Details
-
Task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
For a more detailed explanation, see: Hive Replication Keystore Management
In ReplDumpTask, if the following new config is provided in HiveConf:
- hive.repl.cloud.credential.provider.path
then the HS2 credstore URI scheme, contained by HiveConf with key hadoop.security.credential.provider.path, should be updated so that it will start with new scheme: hiverepljceks. For instance:
jceks://file/path/to/credstore/creds.localjceks
will become:
hiverepljceks://file/path/to/credstore/creds.localjceks
This new scheme, hiverepljceks, will make Hadoop to use a new credential provider, which will do the following:
- Load the HS2 keystore file, defined by key hadoop.security.credential.provider.path
- Gets a password from the HS2 keystore file, with key: hive.repl.cloud.credential.provider.password
- This password will be used to load another keystore file, located on HDFS and specified by the new config mentioned before: hive.repl.cloud.credential.provider.path. This contains the cloud credentials for the Hive cloud replication.
Attachments
Issue Links
- links to