[
https://issues.apache.org/jira/browse/HIVE-17489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16159857#comment-16159857
]
Hive QA commented on HIVE-17489:
--------------------------------
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12886187/HIVE-17489.2-branch-2.patch
{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.
{color:red}ERROR:{color} -1 due to 18 failed/errored test(s), 10570 tests
executed
*Failed tests:*
{noformat}
TestHs2HooksWithMiniKdc - did not produce a TEST-*.xml file (likely timed out)
(batchId=237)
TestJdbcNonKrbSASLWithMiniKdc - did not produce a TEST-*.xml file (likely timed
out) (batchId=237)
TestJdbcWithMiniKdc - did not produce a TEST-*.xml file (likely timed out)
(batchId=237)
TestJdbcWithMiniKdcCookie - did not produce a TEST-*.xml file (likely timed
out) (batchId=237)
TestJdbcWithMiniKdcSQLAuthBinary - did not produce a TEST-*.xml file (likely
timed out) (batchId=237)
TestJdbcWithMiniKdcSQLAuthHttp - did not produce a TEST-*.xml file (likely
timed out) (batchId=237)
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[comments] (batchId=35)
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[explaindenpendencydiffengs]
(batchId=38)
org.apache.hadoop.hive.cli.TestMiniLlapCliDriver.testCliDriver[llap_smb]
(batchId=142)
org.apache.hadoop.hive.cli.TestMiniLlapCliDriver.testCliDriver[orc_ppd_basic]
(batchId=139)
org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver[explaindenpendencydiffengs]
(batchId=115)
org.apache.hadoop.hive.cli.TestSparkCliDriver.testCliDriver[vectorized_ptf]
(batchId=125)
org.apache.hadoop.hive.ql.security.TestExtendedAcls.testPartition (batchId=228)
org.apache.hadoop.hive.ql.security.TestFolderPermissions.testPartition
(batchId=217)
org.apache.hive.hcatalog.api.TestHCatClient.testTransportFailure (batchId=176)
org.apache.hive.minikdc.TestHiveAuthFactory.testStartTokenManagerForDBTokenStore
(batchId=237)
org.apache.hive.minikdc.TestHiveAuthFactory.testStartTokenManagerForMemoryTokenStore
(batchId=237)
org.apache.hive.minikdc.TestJdbcWithDBTokenStore.org.apache.hive.minikdc.TestJdbcWithDBTokenStore
(batchId=237)
{noformat}
Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/6746/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/6746/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-6746/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 18 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12886187 - PreCommit-HIVE-Build
> Separate client-facing and server-side Kerberos principals, to support HA
> -------------------------------------------------------------------------
>
> Key: HIVE-17489
> URL: https://issues.apache.org/jira/browse/HIVE-17489
> Project: Hive
> Issue Type: Bug
> Components: Metastore
> Reporter: Mithun Radhakrishnan
> Assignee: Thiruvel Thirumoolan
> Attachments: HIVE-17489.1.patch, HIVE-17489.2-branch-2.patch,
> HIVE-17489.2.patch
>
>
> On deployments of the Hive metastore where a farm of servers is fronted by a
> VIP, the hostname of the VIP (e.g. {{mycluster-hcat.blue.myth.net}}) will
> differ from the actual boxen in the farm (.e.g
> {{mycluster-hcat-\[0..3\].blue.myth.net}}).
> Such a deployment messes up Kerberos auth, with principals like
> {{hcat/mycluster-hcat.blue.myth....@grid.myth.net}}. Host-based checks will
> disallow servers behind the VIP from using the VIP's hostname in its
> principal when accessing, say, HDFS.
> The solution would be to decouple the server-side principal (used to access
> other services like HDFS as a client) from the client-facing principal (used
> from Hive-client, BeeLine, etc.).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
