Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hive server 2 thrift error

Hive server 2 thrift error

Explorer

We are running CDH 5.4.7 kereberos enabled cluster. SSL/TLS not enabled for Hive. Users are connected through Informatica BDE to hive. But our hive server 2 logs keep on filled with below error every 15 seconds.

 

---------------------------------------------------------------------------------------------------------------

ERROR org.apache.thrift.server.TThreadPoolServer: Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TSaslTransportException: No data or no sasl data in the stream
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:739)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:736)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1651)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:736)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TSaslTransportException: No data or no sasl data in the stream
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:328)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
--------------------------------------------------------------------------------------

 

config values

------------------------------------------

hive.server2.authentication=kerberos
hive.server2.transport.mode=binary
hive.server2.use.SSL=false
hive.server2.thrift.sasl.qop=auth

------------------------------------------------------

2 REPLIES 2

Re: Hive server 2 thrift error

Contributor

I have exactly the same problem, and exactly the same CDH and settings.
I get this error when connecting to Cloudera's Hive either with Cloudera ODBC Driver from Windows or with Hortonworks ODBC Driver for Windows, both 64Bit.

 

Highlighted

Re: Hive server 2 thrift error

Contributor

Hi,

 

I have resolved this by disabling UDP traffic to kerberos KDC server and force TCP communication, by adding to krb5.ini on WIndows, and krb5.conf on Unix:

        udp_preference_limit = 1

 

So now my krb5.{ini,conf}:

C:\Users\user>cat C:\ProgramData\MIT\Kerberos5\krb5.ini

[libdefaults]
        default_realm = TEST.COM
        dns_lookup_kdc = false
        dns_lookup_realm = false
        ticket_lifetime = 86400
        renew_lifetime = 604800
        forwardable = true
        default_tgs_enctypes = rc4-hmac
        default_tgt_enctypes = rc4-hmac
        permitted_enctypes = rc4-hmac
        udp_preference_limit = 1

[realms]
        EXAMPLE.COM = {
        kdc = my.kerberos.fqdn.com:88
        admin_server = my.kerberos.fqdn.com
}

[domain_realms]
    .my.kerberos.fqdn.com = EXAMPLE.COM
    my.kerberos.fqdn.com = EXAMPLE.COM

C:\Users\user>

 

Ofcourse you must enable TCP in your KDC server with kdc_tcp_ports configuration option:

# head -n 3 /etc/krb5kdc/kdc.conf
[kdcdefaults]
    # AF 2016-02-09 not needed because we use TCP kdc_ports = 750,88 <- this is for UDP
    kdc_tcp_ports = 750,88 <- this is for TCP

 

 

Don't have an account?
Coming from Hortonworks? Activate your account here