hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Loïc Chanel <loic.cha...@telecomnancy.net>
Subject Re: beeline and kerberos
Date Mon, 11 Jan 2016 08:30:25 GMT
As I had the same problem a few months ago, I think your solution is in
this thread :
http://mail-archives.apache.org/mod_mbox/hive-user/201509.mbox/%3CCAPsi++Zsgvro4JTJPRXNyjzCTtSv7=4ZJSiPmL51kvbforOBjw@mail.gmail.com%3E

Regards,


Loïc

Loïc CHANEL
System & virtualization engineer
TO - XaaS Ind - Worldline (Villeurbanne, France)

2016-01-09 22:49 GMT+01:00 Margus Roo <margus@roo.ee>:

> One more notice
>
> When I do:
> [margusja@sandbox ~]$ hdfs dfs -ls /
>
> I see in krb5kdc log:
> Jan 09 21:36:53 sandbox.hortonworks.com krb5kdc[8565](info): TGS_REQ (6
> etypes {18 17 16 23 1 3}) 10.0.2.15: ISSUE: authtime 1452375310, etypes
> {rep=18 tkt=18 ses=18}, margusja@EXAMPLE.COM for nn/
> sandbox.hortonworks.com@EXAMPLE.COM
>
>
> but when I use beeline I see there no lines in krb5kdc log.
>
> When I do
> [margusja@sandbox ~]$ kdestroy
>
> and hdfs dfs -ls / - I see there no lines also in krb5kdc log.
>
> I am so confused - What beeline expecting? I do kinit and I am getting
> ticket before using beeline.
>
> Margus (margusja) Roo
> http://margus.roo.ee
> skype: margusja
> +372 51 48 780
>
> On 09/01/16 17:49, Margus Roo wrote:
>
>> Hi
>>
>> I am trying to use beeline with hive + kerberos (Hortonworks sandbox 2.3)
>>
>> The problem is that I can use hdfs but not beeline and I do not know what
>> is wrong.
>>
>> Console output:
>> [margusja@sandbox ~]$ kdestroy
>> [margusja@sandbox ~]$ hdfs dfs -ls /user/
>> 16/01/09 15:45:32 WARN ipc.Client: Exception encountered while connecting
>> to the server : javax.security.sasl.SaslException: GSS initiate failed
>> [Caused by GSSException: No valid credentials provided (Mechanism level:
>> Failed to find any Kerberos tgt)]
>> ls: Failed on local exception: java.io.IOException:
>> javax.security.sasl.SaslException: GSS initiate failed [Caused by
>> GSSException: No valid credentials provided (Mechanism level: Failed to
>> find any Kerberos tgt)]; Host Details : local host is: "
>> sandbox.hortonworks.com/10.0.2.15"; destination host is: "
>> sandbox.hortonworks.com":8020;
>> [margusja@sandbox ~]$ kinit margusja
>> Password for margusja@EXAMPLE.COM:
>> [margusja@sandbox ~]$ hdfs dfs -ls /user/
>> Found 11 items
>> drwxrwx---   - ambari-qa hdfs              0 2015-10-27 12:39
>> /user/ambari-qa
>> drwxr-xr-x   - guest     guest             0 2015-10-27 12:55 /user/guest
>> drwxr-xr-x   - hcat      hdfs              0 2015-10-27 12:43 /user/hcat
>> drwx------   - hdfs      hdfs              0 2015-10-27 13:22 /user/hdfs
>> drwx------   - hive      hdfs              0 2016-01-08 19:44 /user/hive
>> drwxrwxrwx   - hue       hdfs              0 2015-10-27 12:55 /user/hue
>> drwxrwxr-x   - oozie     hdfs              0 2015-10-27 12:44 /user/oozie
>> drwxr-xr-x   - solr      hdfs              0 2015-10-27 12:48 /user/solr
>> drwxrwxr-x   - spark     hdfs              0 2015-10-27 12:41 /user/spark
>> drwxr-xr-x   - unit      hdfs              0 2015-10-27 12:46 /user/unit
>>
>> So I think margusja's credential is ok
>>
>> Now I try to use beeline:
>> [margusja@sandbox ~]$ beeline -u "jdbc:hive2://
>> 127.0.0.1:10000/default;principal=hive/sandbox.hortonworks.com@EXAMPLE.COM
>> "
>> SLF4J: Class path contains multiple SLF4J bindings.
>> SLF4J: Found binding in
>> [jar:file:/usr/hdp/2.3.2.0-2950/spark/lib/spark-assembly-
>> 1.4.1.2.3.2.0-2950
>> -hadoop2.7.1.2.3.2.0-2950.jar!/org/slf4j/impl/StaticLoggerBinder.class]
>> SLF4J: Found binding in
>> [jar:file:/usr/hdp/2.3.2.0-2950/hadoop/lib/slf4j-log4j12-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class]
>> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
>> explanation.
>> SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
>> WARNING: Use "yarn jar" to launch YARN applications.
>> SLF4J: Class path contains multiple SLF4J bindings.
>> SLF4J: Found binding in
>> [jar:file:/usr/hdp/2.3.2.0-2950/spark/lib/spark-assembly-
>> 1.4.1.2.3.2.0-2950
>> -hadoop2.7.1.2.3.2.0-2950.jar!/org/slf4j/impl/StaticLoggerBinder.class]
>> SLF4J: Found binding in
>> [jar:file:/usr/hdp/2.3.2.0-2950/hadoop/lib/slf4j-log4j12-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class]
>> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
>> explanation.
>> SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
>> Connecting to jdbc:hive2://
>> 127.0.0.1:10000/default;principal=hive/sandbox.hortonworks.com@EXAMPLE.COM
>> 16/01/09 15:46:59 [main]: ERROR transport.TSaslTransport: SASL
>> negotiation failure
>> javax.security.sasl.SaslException: GSS initiate failed [Caused by
>> GSSException: No valid credentials provided (Mechanism level: Failed to
>> find any Kerberos tgt)]
>>     at
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
>>     at
>> org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
>>     at
>> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
>>     at
>> org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
>>     at
>> org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
>>     at
>> org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
>>     at java.security.AccessController.doPrivileged(Native Method)
>>     at javax.security.auth.Subject.doAs(Subject.java:415)
>>     at
>> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
>>     at
>> org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
>>     at
>> org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:210)
>>     at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:180)
>>     at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)
>>     at java.sql.DriverManager.getConnection(DriverManager.java:571)
>>     at java.sql.DriverManager.getConnection(DriverManager.java:187)
>>     at
>> org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:142)
>>     at
>> org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:207)
>>     at org.apache.hive.beeline.Commands.connect(Commands.java:1149)
>>     at org.apache.hive.beeline.Commands.connect(Commands.java:1070)
>>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>     at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     at java.lang.reflect.Method.invoke(Method.java:606)
>>     at
>> org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:52)
>>     at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:970)
>>     at org.apache.hive.beeline.BeeLine.initArgs(BeeLine.java:707)
>>     at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:757)
>>     at
>> org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:484)
>>     at org.apache.hive.beeline.BeeLine.main(BeeLine.java:467)
>>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>     at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     at java.lang.reflect.Method.invoke(Method.java:606)
>>     at org.apache.hadoop.util.RunJar.run(RunJar.java:221)
>>     at org.apache.hadoop.util.RunJar.main(RunJar.java:136)
>> Caused by: GSSException: No valid credentials provided (Mechanism level:
>> Failed to find any Kerberos tgt)
>>     at
>> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>>     at
>> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
>>     at
>> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>>     at
>> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
>>     at
>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
>>     at
>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
>>     at
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
>>     ... 34 more
>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://
>> 127.0.0.1:10000/default;principal=hive/sandbox.hortonworks.com@EXAMPLE.COM:
>> GSS initiate failed (state=08S01,code=0)
>> Beeline version 1.2.1.2.3.2.0-2950 by Apache Hive
>> 0: jdbc:hive2://127.0.0.1:10000/default (closed)>
>>
>> Hive is configured as documentation requires:
>>
>>     <property>
>>       <name>hive.server2.authentication</name>
>>       <value>KERBEROS</value>
>>     </property>
>>
>>     <property>
>> <name>hive.server2.authentication.kerberos.keytab</name>
>> <value>/etc/security/keytabs/hive.service.keytab</value>
>>     </property>
>>
>>     <property>
>> <name>hive.server2.authentication.kerberos.principal</name>
>>       <value>hive/_HOST@EXAMPLE.COM</value>
>>     </property>
>>
>>
>> Any hints, because I am out of ideas.
>>
>>
>>
>>
>

Mime
View raw message