From 8632599359db033f9023eba6eca5bbeb1b53f867 Mon Sep 17 00:00:00 2001 From: Sylwester Lachiewicz Date: Sat, 2 Apr 2022 21:19:08 +0200 Subject: [PATCH 1/4] Upgrade PostgreSQL JDBC Driver to 42.3.3 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a1c82f..aeada7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,9 +20,9 @@ RUN apt-get clean && \ apt-get install --only-upgrade openssl libssl1.1 libexpat1 && \ apt-get install -y libk5crypto3 libkrb5-3 libsqlite3-0 -RUN rm ${HIVE_HOME}/lib/postgresql-9.4.1208.jre7.jar +RUN rm ${HIVE_HOME}/lib/postgresql-*.jar -RUN curl -o ${HIVE_HOME}/lib/postgresql-42.2.25.jre7.jar -L https://jdbc.postgresql.org/download/postgresql-42.2.25.jre7.jar +RUN curl -o ${HIVE_HOME}/lib/postgresql-42.3.3.jar -L https://jdbc.postgresql.org/download/postgresql-42.3.3.jar # Configure Hadoop AWS Jars to be available to hive RUN ln -s ${HADOOP_HOME}/share/hadoop/tools/lib/*aws* ${HIVE_HOME}/lib From b0626a51d35b98180876d2b716df1bfead72148e Mon Sep 17 00:00:00 2001 From: Sylwester Lachiewicz Date: Sat, 2 Apr 2022 21:31:00 +0200 Subject: [PATCH 2/4] Upgrade Log4j2 to 2.17.2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index aeada7d..0fb48ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ COPY conf ${HIVE_HOME}/conf COPY scripts/entrypoint.sh ${HIVE_HOME}/entrypoint.sh # Remove vulnerable Log4j version and install latest -ARG LOG4J_VERSION=2.17.1 +ARG LOG4J_VERSION=2.17.2 ARG LOG4J_LOCATION="https://repo1.maven.org/maven2/org/apache/logging/log4j" RUN \ rm -f ${HADOOP_HOME}/share/hadoop/common/lib/slf4j-log4j12* && \ From 0b5c76994c3819d669b3a09c807b717f4a7e8bd6 Mon Sep 17 00:00:00 2001 From: Sylwester Lachiewicz Date: Sat, 2 Apr 2022 21:31:23 +0200 Subject: [PATCH 3/4] Update link to Java docs --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0fb48ff..504f7c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,7 +44,7 @@ RUN \ curl -o ${HIVE_HOME}/lib/log4j-core-${LOG4J_VERSION}.jar ${LOG4J_LOCATION}/log4j-core/${LOG4J_VERSION}/log4j-core-${LOG4J_VERSION}.jar && \ curl -o ${HIVE_HOME}/lib/log4j-slf4j-impl-${LOG4J_VERSION}.jar ${LOG4J_LOCATION}/log4j-slf4j-impl/${LOG4J_VERSION}/log4j-slf4j-impl-${LOG4J_VERSION}.jar -# https://docs.oracle.com/javase/7/docs/technotes/guides/net/properties.html +# https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-files/net-properties.html # Java caches dns results forever, don't cache dns results forever: RUN touch ${JAVA_HOME}/lib/security/java.security RUN sed -i '/networkaddress.cache.ttl/d' ${JAVA_HOME}/lib/security/java.security From 7def02bb77d2c4ef87c8ac73258fcbeaed8a25a6 Mon Sep 17 00:00:00 2001 From: Sylwester Lachiewicz Date: Sat, 2 Apr 2022 21:59:18 +0200 Subject: [PATCH 4/4] Improve build time and image size --- Dockerfile | 14 +++++++++----- README.md | 2 +- scripts/entrypoint.sh | 6 +++--- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 504f7c8..5ce0376 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,12 +13,16 @@ RUN apt-get clean && \ apt-get update && \ apt-get upgrade -y && \ apt-get -qqy install curl && \ - curl -L https://dlcdn.apache.org/hive/hive-${HIVE_VERSION}/apache-hive-${HIVE_VERSION}-bin.tar.gz | tar zxf - && \ + apt-get install --only-upgrade openssl libssl1.1 libexpat1 && \ + apt-get install -y libk5crypto3 libkrb5-3 libsqlite3-0 && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* +RUN curl -L https://dlcdn.apache.org/hive/hive-${HIVE_VERSION}/apache-hive-${HIVE_VERSION}-bin.tar.gz | tar zxf - && \ curl -L https://dlcdn.apache.org/hadoop/common/hadoop-${HADOOP_VERSION}/hadoop-${HADOOP_VERSION}.tar.gz | tar zxf - && \ mv apache-hive-${HIVE_VERSION}-bin/* ${HIVE_HOME} && \ mv hadoop-${HADOOP_VERSION}/* ${HADOOP_HOME} && \ - apt-get install --only-upgrade openssl libssl1.1 libexpat1 && \ - apt-get install -y libk5crypto3 libkrb5-3 libsqlite3-0 + chown -R 1002:0 ${HIVE_HOME} ${HADOOP_HOME} && \ + chmod -R u+rwx,g+rwx ${HIVE_HOME} ${HADOOP_HOME} RUN rm ${HIVE_HOME}/lib/postgresql-*.jar @@ -55,8 +59,8 @@ RUN echo 'networkaddress.cache.negative.ttl=0' >> ${JAVA_HOME}/lib/security/java # imagebuilder expects the directory to be created before VOLUME RUN mkdir -p /var/lib/hive /.beeline ${HOME}/.beeline # to allow running as non-root -RUN chown -R 1002:0 ${HIVE_HOME} ${HADOOP_HOME} /var/lib/hive /.beeline ${HOME}/.beeline /etc/passwd $(readlink -f ${JAVA_HOME}/lib/security/cacerts) && \ - chmod -R u+rwx,g+rwx ${HIVE_HOME} ${HADOOP_HOME} /var/lib/hive /.beeline ${HOME}/.beeline /etc/passwd $(readlink -f ${JAVA_HOME}/lib/security/cacerts) && \ +RUN chown -R 1002:0 /var/lib/hive /.beeline ${HOME}/.beeline /etc/passwd $(readlink -f ${JAVA_HOME}/lib/security/cacerts) && \ + chmod -R u+rwx,g+rwx /var/lib/hive /.beeline ${HOME}/.beeline /etc/passwd $(readlink -f ${JAVA_HOME}/lib/security/cacerts) && \ chown 1002:0 ${HIVE_HOME}/entrypoint.sh && chmod +x ${HIVE_HOME}/entrypoint.sh USER 1002 diff --git a/README.md b/README.md index e70e201..53274c0 100644 --- a/README.md +++ b/README.md @@ -7,5 +7,5 @@ CD is run through DockerHub in [this repo](https://cloud.docker.com/repository/docker/meneal/docker-hive/general). ```SHELL -docker build -t "IBM/hive-metastore:master" . +docker build -t "ibm/hive-metastore:master" . ``` diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 080cb94..8862744 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -5,10 +5,10 @@ export HIVE_OPTS="${HIVE_OPTS} --hiveconf metastore.root.logger=${HIVE_LOGLEVEL} export PATH=${HIVE_HOME}/bin:${HADOOP_HOME}/bin:$PATH set +e -if schematool -dbType postgres -info -verbose; then +if schematool -dbType derby -info -verbose; then echo "Hive metastore schema verified." else - if schematool -dbType postgres -initSchema -verbose; then + if schematool -dbType derby -initSchema -verbose; then echo "Hive metastore schema created." else echo "Error creating hive metastore: $?" @@ -16,4 +16,4 @@ else fi set -e -start-metastore +hive --service metastore