[Fix] Add hive-conf-dir option to paimon catalog

[shidayang]

Why are the changes needed?

I encountered a Kerberos error when there was no hive-conf-dir parameter. However, this error does not always occur and may be related to the Kerberos environment of the server where AMS is located.

javax.security.sasl.SaslException: GSS initiate failed
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) ~[?:1.8.0_152]
        at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:95) ~[libthrift-0.13.0.jar:0.13.0]
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:265) ~[libthrift-0.13.0.jar:0.13.0]
        at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:38) ~[libthrift-0.13.0.jar:0.13.0]
        at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52) ~[hive-shims-common-2.1.1.jar:2.1.1]
        at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49) ~[hive-shims-common-2.1.1.jar:2.1.1]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_152]
        at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_152]
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1938) ~[hadoop-common-2.10.2.jar:?]
        at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49) ~[hive-shims-common-2.1.1.jar:2.1.1]
        at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:477) ~[hive-metastore-2.1.1.jar:2.1.1]
        at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:285) ~[hive-metastore-2.1.1.jar:2.1.1]
        at sun.reflect.GeneratedConstructorAccessor48.newInstance(Unknown Source) ~[?:?]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:1.8.0_152]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_152]
        at org.apache.hadoop.hive.metastore.MetaStoreUtils.newInstance(MetaStoreUtils.java:1652) ~[hive-metastore-2.1.1.jar:2.1.1]
        at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.<init>(RetryingMetaStoreClient.java:80) ~[hive-metastore-2.1.1.jar:2.1.1]
        at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:130) ~[hive-metastore-2.1.1.jar:2.1.1]
        at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:101) ~[hive-metastore-2.1.1.jar:2.1.1]
        at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown Source) ~[?:?]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
        at org.apache.paimon.hive.HiveCatalog.createClient(HiveCatalog.java:646) ~[paimon-spark-common-0.5.0-incubating.jar:0.5.0-incubating]
        at org.apache.paimon.hive.HiveCatalog.<init>(HiveCatalog.java:136) ~[paimon-spark-common-0.5.0-incubating.jar:0.5.0-incubating]
        at org.apache.paimon.hive.HiveCatalogFactory.create(HiveCatalogFactory.java:89) ~[paimon-spark-common-0.5.0-incubating.jar:0.5.0-incubating]
        at org.apache.paimon.catalog.CatalogFactory.createCatalog(CatalogFactory.java:89) ~[paimon-spark-common-0.5.0-incubating.jar:0.5.0-incubating]
        at org.apache.paimon.catalog.CatalogFactory.createCatalog(CatalogFactory.java:58) ~[paimon-spark-common-0.5.0-incubating.jar:0.5.0-incubating]
        at com.netease.arctic.formats.paimon.PaimonCatalogFactory.paimonCatalog(PaimonCatalogFactory.java:57) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.formats.paimon.PaimonCatalogFactory.create(PaimonCatalogFactory.java:41) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.formats.paimon.PaimonCatalogFactory.create(PaimonCatalogFactory.java:34) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.CommonUnifiedCatalog.initializeFormatCatalogs(CommonUnifiedCatalog.java:155) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.CommonUnifiedCatalog.<init>(CommonUnifiedCatalog.java:49) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.server.catalog.PaimonServerCatalog.lambda$new$0(PaimonServerCatalog.java:44) ~[amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.table.TableMetaStore.call(TableMetaStore.java:234) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.table.TableMetaStore.lambda$doAs$0(TableMetaStore.java:209) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_152]
        at javax.security.auth.Subject.doAs(Subject.java:360) ~[?:1.8.0_152]
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1918) ~[hadoop-common-2.10.2.jar:?]
        at com.netease.arctic.table.TableMetaStore.doAs(TableMetaStore.java:209) ~[amoro-core-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.server.catalog.PaimonServerCatalog.doAs(PaimonServerCatalog.java:91) ~[amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.server.catalog.PaimonServerCatalog.<init>(PaimonServerCatalog.java:44) ~[amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.server.catalog.CatalogBuilder.buildServerCatalog(CatalogBuilder.java:28) ~[amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.server.table.DefaultTableService.initServerCatalog(DefaultTableService.java:132) ~[amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
        at java.util.ArrayList.forEach(ArrayList.java:1257) [?:1.8.0_152]
        at com.netease.arctic.server.table.DefaultTableService.initialize(DefaultTableService.java:341) [amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.server.ArcticServiceContainer.startService(ArcticServiceContainer.java:146) [amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
        at com.netease.arctic.server.ArcticServiceContainer.main(ArcticServiceContainer.java:109) [amoro-ams-server-0.6.0-SNAPSHOT.jar:?]
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) ~[?:1.8.0_152]
        at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) ~[?:1.8.0_152]
        at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) ~[?:1.8.0_152]
        at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224) ~[?:1.8.0_152]
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) ~[?:1.8.0_152]
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ~[?:1.8.0_152]
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) ~[?:1.8.0_152]
        ... 46 more

Brief change log

• Add hive-conf-dir option for paimon catalog in PaimonServerCatalog
• Remove catalog option check in CatalogController

How was this patch tested?

• Add some test cases that check the changes thoroughly including negative and positive cases if possible

• Add screenshots for manual tests if appropriate

• Run test locally before making a pull request

Documentation

• Does this pull request introduce a new feature? (yes / no)
• If yes, how is the feature documented? (not applicable / docs / JavaDocs / not documented)

[codecov]

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Files	Coverage Δ
...server/dashboard/controller/CatalogController.java	15.50% <ø> (+0.45%)	⬆️
...ase/arctic/server/catalog/PaimonServerCatalog.java	52.00% <50.00%> (-0.39%)	⬇️

... and 5 files with indirect coverage changes

📢 Thoughts on this report? Let us know!.

[HuangFru]

Does 'hadoop-conf-dir' also need to be added?

[shidayang]

Does 'hadoop-conf-dir' also need to be added?

It seems that it is not necessary to add it currently.

[zhoujinsong]

What is the specific reason for causing this error? And why does adding the hive-conf-dir property solve this problem?

[shidayang]

What is the specific reason for causing this error? And why does adding the hive-conf-dir property solve this problem?

Currently, the HiveCatalog of Paimon can only pass Hive configurations through the hive-conf-dir configuration. When initializing TTransport in HiveMetaStoreClient, different implementations are initialized based on specific Hive configuration files. If authentication is not configured in Hive, TSocket implementation should be used. If the configuration file is not read, authentication errors may occur due to the use of TUGIAssumingTransport implementation by some UGI instances in certain environments.

[zhoujinsong]

LGTM.