Versions Compared

Old Version 195

changes.mady.by.user Venugopal Reddy Kondreddy

Saved on

compared with

New Version Current

changes.mady.by.user Qiheng He

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add missing properties to enable ZooKeeper Service Discovery on HiveServer2

...

ZooKeeper-based service discovery introduced in Hive 0.14.0 (HIVE-7935) enables high availability and rolling upgrade for HiveServer2. A JDBC URL that specifies <zookeeper quorum> needs to be used to make use of these features. That is, at least in `hive-site.xml` or other configuration files for HiveServer2, `hive.server2.support.dynamic.service.discovery` should be set to `true`, and `hive.zookeeper.quorum` should be defined to point to several started Zookeeper Servers. Reference Configuration Properties .

The minimal configuration example is as follows.

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <property>
        <name>hive.server2.support.dynamic.service.discovery</name>
        <value>true</value>
    </property>
    <property>
        <name>hive.zookeeper.quorum</name>
        <value>127.0.0.1:2181</value>
    </property>
</configuration>


With further changes in Hive 2.0.0 and 1.3.0 (unreleased, HIVE-11581), none of the additional configuration parameters such as authentication mode, transport mode, or SSL parameters need to be specified, as they are retrieved from the ZooKeeper entries along with the hostname.

...

In the environment where exposing trustStorePassword and keyStorePassword in the connection URL is a security concern, a new option storePasswordPath is introduced with HIVE-27308 that can be used in URL instead of trustStorePassword and keyStorePassword. storePasswordPath value hold the path to the local keystore file storing the trustStorePassword and keyStorePassword aliases. When the existing trustStorePassword or keyStorePassword is present in URL along with storePasswordPath, respective password is directly obtained from password option.  Otherwise, fetches the particular alias from local keystore file(i.e., Existing existing password options are preferred over storePasswordPath).

...

jdbc:hive2://<host>:<port>/<db>;ssl=true;twoWay=true;sslTrustStore=<trust_store_path>;sslKeyStore=<key_store_path>;storePasswordPath=store_password_path>;transportMode=http;httpPath=<http_endpoint>

A local keystore file can be created leveraging hadoop credential command with trustStorePassword and keyStorePassword aliases like below. And this file can be passed with storePasswordPath option in the connection URL.

hadoop credential create trustStorePassword -value

...

mytruststorepassword -provider localjceks://file/tmp/

...

client_creds.jceks

hadoop credential create keyStorePassword -value FDUxmzTxW15xWoaCk6GxLlaoHjnjV9H7iHqCIDxTwoq mykeystorepassword -provider localjceks://file/tmp/store/client_creds.jceks

Passing HTTP Header Key/Value Pairs via JDBC Driver

...