[
https://issues.apache.org/jira/browse/HIVE-23715?focusedWorklogId=447702&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-447702
]
ASF GitHub Bot logged work on HIVE-23715:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 18/Jun/20 08:58
Start Date: 18/Jun/20 08:58
Worklog Time Spent: 10m
Work Description: pvargacl commented on a change in pull request #1141:
URL: https://github.com/apache/hive/pull/1141#discussion_r442074285
##########
File path:
standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java
##########
@@ -479,26 +482,50 @@ public void init(Object hmsHandler,
HadoopThriftAuthBridge.Server.ServerMode sMo
conf.get(MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR,
null);
if (zkConnectString == null || zkConnectString.trim().isEmpty()) {
// try alternate config param
- zkConnectString =
- conf.get(
-
MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE,
- null);
+ zkConnectString =
conf.get(MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE,
null);
if (zkConnectString == null || zkConnectString.trim().isEmpty()) {
- throw new IllegalArgumentException("Zookeeper connect string has to be
specified through "
- + "either " +
MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR
- + " or "
- +
MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE
- + WHEN_ZK_DSTORE_MSG);
+ throw new IllegalArgumentException("Zookeeper connect string has to be
specified through " + "either "
+ +
MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR + " or "
+ +
MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE
+ WHEN_ZK_DSTORE_MSG);
+ }
+ // If we use the alternate zk config (the global one)
+ // we should also use the related properties from the global config
+ zkConnectPort = MetastoreConf.getVar(conf,
MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_CLIENT_PORT);
+ connectTimeoutMillis = (int) MetastoreConf
+ .getTimeVar(conf,
MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_CONNECTION_TIMEOUT,
TimeUnit.MILLISECONDS);
+ sslEnabled = MetastoreConf.getBoolVar(conf,
MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_SSL_ENABLE);
Review comment:
That else is for the previous if statement.
if (we use the alternate config)
read the alternate sslEnabled
if( that property is set)
read the other properties from the alternate config
else // we use the delegation own config
read the delagation sslEnabled config
if (the that property is set)
read the other properties from the delegation config
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 447702)
Time Spent: 1h (was: 50m)
> Fix zookeeper ssl keystore password handling issues
> ---------------------------------------------------
>
> Key: HIVE-23715
> URL: https://issues.apache.org/jira/browse/HIVE-23715
> Project: Hive
> Issue Type: Bug
> Reporter: Peter Varga
> Assignee: Peter Varga
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
> In HIVE-23045 Zookeeper SSL communication support was introduced, but the
> password config for the keystore and truststore is not handled correctly is
> they are stored in jceks.
> Also the ZooKeeperTokenStore is not handling well the fallback to the global
> zookeeper configurations.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
