trino vm access to hdi hive metastore - nsg's wide open, destination host unreachable

Question

Within the same resource group, created trino instance, and HDI cluster. Different Vnets of course. Set wide open nsg rules (inbound/outbound, all ports, all protocols). Trino node cannot connect to hdi presto metacatalog service (connection timeout in java stack). Although ICMP is enabled per above, both hdi name and IP are "destination unreachable".

Confirmed port 9083 port has a listener, running hive query within HDI works fine.

What is required for the Trino vm to be able to resolve and connect to HDI?

Answer 1

you need to ensure the following:

1. Network Connectivity:
   • Ensure the HDI cluster and the Trino VM are in the same virtual network (VNet) or have connectivity between their respective VNets. This can be achieved by establishing a peering connection between the VNets or setting up a VNet-to-VNet VPN gateway connection.
   • Check that the network security group (NSG) rules on both the HDI cluster and the Trino VM allow traffic between the necessary ports and protocols. In this case, verify that port 9083, which is used by the Presto Metacatalog service, is open for inbound connections on the HDI cluster NSG.
2. Name Resolution:

• Ensure that the Trino VM can resolve the hostname or IP address of the HDI cluster. You can achieve this by adding the necessary DNS resolution configuration to the Trino VM.
  • One option is to add an entry in the Trino VM's hosts file (/etc/hosts on Linux or C:\Windows\System32\drivers\etc\hosts on Windows) that maps the hostname of the HDI cluster to its IP address.

1. Firewall and Security:
   • Check if there are any additional firewall restrictions in place that could be blocking the connection. For example, if you use a network security group (NSG), ensure that it allows outbound connections from the Trino VM to the HDI cluster on the required port.
   • Verify that there are no additional firewall appliances or software on the Trino VM or HDI cluster that could be blocking the connection.

By ensuring proper network connectivity, name resolution, and firewall configuration, you should be able to establish a connection from the Trino VM to the HDI Presto Metacatalog service successfully.

Answer 2

@DR - Thanks for the question and using MS Q&A platform.

If you have confirmed that the HDI Hive Metastore service is running and listening on port 9083, and you have opened up the necessary network security group (NSG) rules to allow traffic between the Trino VM and the HDI cluster, then the issue may be related to DNS resolution.

To resolve this issue, you can try the following steps:

Check that the HDI cluster's DNS name is resolvable from the Trino VM. You can do this by running the following command on the Trino VM:

nslookup <hdi-cluster-name>.azurehdinsight.net

This should return the IP address of the HDI cluster's head node.

If the DNS name is not resolvable, you can try adding a DNS server to the Trino VM's network configuration that can resolve the HDI cluster's DNS name. You can do this by adding a custom DNS server to the Trino VM's network interface configuration.

If the DNS name is resolvable, but you are still unable to connect to the HDI Hive Metastore service, you can try connecting to the service using the IP address of the HDI cluster's head node instead of the DNS name. You can find the IP address of the head node in the Azure portal or by running the following command on the HDI cluster:

hostname -I

Once you have the IP address, you can use it to connect to the HDI Hive Metastore service in your Trino VM.

Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.