[
https://issues.apache.org/jira/browse/HIVE-9625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602324#comment-14602324
]
Nemon Lou commented on HIVE-9625:
---------------------------------
Thanks all for working on this.
Seeing the same issue.We then add a re-acquire token step during reconnect and
it works.The limitation is that you have to use RetryingMetaStoreClient.
And the benefits is it both works for hiveserver2 and hcatalog(and others that
use RetryingMetaStoreClient).Hope this idea can be accepted,too.
Here is the piece of code changed in HiveMetaStoreClient.java:
{code:java}
@Override
public void reconnect() throws MetaException {
if (localMetaStore) {
// For direct DB connections we don't yet support reestablishing
connections.
throw new MetaException("For direct MetaStore DB connections, we don't
support retries" +
" at the client level.");
} else {
// Swap the first element of the metastoreUris[] with a random element
from the rest
// of the array. Rationale being that this method will generally be
called when the default
// connection has died and the default connection is likely to be the
first array element.
promoteRandomMetaStoreURI();
reacquireToken();
open();
}
}
private void reacquireToken() throws MetaException {
if (!conf.getBoolVar(ConfVars.METASTORE_USE_THRIFT_SASL)) {
return;
}
String preTokenSig = conf.get("hive.metastore.token.signature");
String token = null;
try {
token = Utils.getTokenStrForm(preTokenSig);
} catch (IOException ex) {
LOG.warn("Could not get token.", ex);
throw new MetaException("Could not get token: " + ex.getMessage());
}
if (null == preTokenSig || null == token) {
return;
}
try {
conf.unset("hive.metastore.token.signature");
int retriesLeft = RETRY_LIMIT;
while (true) {
try {
final String curUser = conf.getUser();
token = UserGroupInformation.getLoginUser().doAs(new
PrivilegedExceptionAction<String> () {
@Override
public String run() throws Exception {
HiveMetaStoreClient client = new HiveMetaStoreClient(conf);
return client.getDelegationToken(curUser, curUser);
}
});
break;
} catch (Exception ex) {
if (retriesLeft > 0) {
LOG.error("Could not get a new token. Attempts left: " +
retriesLeft--, ex);
try {
Thread.sleep(THIRTY_SECONDS);
} catch (InterruptedException ex2) {
LOG.debug("Sleep is interrupted.");
}
continue;
}
throw new MetaException("Could not get a new token: " +
ex.getMessage());
}
}
} finally {
conf.set("hive.metastore.token.signature", preTokenSig);
}
try {
Utils.setTokenStr(UserGroupInformation.getCurrentUser(), token,
preTokenSig);
} catch (IOException e) {
LOG.error("Couldn't setup delegation token in the ugi", e);
throw new MetaException("Couldn't setup delegation token in the ugi: "
+ e.getMessage());
}
}
{code}
> Delegation tokens for HMS are not renewed
> -----------------------------------------
>
> Key: HIVE-9625
> URL: https://issues.apache.org/jira/browse/HIVE-9625
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Reporter: Brock Noland
> Assignee: Brock Noland
> Attachments: HIVE-9625-branch-1.patch, HIVE-9625.1.patch,
> HIVE-9625.1.patch
>
>
> AFAICT the delegation tokens stored in [HiveSessionImplwithUGI
> |https://github.com/apache/hive/blob/trunk/service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java#L45]
> for HMS + Impersonation are never renewed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
