Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

AD Kerberized cluster Hive connection string

Labels:
avatar
author-rank qiwang
Master Collaborator

Created ‎11-04-2016 05:16 PM

I have some question about the hive jdbc connection string for AD Kerberized cluster.

Hive server: qwang-hdp2

Hive clients: qwang-hdp0, qwang-hdp2, qwang-hdp4

I could connect using beeline using following conn string

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp2@REALM.NAME"

But not this conn string

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp0@REALM.NAME"

The only difference is the hive principal, got the following error 

Error: Could not open client transport with JDBC Uri: jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp0@REALM.NAME: Peer indicated failure: GSS initiate failed (state=08S01,code=0)

Root is under hadoopadmin principal

[root@qwang-hdp0 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hadoopadmin@REALM.NAME

Also keytabs are available

[root@qwang-hdp0 ~]# klist -kt /etc/security/keytabs/hive.service.keytab
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME

Could you suggest any way to trouble shoot why this is happening?

3,754 Views
1 ACCEPTED SOLUTION

avatar
author-rank pbalasundaram
Expert Contributor

Created ‎11-07-2016 10:11 PM

Hi

The Hive principal is not a headless principal , ie the hive principal is dedicated to the HiveServer2 Server .

So the Principal name always pooints to the Hiveserver2 , which in your case is

qwang-hdp2. So if you are able to login using

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp2@REALM.NAME"


Then you are good.

View solution in original post

2,150 Views
1 REPLY 1

avatar
author-rank pbalasundaram
Expert Contributor

Created ‎11-07-2016 10:11 PM

Hi

The Hive principal is not a headless principal , ie the hive principal is dedicated to the HiveServer2 Server .

So the Principal name always pooints to the Hiveserver2 , which in your case is

qwang-hdp2. So if you are able to login using

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp2@REALM.NAME"


Then you are good.
2,151 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements