[ https://issues.apache.org/jira/browse/HIVE-17218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16127633#comment-16127633 ]
Mithun Radhakrishnan commented on HIVE-17218: --------------------------------------------- Certainly, sir. Thank you for the review. > Canonical-ize hostnames for Hive metastore, and HS2 servers. > ------------------------------------------------------------ > > Key: HIVE-17218 > URL: https://issues.apache.org/jira/browse/HIVE-17218 > Project: Hive > Issue Type: Bug > Components: HiveServer2, Metastore, Security > Affects Versions: 1.2.2, 2.2.0, 3.0.0 > Reporter: Mithun Radhakrishnan > Assignee: Mithun Radhakrishnan > Attachments: HIVE-17218.1.patch > > > Currently, the {{HiveMetastoreClient}} and {{HiveConnection}} do not > canonical-ize the hostnames of the metastore/HS2 servers. In deployments > where there are multiple such servers behind a VIP, this causes a number of > inconveniences: > # The client-side configuration (e.g. {{hive.metastore.uris}} in > {{hive-site.xml}}) needs to specify the VIP's hostname, and cannot use a > simplified CNAME, in the thrift URL. If the > {{hive.metastore.kerberos.principal}} is specified using {{_HOST}}, one sees > GSS failures as follows: > {noformat} > hive --hiveconf hive.metastore.kerberos.principal=hive/_h...@grid.myth.net > --hiveconf > hive.metastore.uris="thrift://simplified-hcat-cname.grid.myth.net:56789" > ... > Exception in thread "main" java.lang.RuntimeException: > java.lang.RuntimeException: Unable to instantiate > org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient > at > org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:542) > at org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:677) > at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:621) > ... > {noformat} > This is because {{_HOST}} is filled in with the CNAME, and not the > canonicalized name. > # Oozie workflows that use HCat {{<credential>}} have to always use the VIP > hostname, and can't use {{_HOST}}-based service principals, if the CNAME > differs from the VIP name. > If the client-code simply canonical-ized the hostnames, it would enable the > use of both simplified CNAMEs, and _HOST in service principals. -- This message was sent by Atlassian JIRA (v6.4.14#64029)