Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#3295] fix(catalog-hive):The Hive Catalog Bug In Multiple Kerberized HMS #3324

Conversation

jerryshao
Copy link
Contributor

What changes were proposed in this pull request?

remove PRINCIPAL -> METASTORE_KERBEROS_PRINCIPAL in the GRAVITINO_CONFIG_TO_HIVE

Why are the changes needed?

The hive.metastore.kerberos.principal is not the same as kerberos.principal functionally.

Fix: #3295

Does this PR introduce any user-facing change?

yes, add the document

How was this patch tested?

existing test (TestHiveCatalogOperations)

test in inner environment as follow:

step 1
Install gravitino in host1, Install HMS1 in host1, and install HMS2 in host2

step 2
create catalog1 for HMS1:

curl -L -X POST 'http://host1:8090/api/metalakes/mk1/catalogs'
-H 'Content-Type: application/json'
-H 'Accept: application/vnd.gravitino.v1+json'
--data-raw '{
"name": "catalog1",
"type": "relational",
"provider": "hive",
"properties": {
"metastore.uris": "thrift://host1:7004",
"kerberos.principal": "hadoop/host1@EXAMPLE.COM",
"kerberos.keytab-uri": "/var/krb5kdc/emr.keytab",
"gravitino.bypass.hadoop.security.authentication": "kerberos",
"gravitino.bypass.hive.metastore.kerberos.principal": "hadoop/_HOST@EXAMPLE.COM",
"gravitino.bypass.hive.metastore.sasl.enabled": true
}
}'

step 3
create catalog1 for HMS1:

curl -L -X POST 'http://host1:8090/api/metalakes/mk1/catalogs'
-H 'Content-Type: application/json'
-H 'Accept: application/vnd.gravitino.v1+json'
--data-raw '{
"name": "catalog2",
"type": "relational",
"provider": "hive",
"properties": {
"metastore.uris": "thrift://host2:7004",
"kerberos.principal": "hadoop/host1@EXAMPLE.COM",
"kerberos.keytab-uri": "/var/krb5kdc/emr.keytab",
"gravitino.bypass.hadoop.security.authentication": "kerberos",
"gravitino.bypass.hive.metastore.kerberos.principal": "hadoop/_HOST@EXAMPLE.COM",
"gravitino.bypass.hive.metastore.sasl.enabled": true
}
}'

step 4
curl -L -X GET 'http://host1:8090/api/metalakes/mk1/catalogs/catalog1/schemas'
success

curl -L -X GET 'http://host1:8090/api/metalakes/mk1/catalogs/catalog2/schemas'
success

… HMS (#3321)

### What changes were proposed in this pull request?

remove PRINCIPAL -> METASTORE_KERBEROS_PRINCIPAL in the
GRAVITINO_CONFIG_TO_HIVE

### Why are the changes needed?

The hive.metastore.kerberos.principal is not the same as
kerberos.principal functionally.

Fix: #3295 

### Does this PR introduce _any_ user-facing change?

yes, add the document

### How was this patch tested?

existing test (TestHiveCatalogOperations)

#### test in inner environment as follow:

step 1
Install gravitino in host1, Install HMS1 in host1, and install HMS2 in
host2

step 2
create catalog1 for HMS1:

curl -L -X POST 'http://host1:8090/api/metalakes/mk1/catalogs'
-H 'Content-Type: application/json'
-H 'Accept: application/vnd.gravitino.v1+json'
--data-raw '{
"name": "catalog1",
"type": "relational",
"provider": "hive",
"properties": {
"metastore.uris": "thrift://host1:7004",
"kerberos.principal":
"hadoop/[host1@EXAMPLE.COM](mailto:host1@EXAMPLE.COM)",
"kerberos.keytab-uri": "/var/krb5kdc/emr.keytab",
"gravitino.bypass.hadoop.security.authentication": "kerberos",
"gravitino.bypass.hive.metastore.kerberos.principal":
"hadoop/[_HOST@EXAMPLE.COM](mailto:_HOST@EXAMPLE.COM)",
"gravitino.bypass.hive.metastore.sasl.enabled": true
}
}'

step 3
create catalog1 for HMS1:

curl -L -X POST 'http://host1:8090/api/metalakes/mk1/catalogs'
-H 'Content-Type: application/json'
-H 'Accept: application/vnd.gravitino.v1+json'
--data-raw '{
"name": "catalog2",
"type": "relational",
"provider": "hive",
"properties": {
"metastore.uris": "thrift://host2:7004",
"kerberos.principal":
"hadoop/[host1@EXAMPLE.COM](mailto:host1@EXAMPLE.COM)",
"kerberos.keytab-uri": "/var/krb5kdc/emr.keytab",
"gravitino.bypass.hadoop.security.authentication": "kerberos",
"gravitino.bypass.hive.metastore.kerberos.principal":
"hadoop/[_HOST@EXAMPLE.COM](mailto:_HOST@EXAMPLE.COM)",
"gravitino.bypass.hive.metastore.sasl.enabled": true
}
}'

step 4
curl -L -X GET
'http://host1:8090/api/metalakes/mk1/catalogs/catalog1/schemas'
success

curl -L -X GET
'http://host1:8090/api/metalakes/mk1/catalogs/catalog2/schemas'
success

Co-authored-by: theoryxu <theoryxu@tencent.com>
@jerryshao jerryshao added cherry-pick need backport Issues that need to backport to another branch labels May 10, 2024
@jerryshao jerryshao merged commit 7d0f6ad into branch-0.5 May 10, 2024
22 checks passed
@jerryshao jerryshao deleted the cherry-pick-branch-0.5-aaf94fa235fac4d2c9ba9e3b658efefb817d44b6 branch May 10, 2024 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cherry-pick need backport Issues that need to backport to another branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants