HIVE-28775: HiveServer2: introduce a new HA Health Check endpoint on a different p… #5652
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
how about skipping the authentication for |
difin
changed the title
difin
changed the title
asf-ci-hive
added
tests pending
tests failed
and removed
tests failed
tests pending
labels
asf-ci-hive
added
tests pending
tests failed
and removed
tests failed
tests pending
labels
If we do that and Hive is deployed on a public cloud, it will allow access to the /leader endpoints to the internet, which is not secure. By adding a new unsecured endpoint for HA health-check on a different port, that new port can be exposed internally only for health-check script which will be more secure. |
asf-ci-hive
added
tests pending
tests failed
and removed
tests failed
tests pending
labels
difin
force-pushed
the
leader
branch
2 times, most recently
from
f65e8fe to
4917037
Compare
asf-ci-hive
added
tests failed
tests pending
and removed
tests pending
tests failed
labels
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…ort than WebUI
What changes were proposed in this pull request?
Changes to deploy a new endpoint for HA health checking that listens on a different port than WebUI port on HS2 webserver.
Why are the changes needed?
Leader endpoint is used for HA health checking on downstream. When LDAP authentication is enabled on HS2, it requires to call leader endpoint with LDAP also. If we wanted to create a technical user for this endpoint we would need to have customers add this user into their LDAP servers which we have no control over, so this is not a good solution. Instead of that this PR proposes a new HA health check endpoint that exposes only the new route '\GET /health-ha/leader' on a different port that can be accessed without LDAP.
Does this PR introduce any user-facing change?
Yes, new http endpoint that listens on a different port.
Is the change a dependency upgrade?
No.
How was this patch tested?
Execution of existing precommit tests + new HA tests.