diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 48e8491..9cb626e 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -549,7 +549,12 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal "Set this to true if multiple threads access metastore through JDO concurrently."), METASTORECONNECTURLKEY("javax.jdo.option.ConnectionURL", "jdbc:derby:;databaseName=metastore_db;create=true", - "JDBC connect string for a JDBC metastore"), + "JDBC connect string for a JDBC metastore.\n" + + "To use SSL to encrypt/authenticate the connection, provide database-specific SSL flag in the connection URL.\n" + + "For example, jdbc:postgresql://myhost/db?ssl=true for postgres database."), + METASTORE_DBACCESS_SSL_PROPS("hive.metastore.dbaccess.ssl.properties", "", + "Comma-separated SSL properties for metastore to access database when JDO connection URL\n" + + "enables SSL access. e.g. javax.net.ssl.trustStore=/tmp/truststore,javax.net.ssl.trustStorePassword=pwd."), HMSHANDLERATTEMPTS("hive.hmshandler.retry.attempts", 10, "The number of times to retry a HMSHandler call if there were a connection error."), HMSHANDLERINTERVAL("hive.hmshandler.retry.interval", "2000ms", diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 9eb15bd..3dca758 100644 --- a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -6199,6 +6199,19 @@ public static void startMetaStore(int port, HadoopThriftAuthBridge bridge, boolean useCompactProtocol = conf.getBoolVar(ConfVars.METASTORE_USE_THRIFT_COMPACT_PROTOCOL); useSasl = conf.getBoolVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL); + // SSL support + String sslPropString = conf.getVar(HiveConf.ConfVars.METASTORE_DBACCESS_SSL_PROPS); + if (org.apache.commons.lang.StringUtils.isNotEmpty(sslPropString)) { + LOG.info("Metastore server connecting to backed DB with SSL"); + for (String sslProp : sslPropString.split(",")) { + String[] pair = sslProp.trim().split("="); + if (pair != null && pair.length == 2) { + System.setProperty(pair[0].trim(), pair[1].trim()); + } else { + LOG.warn("Invalid metastore property value for " + HiveConf.ConfVars.METASTORE_DBACCESS_SSL_PROPS); + } + } + } TProcessor processor; TTransportFactory transFactory;