Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Hive LLAP fails with "InvalidACL for /llap-sasl/user-hive"

avatar
author-rank mugdha author-rank
Guru

Created on ‎03-23-2017 09:25 PM - edited ‎09-16-2022 01:39 AM

This is for HDP 2.5 only. If you are seeing the same error HDP 2.6, there could be something else that has failed before this stage. Please check the full log.

 

After enabling Hive LLAP, it fails to start with:

ERROR impl.LlapZookeeperRegistryImpl: Unable to start curator PathChildrenCache. Exception: {}
org.apache.zookeeper.KeeperException$InvalidACLException: KeeperErrorCode = InvalidACL for /llap-sasl/user-hive
	at org.apache.zookeeper.KeeperException.create(KeeperException.java:121) ~[zookeeper-3.4.6.2.5.0.0-1245.jar:3.4.6-1245--1]
	at org.apache.zookeeper.KeeperException.create(KeeperException.java:51) ~[zookeeper-3.4.6.2.5.0.0-1245.jar:3.4.6-1245--1]
	at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783) ~[zookeeper-3.4.6.2.5.0.0-1245.jar:3.4.6-1245--1]
	at org.apache.curator.utils.ZKPaths.mkdirs(ZKPaths.java:232) ~[curator-client-2.7.1.jar:?]
	at org.apache.curator.utils.EnsurePath$InitialHelper$1.call(EnsurePath.java:148) ~[curator-client-2.7.1.jar:?]

Steps to fix:

1. /usr/hdp/current/zookeeper-server/bin/zkCli.sh -server `hostname`

2. create /llap-sasl "" sasl:hive:cdrwa,world:anyone:r

3. create /llap-sasl/user-hive "" sasl:hive:cdrwa,world:anyone:r

4. create /llap-sasl/user-hive/llap0 "" sasl:hive:cdrwa,world:anyone:r

5. create /llap-sasl/user-hive/llap0/workers "" sasl:hive:cdrwa,world:anyone:r

Note: If Kerberos is enabled:

su as zookeeper

kinit as hive

6,282 Views
Comments

Re: Hive LLAP fails with "InvalidACL for /llap-sasl/user-hive"

avatar
author-rank glib_martynenko
New Contributor

Created on ‎04-11-2017 04:10 PM

Hi Mugdha,

How I can raise a Kerberos ticket from zookeeper as hive?

Thank You

Re: Hive LLAP fails with "InvalidACL for /llap-sasl/user-hive"

avatar
author-rank glib_martynenko
New Contributor

Created on ‎04-11-2017 04:21 PM

I`m trying do this but get the error.

kinit -kt /etc/security/keytabs/hive.service.keytab hive/HOST_NAME@TFAYD.COM kinit: Keytab contains no suitable keys for hive/HOST_NAME@TFAYD.COM while getting initial credentials

Re: Hive LLAP fails with "InvalidACL for /llap-sasl/user-hive"

avatar
author-rank poojan
Explorer

Created on ‎10-03-2017 09:20 PM

klist -kt /etc/security/keytabs/hive.service.keytab to find out exact principal name you need to kinit with.

Re: Hive LLAP fails with "InvalidACL for /llap-sasl/user-hive"

avatar
author-rank sergey
Rising Star

Created on ‎12-05-2017 09:16 PM

Just a note - on older versions of HDP (2.6.1 and below iirc) it is possible to receive InvalidACL at start time because the LLAP application has failed to start and thus failed to create the path entirely. So, it might be worth checking the LLAP app log if the path does not exist.

Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements
Version history
Last update:
‎09-16-2022 01:39 AM
Updated by:
Guru Guru
Contributors