Known Issues in Hive Virtual Warehouses on public clouds

Learn about the known issues related to Hive Virtual Warehouse in Cloudera Data Warehouse service on public clouds, the impact or changes to the functionality, and the workaround.

Result caching:

This feature is limited to 10 GB.

Data caching:

This feature is limited to 200 GB per compute node, multiplied by the total number of compute nodes.

DWX-5841: Virtual Warehouse endpoints are now restricted to TLS 1.2

Problem: TLS 1.0 and 1.1 are no longer considered secure, so now Virtual Warehouse endpoints must be secured with TLS 1.2 or later, and then the environment that the Virtual Warehouse uses must be reactivated in CDW. This includes both Hive and Impala Virtual Warehouses. To reactivate the environment in the CDW UI:

1. Deactivate the environment. See Deactivating AWS environments or Deactivating Azure environments.
2. Activate the environment. See Activating AWS environments or Activating Azure environments

Workaround: If environment reactivation is not possible, you can perform manual steps using the kubectl command line tool to pick up the TLS 1.2 endpoint change. Open a terminal window on a system where the kubectl command line tool is installed, log in, and run the following commands:

kubectl edit svc nginx-service -n <cluster-name>

# Add the following under the metadata.annotations field
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
      
# Save and quit the editor, and then run the following command to check your changes.
      
kubectl get svc nginx-service -n <cluster-name> -o yaml
      
# Make sure that the annotation you added is present.

DWX-6163: SHOW TABLES command does not produce a list of tables that are owned by the current user

Problem: When you run the SHOW TABLES command against a Hive Virtual Warehouse, tables are only returned if you have explicit read or read/write access to the table, or if you belong to a group that has read or read/write access. If you only have access to the tables because you are the owner of the objects, you can query the table content, but the table names do not appear in the SHOW TABLES command output.

Workaround: Add the owner of the database or the tables as a user with read or read/write access to the tables directly.

DWX-5926: Cloning an existing Hive Virtual Warehouse fails

Problem: If you have an existing Hive Virtual Warehouse that you clone by selecting Clone from the drop-down menu, the cloning process fails. This does not apply to creating a new Hive Virtual Warehouse.

Workaround: Make the following configuration change to resolve this issue:

1. In the Hive Virtual Warehouse tile, click the edit icon. This launches the Virtual Warehouse details page.
2. In the details page for the Virtual Warehouse:
   1. Click the Configurations tab:

      

   2. Click the Hiveserver2 sub-tab.
   3. Select hive-site from the configuration file drop-down list menu.
   4. Search for the configuration property hive.metastore.sasl.enabled.
   5. Set the hive.metastore.sasl.enabled configuration property to true.
   6. Click Apply in the upper right corner of the page to save the configuration.
3. Click the Actions menu and select Clone to clone the Hive Virtual Warehouse:

   

DWX-5277: Race condition might occur during auto-scaling that can result in query failures

Problem: This race condition occurs intermittently when queries are submitted rapidly from tools such as jmeter. To mitigate this issue, the default value for the hive.llap.split.location.provider.class has been set to com.github.cloudera.llap.K8sHostAffinitySplitLocationProvider in this release. This configuration change is known to cause up to 10% performance degradation for some Hive workloads.

Workaround: If performance degradation is observed, edit the Hive Virtual Warehouse hive-site setting for the Query coordinator and Hiveserver2, by setting hive.llap.split.location.provider.class=org.apache.hadoop.hive.ql.exec.tez.HostAffinitySplitLocationProvider.

DWX-2690: Older versions of Beeline return SSLPeerUnverifiedException when submitting a query

Problem: When submitting queries to Virtual Warehouses that use Hive, older Beeline clients return an SSLPeerUnverifiedException error:

javax.net.ssl.SSLPeerUnverifiedException: Host name ‘ec2-18-219-32-183.us-east-2.compute.amazonaws.com’ does not
match the certificate subject provided by the peer (CN=*.env-c25dsw.dwx.cloudera.site) (state=08S01,code=0)

Workaround: Only use Beeline clients from CDP Runtime version 7.0.1.0 or later.