);
+ } else {
+ throw new
IllegalArgumentException(ConfVars.HIVE_SERVER2_WEBUI_USE_SSL.varname + " has
false value. It is recommended to set to true when PAM is used.");
+ }
+ }
+
+ return builder;
+ }
+
+ private void initHAHealthChecker(HttpServer webServer, HiveConf hiveConf)
throws IOException {
Review Comment:
static
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
