hive git commit: HIVE-17560 : HiveMetastore doesn't start in secure cluster if repl change manager is enabled (Thejas Nair, reviewed by Daniel Dai)

Wed, 20 Sep 2017 12:30:36 -0700 

Repository: hive
Updated Branches:
  refs/heads/master 1c2e999c7 -> 0bdc570b7


HIVE-17560 : HiveMetastore doesn't start in secure cluster if repl change 
manager is enabled (Thejas Nair, reviewed by Daniel Dai)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/0bdc570b
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/0bdc570b
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/0bdc570b

Branch: refs/heads/master
Commit: 0bdc570b7535b8bfd8380108ec4e01c92c0e2a93
Parents: 1c2e999
Author: Thejas M Nair <the...@hortonworks.com>
Authored: Wed Sep 20 12:08:40 2017 -0700
Committer: Thejas M Nair <the...@hortonworks.com>
Committed: Wed Sep 20 12:08:40 2017 -0700

----------------------------------------------------------------------
 .../org/apache/hadoop/hive/metastore/HiveMetaStore.java     | 9 +++++++++
 1 file changed, 9 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/0bdc570b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
----------------------------------------------------------------------
diff --git 
a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
index 8bbc325..b863d48 100644
--- a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
+++ b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
@@ -136,6 +136,7 @@ import org.apache.hadoop.hive.metastore.txn.TxnUtils;
 import org.apache.hadoop.hive.serde2.Deserializer;
 import org.apache.hadoop.hive.serde2.SerDeException;
 import org.apache.hadoop.hive.shims.Utils;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.ReflectionUtils;
 import org.apache.hadoop.util.StringUtils;
@@ -7641,6 +7642,14 @@ public class HiveMetaStore extends ThriftHiveMetastore {
       boolean useSSL = conf.getBoolVar(ConfVars.HIVE_METASTORE_USE_SSL);
       useSasl = conf.getBoolVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL);
 
+      if (useSasl) {
+        // we are in secure mode. Login using keytab
+        String kerberosName = SecurityUtil
+            
.getServerPrincipal(conf.getVar(ConfVars.METASTORE_KERBEROS_PRINCIPAL), 
"0.0.0.0");
+        String keyTabFile = 
conf.getVar(ConfVars.METASTORE_KERBEROS_KEYTAB_FILE);
+        UserGroupInformation.loginUserFromKeytab(kerberosName, keyTabFile);
+      }
+
       TProcessor processor;
       TTransportFactory transFactory;
       final TProtocolFactory protocolFactory;

Reply via email to