Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HIVE-26632: Update DelegationTokenSecretManager current key ID to pre… #3673

Merged
merged 1 commit into from Oct 26, 2022
Merged

HIVE-26632: Update DelegationTokenSecretManager current key ID to pre… #3673

merged 1 commit into from Oct 26, 2022

Conversation

cnauroth
Copy link
Contributor

…vent erroneous database updates.

What changes were proposed in this pull request?

Update DelegationTokenSecretManager current key ID to prevent erroneous database updates.

Why are the changes needed?

When multiple HiveMetaStore processes share a database for MASTER_KEYS, this bug can cause incorrect update attempts and increased database load.

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Run multiple HiveMetaStore processes sharing the same database. To make it easier to expose the problem, downtune configuration properties related to master key rollover to artificially low values:

  • hive.cluster.delegation.token.gc-interval
  • hive.cluster.delegation.key.update-interval
  • hive.cluster.delegation.token.max-lifetime

WIthout the patch, stack traces like this are visible in the logs:

2022-08-03T00:09:48,744 ERROR [Thread[Thread-9,5,main]] thrift.TokenStoreDelegationTokenSecretManager: ExpiredTokenRemover thread received unexpected exception. org.apache.hadoop.hive.thrift.DelegationTokenStore$TokenStoreException: NoSuchObjectException(message:No key found with keyId: 1)
org.apache.hadoop.hive.thrift.DelegationTokenStore$TokenStoreException: NoSuchObjectException(message:No key found with keyId: 1)
	at org.apache.hadoop.hive.thrift.DBTokenStore.invokeOnTokenStore(DBTokenStore.java:170) ~[hive-exec-2.3.7.jar:2.3.7]
	at org.apache.hadoop.hive.thrift.DBTokenStore.updateMasterKey(DBTokenStore.java:51) ~[hive-exec-2.3.7.jar:2.3.7]
	at org.apache.hadoop.hive.thrift.TokenStoreDelegationTokenSecretManager.rollMasterKeyExt(TokenStoreDelegationTokenSecretManager.java:269) ~[hive-exec-2.3.7.jar:2.3.7]
	at org.apache.hadoop.hive.thrift.TokenStoreDelegationTokenSecretManager$ExpiredTokenRemover.run(TokenStoreDelegationTokenSecretManager.java:301) [hive-exec-2.3.7.jar:2.3.7]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_312]
Caused by: org.apache.hadoop.hive.metastore.api.NoSuchObjectException: No key found with keyId: 1
	at org.apache.hadoop.hive.metastore.ObjectStore.updateMasterKey(ObjectStore.java:7727) ~[hive-exec-2.3.7.jar:2.3.7]

After applying the patch, the problem goes away.

The exact timing makes it difficult to reproduce accurately in a unit test.

@cnauroth
Copy link
Contributor Author

http://ci.hive.apache.org/blue/organizations/jenkins/hive-precommit/detail/PR-3673/1/tests

There are 2 CLI integration test failures that don't appear to be related to this patch.

@cnauroth
Copy link
Contributor Author

@ayushtkn or @dengzhhu653 , would one of you be able to review this? Thank you.

ayushtkn
ayushtkn approved these changes Oct 24, 2022
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanx for fixing this!!

@sonarcloud
Copy link

sonarcloud bot commented Oct 26, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
No Duplication information No Duplication information

@ayushtkn ayushtkn merged commit 16ce755 into apache:master Oct 26, 2022
DongWei-4 pushed a commit to DongWei-4/hive that referenced this pull request Oct 28, 2022
@cnauroth @DongWei-4
HIVE-26632: Update DelegationTokenSecretManager current key ID to pre…
400da92 
…vent erroneous database updates. (apache#3673).  (Chris Nauroth, reviewed by Ayush Saxena and Zhihua Deng)
dengzhhu653 pushed a commit to dengzhhu653/hive that referenced this pull request Dec 15, 2022
@cnauroth @dengzhhu653
HIVE-26632: Update DelegationTokenSecretManager current key ID to pre…
ea49dff 
…vent erroneous database updates. (apache#3673).  (Chris Nauroth, reviewed by Ayush Saxena and Zhihua Deng)
yeahyung pushed a commit to yeahyung/hive that referenced this pull request Jul 20, 2023
@cnauroth @yeahyung
HIVE-26632: Update DelegationTokenSecretManager current key ID to pre…
21b9279 
…vent erroneous database updates. (apache#3673).  (Chris Nauroth, reviewed by Ayush Saxena and Zhihua Deng)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dengzhhu653 dengzhhu653 dengzhhu653 approved these changes

@ayushtkn ayushtkn ayushtkn approved these changes

Assignees
No one assigned
Labels
tests passed
Projects
None yet
Milestone
No milestone
4 participants
@cnauroth @dengzhhu653 @ayushtkn @kgyrtkirk