Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎06-14-2018

Peer indicated failure: GSS initiate failed(feat.kerberos)

[ Edited ]

 hi! I'm trying to connect from Java to hive.  but I keep getting errors...T_T

This is an error message

java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://quickstart.cloudera:10000/default;principal=cloudera/127.0.0.1@CLOUDERA: Peer indicated failure: GSS initiate failed

 

This is my Java code

 

public class KerberosClouderaHiveJdbcExample {
// here is an example query based on one of the Hue Beeswax sample tables
private static final String SQL_STATEMENT = "show databases";
// set the impalad host
private static final String HIVE_HOST = "quickstart.cloudera";

private static final String PRINCIPAL = "cloudera/127.0.0.1@CLOUDERA";

// port 21050 is the default impalad JDBC port
private static final String HIVE_JDBC_PORT = "10000";
private static final String CONNECTION_URL = "jdbc:hive2://" + HIVE_HOST
+ ':' + HIVE_JDBC_PORT + "/default" + ";principal=" + PRINCIPAL;
private static final String JDBC_DRIVER_NAME = "org.apache.hive.jdbc.HiveDriver";
private static final String HIVE_USERNAME = "cloudera";
private static final String HIVE_PASSWORD = "";

public static void main(String[] args) {
System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
//System.setProperty("sun.security.krb5.realm", "/etc/krb5.ini");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");


System.out.println("\n=============================================");
System.out.println("Cloudera hive JDBC Example");
//System.out.println("Using Connection URL: " + CONNECTION_URL);
System.out.println("Running Query: " + SQL_STATEMENT);
Connection con = null;

Configuration conf = new Configuration();
conf.set("hadoop.security.authentication", "kerberos");
conf.set("hadoop.security.authorization", "true");
UserGroupInformation.setConfiguration(conf);

// /etc/security/keytab/hive.service.keytab is from local machine, This is the user which is executing the command
try {
UserGroupInformation.loginUserFromKeytab("cloudera/127.0.0.1@CLOUDERA", "/etc/security/cloudera.keytab");
Class.forName(JDBC_DRIVER_NAME);

//con = DriverManager.getConnection(CONNECTION_URL, HIVE_USERNAME, HIVE_PASSWORD);
con = DriverManager.getConnection("jdbc:hive2://quickstart.cloudera:10000/default;principal=cloudera/127.0.0.1@CLOUDERA");
Statement stmt = con.createStatement();

ResultSet rs = stmt.executeQuery(SQL_STATEMENT);
System.out.println("\n== Begin Query Results ======================");

// print the results to the console
while (rs.next()) {
// the example query returns one String column
System.out.println(rs.getString(1));
}
System.out.println("== End Query Results =======================\n\n");
} catch (SQLException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
con.close();
} catch (Exception e) {
// swallow
}
}
}

}

 

and I will attach additional console messages

=============================================
Cloudera hive JDBC Example
Using Connection URL: jdbc:hive2://quickstart.cloudera:10000/default;principal=cloudera/127.0.0.1@CLOUDERA
Running Query: show databases
log4j:WARN No appenders could be found for logger (org.apache.hadoop.metrics2.lib.MutableMetricsFactory).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Java config name: /etc/krb5.conf
Loaded from Java config
Java config name: /etc/krb5.conf
Loaded from Java config
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): CLOUDERA
>>> KeyTabInputStream, readName(): cloudera
>>> KeyTabInputStream, readName(): 127.0.0.1
>>> KeyTab: load() entry length: 62; type: 23
Added key: 23version: 1
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 23.
Added key: 23version: 1
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 23.
default etypes for default_tkt_enctypes: 23.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=quickstart.cloudera TCP:88, timeout=3000, number of retries =3, #bytes=140
>>> KDCCommunication: kdc=quickstart.cloudera TCP:88, timeout=3000,Attempt =1, #bytes=140
>>>DEBUG: TCPClient reading 625 bytes
>>> KrbKdcReq send: #bytes read=625
>>> KdcAccessibility: remove quickstart.cloudera
Added key: 23version: 1
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 23.
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply cloudera/127.0.0.1
Added key: 23version: 1
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 23.
Found ticket for cloudera/127.0.0.1@CLOUDERA to go to krbtgt/CLOUDERA@CLOUDERA expiring on Fri Jun 15 17:54:22 KST 2018
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=quickstart.cloudera TCP:88, timeout=3000, number of retries =3, #bytes=626
>>> KDCCommunication: kdc=quickstart.cloudera TCP:88, timeout=3000,Attempt =1, #bytes=626
>>>DEBUG: TCPClient reading 627 bytes
>>> KrbKdcReq send: #bytes read=627
>>> KdcAccessibility: remove quickstart.cloudera
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Krb5Context setting mySeqNumber to: 519947708
Created InitSecContextToken:
0000: 01 00 6E 82 02 2F 30 82 02 2B A0 03 02 01 05 A1 ..n../0..+......
0010: 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 01 ......... ......
0020: 4D 61 82 01 49 30 82 01 45 A0 03 02 01 05 A1 0A Ma..I0..E.......
0030: 1B 08 43 4C 4F 55 44 45 52 41 A2 20 30 1E A0 03 ..CLOUDERA. 0...
0040: 02 01 00 A1 17 30 15 1B 08 63 6C 6F 75 64 65 72 .....0...clouder
0050: 61 1B 09 31 32 37 2E 30 2E 30 2E 31 A3 82 01 0E a..127.0.0.1....
0060: 30 82 01 0A A0 03 02 01 17 A1 03 02 01 01 A2 81 0...............
0070: FD 04 81 FA E2 AB 95 9D 34 D6 85 EE E1 56 3E 6C ........4....V>l
0080: 1E 03 9D 9E BA 7D AD 9B 29 04 F0 F1 8A 80 54 4A ........).....TJ
0090: 68 D0 AE A1 EC CE 8F 3C 90 0F C7 1D B6 EC 69 FD h......<......i.
00A0: C5 07 77 EE D3 5A FB E7 22 84 7D 46 F3 CE 48 45 ..w..Z.."..F..HE
00B0: AD 0E 9B 45 25 8B 5F 00 F0 B2 C7 6A D5 23 57 D6 ...E%._....j.#W.
00C0: 41 34 CE 61 A7 F3 C4 A7 D9 8F 10 49 E4 F0 A9 8C A4.a.......I....
00D0: 01 FD 47 8B D8 69 4A EE 32 52 0E D0 F9 F4 1C F2 ..G..iJ.2R......
00E0: A2 8C 41 6B 72 2D A3 72 D1 65 F2 C6 66 17 39 55 ..Akr-.r.e..f.9U
00F0: CC BA A2 78 C7 67 01 FD F1 7F 08 71 FF 8C 76 FB ...x.g.....q..v.
0100: 01 F0 E1 5C 43 FF DF 9F 67 AB FB 4B 3B 22 0A CB ...\C...g..K;"..
0110: 04 F7 C4 96 6B D1 59 29 E8 3F 9D 7D BA 98 08 55 ....k.Y).?.....U
0120: 5A D4 AB D4 1A 5A 0B C7 AF AF 56 DE 76 CD 55 0F Z....Z....V.v.U.
0130: 8C F9 CE D3 38 31 42 2E 97 3B 9F B2 B7 12 E7 C5 ....81B..;......
0140: B2 3B 81 4E 02 68 3D F5 65 85 E0 AE 0F 17 5A 72 .;.N.h=.e.....Zr
0150: 4B 0F 5A D8 C8 95 70 1C 5C 6A 9C 34 79 EE 8E 36 K.Z...p.\j.4y..6
0160: FA CF EF 33 A7 DC 22 9C 3E FE A5 93 C4 BB A4 81 ...3..".>.......
0170: C4 30 81 C1 A0 03 02 01 17 A2 81 B9 04 81 B6 6D .0.............m
0180: B1 72 45 75 0A 1B AB 37 05 7A 11 10 29 FC 72 DA .rEu...7.z..).r.
0190: 18 44 F6 D5 E7 81 15 43 69 57 47 70 6A 14 AC 70 .D.....CiWGpj..p
01A0: A3 CE 28 55 3B 00 48 E6 DC E6 F1 9A 19 FB 1B 5E ..(U;.H........^
01B0: 17 C2 4C 0E BE B6 F5 A3 33 C5 5F 28 19 8F DA EF ..L.....3._(....
01C0: D0 2F 1C 2B BA 92 0E DE FE C2 DA 13 55 AF 80 FF ./.+........U...
01D0: E0 92 F6 1C D7 D3 51 CA E4 3E 54 21 B3 B1 05 99 ......Q..>T!....
01E0: 66 5D CC D9 5B FF F9 B6 31 17 E6 98 A5 4E 3D 19 f]..[...1....N=.
01F0: 5B 6D 8A 8C 56 84 8A CA 3C B2 B7 4B 4D 79 60 CB [m..V...<..KMy`.
0200: FA BA 63 22 50 19 05 D9 D2 EB FA FD 8B 7F 2F 05 ..c"P........./.
0210: 77 01 32 60 3B 1F 36 3E C3 45 A9 01 B5 3C 93 6F w.2`;.6>.E...<.o
0220: AC CA DB ED 8E 9D E0 AA 2B 92 2E F0 B5 CB E6 A6 ........+.......
0230: 0E 98 E6 24 17 ...$.

java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://quickstart.cloudera:10000/default;principal=cloudera/127.0.0.1@CLOUDERA: Peer indicated failure: GSS initiate failed
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:231)
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:176)
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:233)
at com.kerberos.test.KerberosConn.KerberosClouderaHiveJdbcExample.main(KerberosClouderaHiveJdbcExample.java:53)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:277)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:204)
... 5 more

 

I was wondering if the maturity dates and keytab dates I checked with klists are different

11.PNGThank you fro your reply! 

 

Announcements