Support Questions

Find answers, ask questions, and share your expertise

From Apache Ranger UI not able to connect to Hive

avatar
Explorer

 

Trying to connect to Hive db from Ranger ui . I have provided the full screenshot below with reference to the error message. Can someone please help with this.

 

where DriverName = 'com.mysql.jdbc.Driver'

ConnectionURL = 'jdbc:mysql://localhost:3306/metastore_sqldb'

UserName = 'hive'

Password = 'hive'

 

Then when I do Test Connection ,

Error Msg:Unable to retrieve any databases using given parameters.You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.

 

But I am able to open the Hive shell and view the default database and tables created in it.

 

When I user username and password as 'admin' , I get:

 

Connection Failed.
Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.


org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance..
Unable to connect to Hive Thrift Server instance..
Access denied for user 'admin'@'localhost' (using password: YES).
 
Ranger Admin log shows
-------------------------------
2019-09-17 11:53:02,195 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:111) - Password decryption failed; trying connection with received password string
2019-09-17 11:53:02,195 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:126) - Init Login: security not enabled, using username
2019-09-17 11:53:02,195 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:93) - Since Password is NOT provided, Trying to use UnSecure client with username and password
2019-09-17 11:53:02,197 [timed-executor-pool-0] ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:165) - Unable to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:423)
at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2164)
at org.apache.ranger.plugin.util.PasswordUtils.decrypt(PasswordUtils.java:150)
at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:138)
at org.apache.ranger.services.hive.client.HiveClient.initConnection(HiveClient.java:716)
at org.apache.ranger.services.hive.client.HiveClient.access$100(HiveClient.java:56)
at org.apache.ranger.services.hive.client.HiveClient$2.run(HiveClient.java:98)
at org.apache.ranger.services.hive.client.HiveClient$2.run(HiveClient.java:96)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.ranger.services.hive.client.HiveClient.initHive(HiveClient.java:96)
at org.apache.ranger.services.hive.client.HiveClient.<init>(HiveClient.java:77)
at org.apache.ranger.services.hive.client.HiveClient.connectionTest(HiveClient.java:827)
at org.apache.ranger.services.hive.client.HiveResourceMgr.connectionTest(HiveResourceMgr.java:48)
at org.apache.ranger.services.hive.RangerServiceHive.validateConfig(RangerServiceHive.java:80)
at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:660)
at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:647)
at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:608)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2019-09-17 11:53:02,198 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:718) - Password decryption failed; trying Hive connection with received password string
2019-09-17 11:53:02,204 [timed-executor-pool-0] ERROR apache.ranger.services.hive.client.HiveResourceMgr (HiveResourceMgr.java:50) - <== HiveResourceMgr.connectionTest Error: org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance.
2019-09-17 11:53:02,204 [timed-executor-pool-0] ERROR org.apache.ranger.services.hive.RangerServiceHive (RangerServiceHive.java:82) - <== RangerServiceHive.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance.
2019-09-17 11:53:02,204 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:610) - TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance.
2019-09-17 11:53:02,218 [http-bio-6080-exec-6] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:198) - ==> ServiceMgr.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance.
2019-09-17 11:53:16,708 [timed-executor-pool-0] WARN org.apache.hadoop.security.SecureClientLogin (SecureClientLogin.java:126) - Can't find keyTab Path : null
2019-09-17 11:53:16,709 [timed-executor-pool-0] WARN org.apache.hadoop.security.SecureClientLogin (SecureClientLogin.java:130) - Can't find principal : null
2019-09-17 11:53:16,709 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:126) - Init Login: security not enabled, using username
2019-09-17 11:53:16,709 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:93) - Since Password is NOT provided, Trying to use UnSecure client with username and password
2019-09-17 11:53:16,716 [timed-executor-pool-0] ERROR apache.ranger.services.hive.client.HiveResourceMgr (HiveResourceMgr.java:50) - <== HiveResourceMgr.connectionTest Error: org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance.
 
 
Screensot showing JDBC DrivrerName, ConnectionURL, Username and Password.

 

Screenshot 2019-09-17 at 2.46.02 PM.png

3 REPLIES 3

avatar
Master Mentor

@ranger 

What is your HDP version? I this you have hit this bug despite  not matching the Ranger version. Try the workaround and revert

 https://issues.apache.org/jira/browse/RANGER-1342

avatar
Explorer

Hadoop version : 2.7.3

Hive : 3.1.2

Ranger-Admin version: 2.1.0-SNAPSHOT

 

I made change as stated in https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commitdiff;h=ed6488361660aecbba1d006f26218e51...

 

in file 

agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java

 

and rebuilt apache-ranger, copied the binaries and restarted. But face the same issue when trying to connect with hive plugin to hiveserver 

 

 

Added

 

+import org.apache.ranger.plugin.util.PasswordUtils;
 
and
 
-                       password = prop.getProperty(RANGER_LOGIN_PASSWORD);
+                       String plainTextPwd = prop.getProperty(RANGER_LOGIN_PASSWORD);
+                       try {
+                               password = PasswordUtils.encryptPassword(plainTextPwd);
+                       }catch (IOException e) {
+                               throw new HadoopException("Unable to initialize login info", e);
+                       }

avatar
Explorer

@Shelton 

I have stated Hadoop, Hive and Ranger versions, and the patch that I had applied but still facing the same issue. What version do you recommend me to use for each one of them. 

 

Can you please help me to understand, eagerly waiting to hear from you soon.