Reply
New Contributor
Posts: 2
Registered: ‎12-05-2018

Impala service does not work after enabling Kerberos on the CM.

Hello!

Impala service has not worked since enabling Kerberos on the CM.
I've tried and changed configuration a lot but It didn't still work.

I've changed Kerberos Encryption Types to
des3-hmac-sha1
arcfour-hmac
des-hmac-sha1
des-cbc-md5
des-cbc-crc


/etc/krb5.conf

 

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 1d
renew_lifetime = 7d
forwardable = true
renewable = true
rdns = false
default_realm = ISAAC.COM
default_ccache_name = KEYRING:persistent:%{uid}
max_renewable_life = 90d

[realms]
ISAAC.COM = {
kdc = kdc.isaac.com:88
admin_server = kdc.isaac.com:749
default_domain = isaac.com
}

[domain_realm]
.isaac.com = ISAAC.COM
isaac.com = ISAAC.COM

 


/var/kerberos/krb5kdc/kdc.conf

 

[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88

[realms]
ISAAC.COM = {
#master_key_type = aes256-cts
max_renewable_life = 7d 0h 0m 0s
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
default_principal_flags = +renewable
}


/var/kerberos/krb5kdc/kadm5.acl

*/admin@ISAAC.COM *


That is my ERROR

 

11:45:45.987 AM INFO cc:362
Logged in from keytab as impala/dn.isaac.com@ISAAC.COM (short username impala)
11:45:45.988 AM INFO cc:858
Kerberos ticket granted to impala/dn.isaac.com@ISAAC.COM
11:45:45.988 AM INFO cc:731
Using external kerberos principal "impala/dn.isaac.com@ISAAC.COM"
11:45:45.988 AM INFO cc:1091
External communication is authenticated with Kerberos
11:45:45.988 AM INFO cc:234
catalogd version 3.0.0-cdh6.0.1 RELEASE (build 9a74a5053de5f7b8dd983802e6d75e58d31472db)
Built on Wed Sep 19 11:27:37 PDT 2018
11:45:45.988 AM INFO cc:235
Using hostname: dn.isaac.com
11:45:45.989 AM INFO cc:156
Flags (see also /varz are on debug webserver):
--catalog_service_port=26000
--initial_hms_cnxn_timeout_s=120
...........
11:45:48.510 AM INFO java:188
Found configuration file file:/run/cloudera-scm-agent/process/394-impala-CATALOGSERVER/hive-conf/hive-site.xml
11:45:49.295 AM INFO java:459
Trying to connect to metastore with URI thrift://mn.isaac.com:9083
11:45:49.996 AM INFO java:533
Opened a connection to metastore, current connections: 1
11:45:49.997 AM INFO java:586
Connected to metastore.
11:45:50.121 AM INFO java:459
Trying to connect to metastore with URI thrift://mn.isaac.com:9083
11:45:50.154 AM INFO java:533
............
11:45:50.368 AM INFO java:459
Trying to connect to metastore with URI thrift://mn.isaac.com:9083
11:45:50.383 AM INFO java:533
Opened a connection to metastore, current connections: 10
11:45:50.383 AM INFO java:586
Connected to metastore.
11:45:51.240 AM INFO java:1102
Invalidating all metadata. Version: 0
11:45:51.390 AM INFO java:914
Loading native functions for database: default
11:45:51.391 AM INFO java:930
Loaded native functions for database: default
11:45:51.391 AM INFO java:941
Loading Java functions for database: default
11:45:51.391 AM INFO java:952
Loaded Java functions for database: default
11:45:51.420 AM INFO java:1170
Invalidated all metadata.
11:45:51.427 AM INFO cc:190
Starting statestore subscriber
11:45:51.428 AM INFO cc:452
ThriftServer 'StatestoreSubscriber' started on port: 23020
11:45:51.428 AM INFO cc:217
Registering with statestore
11:45:51.434 AM INFO cc:78
Couldn't open transport for dn.isaac.com:24000 (No more data to read.)
11:45:51.434 AM INFO cc:94
Unable to connect to dn.isaac.com:24000

 

 

# vi /var/log/catalogd/catalogd.dn.isaac.com.impala.log.ERROR.20181206-115245.4361

F1206 11:53:18.085758 4361 catalogd-main.cc:88] Couldn't open transport for dn.isaac.com:24000 (No more data to read.)
. Impalad exiting.
*** Check failure stack trace: ***
@ 0x22ce71d
@ 0x22cffc2
@ 0x22ce0f7
@ 0x22d16be
@ 0x9b47e8
@ 0x96aa07
@ 0x7f5e346f0c05
@ 0x9b3411
Picked up JAVA_TOOL_OPTIONS: -Xmx8g
Wrote minidump to /var/log/impala-minidumps/catalogd/99579f34-ce2b-49d7-30c5bc88-c9d7478c.dmp

 

anyone have any solution?

Highlighted
New Contributor
Posts: 2
Registered: ‎12-05-2018

Re: Impala service does not work after enabling Kerberos on the CM.

[ Edited ]

My Impala Error

 

impala error.png

 

additional impala conf

 

impala conf.png

 

Announcements