Repository: hive Updated Branches: refs/heads/master 1c2e999c7 -> 0bdc570b7
HIVE-17560 : HiveMetastore doesn't start in secure cluster if repl change manager is enabled (Thejas Nair, reviewed by Daniel Dai) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/0bdc570b Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/0bdc570b Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/0bdc570b Branch: refs/heads/master Commit: 0bdc570b7535b8bfd8380108ec4e01c92c0e2a93 Parents: 1c2e999 Author: Thejas M Nair <the...@hortonworks.com> Authored: Wed Sep 20 12:08:40 2017 -0700 Committer: Thejas M Nair <the...@hortonworks.com> Committed: Wed Sep 20 12:08:40 2017 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/metastore/HiveMetaStore.java | 9 +++++++++ 1 file changed, 9 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/0bdc570b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java ---------------------------------------------------------------------- diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 8bbc325..b863d48 100644 --- a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -136,6 +136,7 @@ import org.apache.hadoop.hive.metastore.txn.TxnUtils; import org.apache.hadoop.hive.serde2.Deserializer; import org.apache.hadoop.hive.serde2.SerDeException; import org.apache.hadoop.hive.shims.Utils; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.ReflectionUtils; import org.apache.hadoop.util.StringUtils; @@ -7641,6 +7642,14 @@ public class HiveMetaStore extends ThriftHiveMetastore { boolean useSSL = conf.getBoolVar(ConfVars.HIVE_METASTORE_USE_SSL); useSasl = conf.getBoolVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL); + if (useSasl) { + // we are in secure mode. Login using keytab + String kerberosName = SecurityUtil + .getServerPrincipal(conf.getVar(ConfVars.METASTORE_KERBEROS_PRINCIPAL), "0.0.0.0"); + String keyTabFile = conf.getVar(ConfVars.METASTORE_KERBEROS_KEYTAB_FILE); + UserGroupInformation.loginUserFromKeytab(kerberosName, keyTabFile); + } + TProcessor processor; TTransportFactory transFactory; final TProtocolFactory protocolFactory;