Reply
Explorer
Posts: 19
Registered: ‎02-15-2016
Accepted Solution

Unable to connect to Kerberized cluster running Hive from R

I am trying to access Hive tables from R by using JDBC, but it's failing while establishing the connection for 

org.apache.hadoop.security.UserGroupInformation

I thought "hadoop-core.jar" would provide this class, but it's still failing.

 

Does someone have any idea?

 

library("DBI")
library("rJava")
library("RJDBC")


cp = c("/home/cdsw/impala_jars/hadoop-common.jar", "/home/cdsw/hive_jars/libthrift-0.9.0.jar",
"/home/cdsw/hive_jars/hive_service.jar", "/home/cdsw/hive_jars/hadoop-core.jar",
"/home/cdsw/hive_jars/TCLIServiceClient.jar", "hive_jars/hive-jdbc-1.1.0-cdh5.10.1-standalone.jar")

.jinit(classpath=cp)

for(l in list.files('/home/cdsw/hive_jars')){ .jaddClassPath(paste("/home/cdsw/hive_jars",l,sep=""))}
for(l in list.files('/home/cdsw/impala_jars')){ .jaddClassPath(paste("/home/cdsw/impala_jars",l,sep=""))}


.jclassPath()


drv <- JDBC("org.apache.hive.jdbc.HiveDriver", "hive_jars/hive-jdbc-1.1.0-cdh5.10.1-standalone.jar", identifier.quote="`")

con <- dbConnect(drv, "jdbc:hive2://localhost:10000/default;principal=hive/{HOST}@{REALM}")

Explorer
Posts: 19
Registered: ‎02-15-2016

Re: Unable to connect to Kerberized cluster running Hive from R

Here's an update:

 

I was able to fix the initial issue by adding all the jars in /opt/cloudera/parcels/CDH/... directory. 

 

However, now it's failing with Kerberos TGT not found error, although I am doing kinit before connecting.

 

Is there something I am missing?

 

"

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

"

Highlighted
Explorer
Posts: 19
Registered: ‎02-15-2016

Re: Unable to connect to Kerberized cluster running Hive from R

Hi Everyone,

 

Not sure if anyone else faced this issue, but after much research I was able to connect to Kerberized Hive successfully. 

 

I appended "-Djavax.security.auth.useSubjectCredsOnly=false" to the "jinit"

 

.jinit(classpath=cp, parameters="-Djavax.security.auth.useSubjectCredsOnly=false")

 

Basically, it disables the requirement of a GSS mechanism to obtain necessary credentials from an existing Subject and allows to use the specified authentication mechanism, which in this case is Kerberos.

Announcements