Defined Type: cdh::hive::metastore::mysql::grant

Defined in:
modules/cdh/manifests/hive/metastore/mysql/grant.pp

Overview

Define cdh::hive::metastore::mysql::grant

Adds an additional grant for $cdh::hive::jdbc_username to allow connecting from a remote host.

This does not create a new user or password, it just allows a remote host to connect to MySQL via the already configured user. This is useful if running hive-metastore daemon on a node other than the MySQL host.

Usage:

cdh::hive::metastore::mysql::grant { 'myotherhost.example.org': }

Parameters:

  • allowed_host (Any) (defaults to: $title)


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'modules/cdh/manifests/hive/metastore/mysql/grant.pp', line 13

define cdh::hive::metastore::mysql::grant($allowed_host = $title) {
    Class['cdh::hive::metastore::mysql'] -> Cdh::Hive::Metastore::Mysql::Grant[$title]

    $jdbc_database = $cdh::hive::metastore::mysql::jdbc_database
    $jdbc_username = $cdh::hive::metastore::mysql::jdbc_username
    $jdbc_password = $cdh::hive::metastore::mysql::jdbc_password

    # Only use -u or -p flag to mysql commands if
    # root username or root password are set.
    $username_option = $cdh::hive::metastore::mysql::db_root_username ? {
        undef   => '',
        default => "-u'${cdh::hive::metastore::mysql::db_root_username}'",
    }
    $password_option = $cdh::hive::metastore::mysql::db_root_password ? {
        undef   => '',
        default => "-p'${cdh::hive::metastore::mysql::db_root_password}'",
    }

    exec { "hive_mysql_grant_${allowed_host}":
        path    => '/usr/local/bin:/usr/bin:/bin',
        command => "mysql ${username_option} ${password_option} -e \"
GRANT ALL PRIVILEGES ON ${jdbc_database}.* TO '${jdbc_username}'@'${allowed_host}' IDENTIFIED BY '${jdbc_password}';
FLUSH PRIVILEGES;\"",
        unless  => "mysql ${username_option} ${password_option} -e \"SHOW GRANTS FOR '${jdbc_username}'@'${allowed_host}'\" | grep -q \"TO '${jdbc_username}'\"",
        user    => 'root',
    }
}