Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CF8C51098E for ; Sun, 11 Aug 2013 00:01:57 +0000 (UTC) Received: (qmail 44937 invoked by uid 500); 11 Aug 2013 00:01:52 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 44877 invoked by uid 500); 11 Aug 2013 00:01:52 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 44839 invoked by uid 500); 11 Aug 2013 00:01:52 -0000 Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org Received: (qmail 44824 invoked by uid 99); 11 Aug 2013 00:01:52 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 11 Aug 2013 00:01:52 +0000 Date: Sun, 11 Aug 2013 00:01:52 +0000 (UTC) From: "Hudson (JIRA)" To: hive-dev@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-4233) The TGT gotten from class 'CLIService' should be renewed on time MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-4233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13736132#comment-13736132 ] Hudson commented on HIVE-4233: ------------------------------ SUCCESS: Integrated in Hive-trunk-hadoop1-ptest #122 (See [https://builds.apache.org/job/Hive-trunk-hadoop1-ptest/122/]) HIVE-4233: The TGT gotten from class 'CLIService' should be renewed on time (Thejas M Nair via Gunther Hagleitner) (gunther: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1511574) * /hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/RetryingMetaStoreClient.java * /hive/trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java * /hive/trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java > The TGT gotten from class 'CLIService' should be renewed on time > ----------------------------------------------------------------- > > Key: HIVE-4233 > URL: https://issues.apache.org/jira/browse/HIVE-4233 > Project: Hive > Issue Type: Bug > Components: HiveServer2 > Affects Versions: 0.11.0 > Environment: CentOS release 6.3 (Final) > jdk1.6.0_31 > HiveServer2 0.10.0-cdh4.2.0 > Kerberos Security > Reporter: Dongyong Wang > Assignee: Thejas M Nair > Priority: Critical > Fix For: 0.12.0 > > Attachments: 0001-FIX-HIVE-4233.patch, HIVE-4233-2.patch, HIVE-4233-3.patch, HIVE-4233.4.patch, HIVE-4233.5.patch > > > When the HIveServer2 have started more than 7 days, I use beeline shell to connect the HiveServer2,all operation failed. > The log of HiveServer2 shows it was caused by the Kerberos auth failure,the exception stack trace is: > 2013-03-26 11:55:20,932 ERROR hive.ql.metadata.Hive: java.lang.RuntimeException: Unable to instantiate org.apache.hadoop.hive.metastore.HiveMetaStoreClient > at org.apache.hadoop.hive.metastore.MetaStoreUtils.newInstance(MetaStoreUtils.java:1084) > at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.(RetryingMetaStoreClient.java:51) > at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:61) > at org.apache.hadoop.hive.ql.metadata.Hive.createMetaStoreClient(Hive.java:2140) > at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:2151) > at org.apache.hadoop.hive.ql.metadata.Hive.getDelegationToken(Hive.java:2275) > at org.apache.hive.service.cli.CLIService.getDelegationTokenFromMetaStore(CLIService.java:358) > at org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:127) > at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1073) > at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1058) > at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) > at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) > at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingProcessor.process(HadoopThriftAuthBridge20S.java:565) > at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:206) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Caused by: java.lang.reflect.InvocationTargetException > at sun.reflect.GeneratedConstructorAccessor52.newInstance(Unknown Source) > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) > at java.lang.reflect.Constructor.newInstance(Constructor.java:513) > at org.apache.hadoop.hive.metastore.MetaStoreUtils.newInstance(MetaStoreUtils.java:1082) > ... 16 more > Caused by: java.lang.IllegalStateException: This ticket is no longer valid > at javax.security.auth.kerberos.KerberosTicket.toString(KerberosTicket.java:601) > at java.lang.String.valueOf(String.java:2826) > at java.lang.StringBuilder.append(StringBuilder.java:115) > at sun.security.jgss.krb5.SubjectComber.findAux(SubjectComber.java:120) > at sun.security.jgss.krb5.SubjectComber.find(SubjectComber.java:41) > at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:130) > at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:328) > at java.security.AccessController.doPrivileged(Native Method) > at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:325) > at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128) > at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106) > at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172) > at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209) > at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195) > at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) > at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175) > at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94) > at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253) > at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37) > at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52) > at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:396) > at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1408) > at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49) > at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:277) > at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.(HiveMetaStoreClient.java:163) > ... 20 more > I check the code of HiveAuthFactory.loginFromKeytab,it does not schedule a timer to renew the TGT. So I suspect this is the reason of the kerberos auth failure? > Thanks. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira