diff --git a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java index c976285f47..78fac20775 100644 --- a/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java +++ b/common/src/java/org/apache/hadoop/hive/common/auth/HiveAuthUtils.java @@ -75,7 +75,7 @@ private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws TTranspo return new TSocket(sslSocket); } - public static TServerSocket getServerSocket(String hiveHost, int portNum) + public static TServerSocket getServerSocket(String hiveHost, int portNum, int clientTimeout) throws TTransportException { InetSocketAddress serverAddress; if (hiveHost == null || hiveHost.isEmpty()) { @@ -84,11 +84,11 @@ public static TServerSocket getServerSocket(String hiveHost, int portNum) } else { serverAddress = new InetSocketAddress(hiveHost, portNum); } - return new TServerSocket(serverAddress); + return new TServerSocket(serverAddress, clientTimeout); } public static TServerSocket getServerSSLSocket(String hiveHost, int portNum, String keyStorePath, - String keyStorePassWord, List sslVersionBlacklist) throws TTransportException, + String keyStorePassWord, List sslVersionBlacklist, int clientTimeout) throws TTransportException, UnknownHostException { TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); @@ -101,7 +101,7 @@ public static TServerSocket getServerSSLSocket(String hiveHost, int portNum, Str serverAddress = new InetSocketAddress(hiveHost, portNum); } TServerSocket thriftServerSocket = - TSSLTransportFactory.getServerSocket(portNum, 0, serverAddress.getAddress(), params); + TSSLTransportFactory.getServerSocket(portNum, clientTimeout, serverAddress.getAddress(), params); if (thriftServerSocket.getServerSocket() instanceof SSLServerSocket) { List sslVersionBlacklistLocal = new ArrayList(); for (String sslVersion : sslVersionBlacklist) { diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index ed6d3d80e3..e2086bbbe1 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -3371,6 +3371,9 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal HIVE_SERVER2_LONG_POLLING_TIMEOUT("hive.server2.long.polling.timeout", "5000ms", new TimeValidator(TimeUnit.MILLISECONDS), "Time that HiveServer2 will wait before responding to asynchronous calls that use long polling"), + HIVE_SERVER2_THRIFT_SOCKET_TIMEOUT("hive.server2.thrift.socket.timeout", "0", + new TimeValidator(TimeUnit.MILLISECONDS), + "Maximum time that HiveServer2 sockets wait to read message before exiting"), HIVE_SESSION_IMPL_CLASSNAME("hive.session.impl.classname", null, "Classname for custom implementation of hive session"), HIVE_SESSION_IMPL_WITH_UGI_CLASSNAME("hive.session.impl.withugi.classname", null, "Classname for custom implementation of hive session with UGI"), diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftBinaryCLIService.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftBinaryCLIService.java index df2d3a7b71..40bd79545d 100644 --- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftBinaryCLIService.java +++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftBinaryCLIService.java @@ -76,8 +76,9 @@ protected void initServer() { for (String sslVersion : hiveConf.getVar(ConfVars.HIVE_SSL_PROTOCOL_BLACKLIST).split(",")) { sslVersionBlacklist.add(sslVersion); } + int clientTimeout = (int) hiveConf.getTimeVar(ConfVars.HIVE_SERVER2_THRIFT_SOCKET_TIMEOUT, TimeUnit.MILLISECONDS); if (!hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_USE_SSL)) { - serverSocket = HiveAuthUtils.getServerSocket(hiveHost, portNum); + serverSocket = HiveAuthUtils.getServerSocket(hiveHost, portNum, clientTimeout); } else { String keyStorePath = hiveConf.getVar(ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PATH).trim(); if (keyStorePath.isEmpty()) { @@ -86,8 +87,8 @@ protected void initServer() { } String keyStorePassword = ShimLoader.getHadoopShims().getPassword(hiveConf, HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname); - serverSocket = HiveAuthUtils.getServerSSLSocket(hiveHost, portNum, keyStorePath, keyStorePassword, - sslVersionBlacklist); + serverSocket = HiveAuthUtils.getServerSSLSocket(hiveHost, portNum, keyStorePath, + keyStorePassword, sslVersionBlacklist, clientTimeout); } // Server args diff --git a/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java b/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java index 1d64cce2c9..4842deadcc 100644 --- a/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java +++ b/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java @@ -744,6 +744,8 @@ public static ConfVars getMetaConf(String name) { "Minimum number of worker threads in the Thrift server's pool."), SERVER_PORT("metastore.thrift.port", "hive.metastore.port", 9083, "Hive metastore listener port"), + SOCKET_TIMEOUT("metastore.thrift.socket.timeout", "metastore.thrift.socket.timeout", 0, TimeUnit.MILLISECONDS, + "Maximum time that Metastore server sockets wait to read message before exiting"), SSL_KEYSTORE_PASSWORD("metastore.keystore.password", "hive.metastore.keystore.password", "", "Metastore SSL certificate keystore password."), SSL_KEYSTORE_PATH("metastore.keystore.path", "hive.metastore.keystore.path", "", diff --git a/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/utils/SecurityUtils.java b/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/utils/SecurityUtils.java index bae1ec35b2..9df5eb7c42 100644 --- a/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/utils/SecurityUtils.java +++ b/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/utils/SecurityUtils.java @@ -199,7 +199,7 @@ public static String getUser() throws IOException { } } - public static TServerSocket getServerSocket(String hiveHost, int portNum) throws TTransportException { + public static TServerSocket getServerSocket(String hiveHost, int portNum, int clientTimeout) throws TTransportException { InetSocketAddress serverAddress; if (hiveHost == null || hiveHost.isEmpty()) { // Wildcard bind @@ -207,11 +207,12 @@ public static TServerSocket getServerSocket(String hiveHost, int portNum) throws } else { serverAddress = new InetSocketAddress(hiveHost, portNum); } - return new TServerSocket(serverAddress); + return new TServerSocket(serverAddress, clientTimeout); } public static TServerSocket getServerSSLSocket(String hiveHost, int portNum, String keyStorePath, - String keyStorePassWord, List sslVersionBlacklist) throws TTransportException, + String keyStorePassWord, List sslVersionBlacklist, + int clientTimeout) throws TTransportException, UnknownHostException { TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); @@ -224,7 +225,7 @@ public static TServerSocket getServerSSLSocket(String hiveHost, int portNum, Str serverAddress = new InetSocketAddress(hiveHost, portNum); } TServerSocket thriftServerSocket = - TSSLTransportFactory.getServerSocket(portNum, 0, serverAddress.getAddress(), params); + TSSLTransportFactory.getServerSocket(portNum, clientTimeout, serverAddress.getAddress(), params); if (thriftServerSocket.getServerSocket() instanceof SSLServerSocket) { List sslVersionBlacklistLocal = new ArrayList<>(); for (String sslVersion : sslVersionBlacklist) { diff --git a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 8cd46e3f44..312929b86d 100644 --- a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -9178,6 +9178,7 @@ public static void startMetaStore(int port, HadoopThriftAuthBridge bridge, boolean useCompactProtocol = MetastoreConf.getBoolVar(conf, ConfVars.USE_THRIFT_COMPACT_PROTOCOL); boolean useSSL = MetastoreConf.getBoolVar(conf, ConfVars.USE_SSL); useSasl = MetastoreConf.getBoolVar(conf, ConfVars.USE_THRIFT_SASL); + int clientTimeout = (int) MetastoreConf.getTimeVar(conf, ConfVars.SOCKET_TIMEOUT, TimeUnit.MILLISECONDS); if (useSasl) { // we are in secure mode. Login using keytab @@ -9242,7 +9243,7 @@ public static void startMetaStore(int port, HadoopThriftAuthBridge bridge, } if (!useSSL) { - serverSocket = SecurityUtils.getServerSocket(null, port); + serverSocket = SecurityUtils.getServerSocket(null, port, clientTimeout); } else { String keyStorePath = MetastoreConf.getVar(conf, ConfVars.SSL_KEYSTORE_PATH).trim(); if (keyStorePath.isEmpty()) { @@ -9259,7 +9260,7 @@ public static void startMetaStore(int port, HadoopThriftAuthBridge bridge, } serverSocket = SecurityUtils.getServerSSLSocket(null, port, keyStorePath, - keyStorePassword, sslVersionBlacklist); + keyStorePassword, sslVersionBlacklist, clientTimeout); } if (tcpKeepAlive) {