diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 48e8491..9cb626e 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -549,7 +549,12 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal "Set this to true if multiple threads access metastore through JDO concurrently."), METASTORECONNECTURLKEY("javax.jdo.option.ConnectionURL", "jdbc:derby:;databaseName=metastore_db;create=true", - "JDBC connect string for a JDBC metastore"), + "JDBC connect string for a JDBC metastore.\n" + + "To use SSL to encrypt/authenticate the connection, provide database-specific SSL flag in the connection URL.\n" + + "For example, jdbc:postgresql://myhost/db?ssl=true for postgres database."), + METASTORE_DBACCESS_SSL_PROPS("hive.metastore.dbaccess.ssl.properties", "", + "Comma-separated SSL properties for metastore to access database when JDO connection URL\n" + + "enables SSL access. e.g. javax.net.ssl.trustStore=/tmp/truststore,javax.net.ssl.trustStorePassword=pwd."), HMSHANDLERATTEMPTS("hive.hmshandler.retry.attempts", 10, "The number of times to retry a HMSHandler call if there were a connection error."), HMSHANDLERINTERVAL("hive.hmshandler.retry.interval", "2000ms", diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java b/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java index 8d05f49..d4852b0 100644 --- a/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java +++ b/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java @@ -269,6 +269,7 @@ public void setConf(Configuration conf) { try { isInitialized = false; hiveConf = conf; + configureSSL(conf); Properties propsFromConf = getDataSourceProps(conf); boolean propsChanged = !propsFromConf.equals(prop); @@ -354,6 +355,25 @@ private static PartitionExpressionProxy createExpressionProxy(Configuration conf } } + /** + * Configure the SSL properties of the connection from provided config + * @param conf + */ + private static void configureSSL(Configuration conf) { + // SSL support + String sslPropString = conf.get(HiveConf.ConfVars.METASTORE_DBACCESS_SSL_PROPS.varname); + if (org.apache.commons.lang.StringUtils.isNotEmpty(sslPropString)) { + LOG.info("Metastore setting SSL properties of the connection to backed DB"); + for (String sslProp : sslPropString.split(",")) { + String[] pair = sslProp.trim().split("="); + if (pair != null && pair.length == 2) { + System.setProperty(pair[0].trim(), pair[1].trim()); + } else { + LOG.warn("Invalid metastore property value for " + HiveConf.ConfVars.METASTORE_DBACCESS_SSL_PROPS); + } + } + } + } /** * Properties specified in hive-default.xml override the properties specified @@ -393,6 +413,7 @@ private static Properties getDataSourceProps(Configuration conf) { } } } + return prop; }