[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16705397#comment-16705397 ] Morio Ramdenbourg commented on HIVE-13044: -- Hi [~leftylev], I have a ticket [HIVE-20992|https://issues.apache.org/jira/browse/HIVE-20992] that results from the work done in this ticket. Do you know if the new config value *hive.metastore.dbaccess.ssl.properties* is documented anywhere? > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu >Priority: Major > Labels: TODOC2.1 > Fix For: 2.1.0 > > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch, > TLSSSLCommunicationBetweenHMSandDatabases.pdf > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15162732#comment-15162732 ] Lefty Leverenz commented on HIVE-13044: --- Doc note: This adds configuration parameter *hive.metastore.dbaccess.ssl.properties* and changes the description of *javax.jdo.option.ConnectionURL* so they will need to be documented in Configuration Properties for release 2.1.0. * [Hive Configuration Properties -- MetaStore | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-MetaStore] ** [javax.jdo.option.ConnectionURL | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-javax.jdo.option.ConnectionURL] The information in the attached PDF doc also needs be added to the wiki for release 2.1.0. * [TLSSSLCommunicationBetweenHMSandDatabases.pdf | https://issues.apache.org/jira/secure/attachment/12789210/TLSSSLCommunicationBetweenHMSandDatabases.pdf] > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Labels: TODOC2.1 > Fix For: 2.1.0 > > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch, > TLSSSLCommunicationBetweenHMSandDatabases.pdf > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15158911#comment-15158911 ] Aihua Xu commented on HIVE-13044: - Discussed with Yongzhi offline. Currently not easy to add a test. > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15157356#comment-15157356 ] Chaoyu Tang commented on HIVE-13044: LGTM, +1 > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15157299#comment-15157299 ] Aihua Xu commented on HIVE-13044: - We need to pass additional properties like trustStore location and password and others through HMS process JVM options or HS process JVM option for embedded HMS. This is just an enhancement to simplify it, so the user only needs to change config value rather than tweak the java opts. > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15157289#comment-15157289 ] Aihua Xu commented on HIVE-13044: - Sure. I think we may not support SSL in test infra but let me take another look and if it's easy to add such. > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15157220#comment-15157220 ] Chaoyu Tang commented on HIVE-13044: [~aihuaxu] I wonder if we can do that by setting property javax.jdo.option.ConnectionURL to a JDBC connection string with SSL values, therefore do not need the code change? > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15157188#comment-15157188 ] Yongzhi Chen commented on HIVE-13044: - [~aihuaxu], the change looks good. Could you add a test if possible? > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15157130#comment-15157130 ] Aihua Xu commented on HIVE-13044: - [~ctang.ma], [~ychena] Can you help code review if the change makes sense? Thanks. > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15155729#comment-15155729 ] Hive QA commented on HIVE-13044: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12788746/HIVE-13044.2.patch {color:red}ERROR:{color} -1 due to no test(s) being added or modified. {color:red}ERROR:{color} -1 due to 2 failed/errored test(s), 9815 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_authorization_uri_import org.apache.hive.jdbc.TestSSL.testSSLVersion {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/7041/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/7041/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-7041/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 2 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12788746 - PreCommit-HIVE-TRUNK-Build > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15154818#comment-15154818 ] Aihua Xu commented on HIVE-13044: - Attach patch-2: Set the SSL property in ObjectStore to make it work for both server or embedded mode of metastore. > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-13044) Enable TLS encryption to HMS backend database
[ https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15154594#comment-15154594 ] Aihua Xu commented on HIVE-13044: - Attach the patch-1: added a new config hive.metastore.dbaccess.ssl.properties to provide the SSL configuration point for DB access. Since based on different SSL setup, we could have various required SSL properties, provide one config of a list to be flexible. > Enable TLS encryption to HMS backend database > - > > Key: HIVE-13044 > URL: https://issues.apache.org/jira/browse/HIVE-13044 > Project: Hive > Issue Type: Improvement > Components: Metastore >Affects Versions: 2.1.0 >Reporter: Aihua Xu >Assignee: Aihua Xu > Attachments: HIVE-13044.1.patch > > > When the database like mysql enables TLS/SSL encryption, we should provide > some configuration properties like the ones to HS2 to enable that. Right now, > I think we can enable that through javaopts and connection url. -- This message was sent by Atlassian JIRA (v6.3.4#6332)