The other transportation mode of HS2 is http and it is proxy friendly protocol over TCP. We have not enabled it. We can run HS2 simultaneously in both binary and http transport modes.
So new JDBCC connection string would look like this :
jdbc:hive2://{host}[:{port}][/{database}];ssl=true;sslTrustStore=<path>/mr3-ssl.jks;sslTrustStorePassword=<password>;transportMode=http;httpPath=<http_path>
It turns out that HTTP transport works okay. HiveServer2 kept restarting just because I forgot to update the liveness/readiness probes. Let me create a new MR3docs page on using HTTP transport, and get back to you.
If you would like to try now, here is an example of JDBC connection string. It uses both Kerberos and SSL, and you can ignore principal=hive/gold7@PL if you don't use Kerberos.jdbc:hive2://orange1:10001/;principal=hive/gold7@PL;;ssl=true;sslTrustStore=/home/gitlab-runner/mr3-run/kubernetes/beeline-ssl.jks;trustStorePassword=beelinepasswd1;transportMode=http;httpPath=/cliservice
* The port number 10001 is specified in the configuration key hive.server2.thrift.http.port in hive-site.xml.* You should update readinessProbe and livenessProbe in hive.yaml. Using tcpSocket with port 10001 works, and with SSL, you cannot use httpGet with scheme HTTPS (currently not supported by Kubernetes).
* You should update yaml/hiveserver2-service.yaml to use port 10001.If you cannot run multiple HS2 instances, then applying HIVE-5312 (https://issues.apache.org/jira/browse/HIVE-5312) back to Hive 3 seems to be an option. I will try to apply the patch to Hive 3 some time.
If you would like to try now, here is an example of JDBC connection string. It uses both Kerberos and SSL, and you can ignore principal=hive/gold7@PL if you don't use Kerberos.jdbc:hive2://orange1:10001/;principal=hive/gold7@PL;;ssl=true;sslTrustStore=/home/gitlab-runner/mr3-run/kubernetes/beeline-ssl.jks;trustStorePassword=beelinepasswd1;transportMode=http;httpPath=/cliserviceHere you're using beeline trustStore - just an example to show the connection string. Correct?
* The port number 10001 is specified in the configuration key hive.server2.thrift.http.port in hive-site.xml.* You should update readinessProbe and livenessProbe in hive.yaml. Using tcpSocket with port 10001 works, and with SSL, you cannot use httpGet with scheme HTTPS (currently not supported by Kubernetes).[2] Does it mean the readiness/liveness probes will fail always? I mean is there any workaround so that probes are working fine?
* You should update yaml/hiveserver2-service.yaml to use port 10001.If you cannot run multiple HS2 instances, then applying HIVE-5312 (https://issues.apache.org/jira/browse/HIVE-5312) back to Hive 3 seems to be an option. I will try to apply the patch to Hive 3 some time.[4] It is very relieving - most of the users want to use http and a few users binary. It would be great, if dual modes can be integrated into `Hive 3`. We already have multiple HS2 in binary mode and don't prefer to have another one for various reasons (cost, maintenance etc). Any ETA on this change?
On a side note, what is timeout you're using for LoadBalancer to avoid frequent loss of connection? I think we are using default - which is 1 60 seconds.
--
You received this message because you are subscribed to a topic in the Google Groups "MR3" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/hive-mr3/Lh19PZjx-sM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to hive-mr3+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/6d875a4e-f5a2-4ae5-93e3-8ae5d7461a87n%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "MR3" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hive-mr3+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/3e198ff2-5ded-4558-8627-3f1f21143d5fn%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/2675e10e-1c2c-4a4d-9ad7-c11aeebec8b5n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/37c2994b-2f85-46d8-9968-afa52860f0d0n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/92932736-87a8-445d-a503-f8c775aed80an%40googlegroups.com.
# initContainers to allow privileged-port for a non-root user.
initContainers:
- name: init-command
image: {{ .Values.docker.image }}
imagePullPolicy: {{ .Values.docker.imagePullPolicy }}
args:
- sysctl
- net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
runAsUser: 0
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/96f47ce9-30a5-4159-bc36-b5f3e85ae67dn%40googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "MR3" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/hive-mr3/Lh19PZjx-sM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to hive-mr3+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/71585c25-6784-4dc7-823e-d07141998d49n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hive-mr3/a59a0c80-7b99-4014-95c2-f711faf5f6f8n%40googlegroups.com.