Support Questions

Find answers, ask questions, and share your expertise

Beeline over KNOX fails with HTTP Response code: 403 (state=08S01,code=0)

avatar
Contributor

Hi Team,

I am using DEMO LDAP with KNOX. Kerberos is also installed in my cluster. But while accessing hive using beeline I am getting "ERROR jdbc.HiveConnection: Error opening session org.apache.thrift.transport.TTransportException: HTTP Response code: 403" as given below:

-------------------------------------------------------------------------------------------------------------------------

beeline> !connect jdbc:hive2://bhushanhdp-1.novalocal:8443/;ssl=true;sslTrustStore=/var/lib/knox/data-2.6.3.0-235/security/keystores/gateway.jks;trustStorePassword=mypass?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive

Connecting to jdbc:hive2://bhushanhdp-1.novalocal:8443/;ssl=true;sslTrustStore=/var/lib/knox/data-2.6.3.0-235/security/keystores/gateway.jks;trustStorePassword=mypass?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive Enter username for jdbc:hive2://bhushanhdp-1.novalocal:8443/;ssl=true;sslTrustStore=/var/lib/knox/data-2.6.3.0-235/security/keystores/gateway.jks;trustStorePassword=mypass?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive: guest Enter password for jdbc:hive2://bhushanhdp-1.novalocal:8443/;ssl=true;sslTrustStore=/var/lib/knox/data-2.6.3.0-235/security/keystores/gateway.jks;trustStorePassword=mypass?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive: ************** 18/02/23 13:40:29 [main]: WARN jdbc.Utils: ***** JDBC param deprecation ***** 18/02/23 13:40:29 [main]: WARN jdbc.Utils: The use of hive.server2.transport.mode is deprecated. 18/02/23 13:40:29 [main]: WARN jdbc.Utils: Please use transportMode like so: jdbc:hive2://<host>:<port>/dbName;transportMode=<transport_mode_value> 18/02/23 13:40:29 [main]: WARN jdbc.Utils: ***** JDBC param deprecation ***** 18/02/23 13:40:29 [main]: WARN jdbc.Utils: The use of hive.server2.thrift.http.path is deprecated. 18/02/23 13:40:29 [main]: WARN jdbc.Utils: Please use httpPath like so: jdbc:hive2://<host>:<port>/dbName;httpPath=<http_path_value> 18/02/23 13:40:30 [main]: ERROR jdbc.HiveConnection: Error opening session org.apache.thrift.transport.TTransportException: HTTP Response code: 403 at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:262) at org.apache.thrift.transport.THttpClient.flush(THttpClient.java:313) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62) at org.apache.hive.service.cli.thrift.TCLIService$Client.send_OpenSession(TCLIService.java:158) at org.apache.hive.service.cli.thrift.TCLIService$Client.OpenSession(TCLIService.java:150) at org.apache.hive.jdbc.HiveConnection.openSession(HiveConnection.java:563) at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:181) at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:208) at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:146) at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:211) at org.apache.hive.beeline.Commands.connect(Commands.java:1204) at org.apache.hive.beeline.Commands.connect(Commands.java:1100) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:54) at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:998) at org.apache.hive.beeline.BeeLine.execute(BeeLine.java:835) at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:793) at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:493) at org.apache.hive.beeline.BeeLine.main(BeeLine.java:476) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hadoop.util.RunJar.run(RunJar.java:233) at org.apache.hadoop.util.RunJar.main(RunJar.java:148) Error: Could not establish connection to jdbc:hive2://bhushanhdp-1.novalocal:8443/;ssl=true;sslTrustStore=/var/lib/knox/data-2.6.3.0-235/security/keystores/gateway.jks;trustStorePassword=Admin@123?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive: HTTP Response code: 403 (state=08S01,code=0)

----------------------------------------------------------------------------

How to solve it?

Please suggest.

Thanks,

Bhushan

1 ACCEPTED SOLUTION

avatar
Master Guru

Your connection string looks good. Make sure that in your topology file (go to your Knox server, and open /etc/knox/conf/topologies/default.xml to make sure Ambari did the right substitution) you have something like this:

<service>
  <role>HIVE</role>
  <url>http://node11.mycluster.com:10001/cliservice</url>
</service>

and that your HS2 has corresponding properties set:

hive.server2.transport.mode=http 
hive.server2.thrift.http.path=cliservice
hive.server2.thrift.http.port=10001

Also check that "mypass" is the correct password for your gateway.jks.

View solution in original post

2 REPLIES 2

avatar
Master Guru

Your connection string looks good. Make sure that in your topology file (go to your Knox server, and open /etc/knox/conf/topologies/default.xml to make sure Ambari did the right substitution) you have something like this:

<service>
  <role>HIVE</role>
  <url>http://node11.mycluster.com:10001/cliservice</url>
</service>

and that your HS2 has corresponding properties set:

hive.server2.transport.mode=http 
hive.server2.thrift.http.path=cliservice
hive.server2.thrift.http.port=10001

Also check that "mypass" is the correct password for your gateway.jks.

avatar
Contributor

Thanks @Predrag Minovic. It worked.