Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

AD Kerberized cluster Hive connection string

Labels:
avatar
author-rank qiwang
Master Collaborator

Created ‎11-04-2016 05:16 PM

I have some question about the hive jdbc connection string for AD Kerberized cluster.

Hive server: qwang-hdp2

Hive clients: qwang-hdp0, qwang-hdp2, qwang-hdp4

I could connect using beeline using following conn string

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp2@REALM.NAME"

But not this conn string

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp0@REALM.NAME"

The only difference is the hive principal, got the following error 

Error: Could not open client transport with JDBC Uri: jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp0@REALM.NAME: Peer indicated failure: GSS initiate failed (state=08S01,code=0)

Root is under hadoopadmin principal

[root@qwang-hdp0 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hadoopadmin@REALM.NAME

Also keytabs are available

[root@qwang-hdp0 ~]# klist -kt /etc/security/keytabs/hive.service.keytab
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME
   0 11/02/2016 20:35:50 hive/qwang-hdp0@REALM.NAME

Could you suggest any way to trouble shoot why this is happening?

3,049 Views
1 ACCEPTED SOLUTION

avatar
author-rank pbalasundaram
Expert Contributor

Created ‎11-07-2016 10:11 PM

Hi

The Hive principal is not a headless principal , ie the hive principal is dedicated to the HiveServer2 Server .

So the Principal name always pooints to the Hiveserver2 , which in your case is

qwang-hdp2. So if you are able to login using

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp2@REALM.NAME"


Then you are good.

View solution in original post

1,445 Views
1 REPLY 1

avatar
author-rank pbalasundaram
Expert Contributor

Created ‎11-07-2016 10:11 PM

Hi

The Hive principal is not a headless principal , ie the hive principal is dedicated to the HiveServer2 Server .

So the Principal name always pooints to the Hiveserver2 , which in your case is

qwang-hdp2. So if you are able to login using

beeline -u "jdbc:hive2://qwang-hdp2:10000/default;principal=hive/qwang-hdp2@REALM.NAME"


Then you are good.
1,446 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements