Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
2.6.2
-
None
-
Ambari 2.6.2.2
HDP 2.6.5.0
Description
After Enabling SSL for Hive Server 2, Ambari Alerts showing "HiveServer2 Process critical".
When the keystore passphrase is having spacial characters like '(', ')' , '{' or '}' the alert in Ambari is triggered and the following traceback is shown:
Connection failed on host hive.server2.example.com:10000 (Traceback (most recent call last): File "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/alerts/alert_hive_thrift_port.py", line 212, in execute ldap_password=ldap_password) File "/usr/lib/ambari-agent/lib/resource_management/libraries/functions/hive_check.py", line 81, in check_thrift_port_sasl timeout_kill_strategy=TerminateStrategy.KILL_PROCESS_TREE, File "/usr/lib/ambari-agent/lib/resource_management/core/base.py", line 166, in __init__ self.env.run() File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line 160, in run self.run_action(resource, action) File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line 124, in run_action provider_action() File "/usr/lib/ambari-agent/lib/resource_management/core/providers/system.py", line 262, in action_run tries=self.resource.tries, try_sleep=self.resource.try_sleep) File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 72, in inner result = function(command, **kwargs) File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 102, in checked_call tries=tries, try_sleep=try_sleep, timeout_kill_strategy=timeout_kill_strategy) File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 150, in _call_wrapper result = _call(command, **kwargs_copy) File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 303, in _call raise ExecutionFailed(err_msg, code, out, err) ExecutionFailed: Execution of '! beeline -u 'jdbc:hive2://hive.server2.example.com:10000/;transportMode=binary;ssl=true;sslTrustStore=/path/to/my/keystore.jks;trustStorePassword=[PROTECTED]' -e '' 2>&1| awk '{print}'|grep -i -e 'Connection refused' -e 'Invalid URL'' returned 1. -bash: -c: line 0: syntax error near unexpected token `(' -bash: -c: line 0: `export PATH='/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/sbin:/sbin:/usr/lib/ambari-server/*:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib/mit/bin:/var/lib/ambari-agent:/var/lib/ambari-agent:/bin/:/usr/bin/:/usr/lib/hive/bin/:/usr/sbin/' ; ! beeline -u 'jdbc:hive2://hive.server2.example.com:10000/;transportMode=binary;ssl=true;sslTrustStore=/path/to/my/keystore.jks;trustStorePassword=[PROTECTED]' -e '' 2>&1| awk '{print}'|grep -i -e 'Connection refused' -e 'Invalid URL'' )
Therefore I am suggesting that the password should be escaped before handing over to bash in the following file:
/usr/lib/ambari-agent/lib/resource_management/libraries/functions/hive_check.py
Line 60:
beeline_url.extend(['ssl={ssl_str}', 'sslTrustStore={ssl_keystore}', 'trustStorePassword={ssl_password!p}'])
should be replaced to this:
beeline_url.extend(['ssl={ssl_str}', 'sslTrustStore={ssl_keystore}', 'trustStorePassword=\'{ssl_password!p}\''])
This solved my problem on my cluster.
Since I am new to the community and don't know the process and was not able to find the right repository to change it I am going this way by explaining my solution.
Attachments
Issue Links
- links to