Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

How can I configure an hive interpreter for Zeppelin in a Kerberized cluster. (GSS initiate failed)

Explorer

Zeppelin: 0.7.0

I have tried to configure Hive interpreter with the following configuration:

14959-properties.png

And I got this error, can someone help me:

org.apache.zeppelin.interpreter.InterpreterException: null java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://xxx:10000/;principal=hive/xxx@yyy: GSS initiate failed at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:413) at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:561) at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:660) at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:94) at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:489) at org.apache.zeppelin.scheduler.Job.run(Job.java:175) at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

12 REPLIES 12

@J Nunes

I think your zeppelin.jdbc.keytab.location and zeppelin.jdbc.principal are configured wrong. You have to use the zeppelin-server's keytab location and zeppelin-server's principal in these properties. If you are using HDP-2.6, the jdbc(hive) interpreter comes configured properly out of the box and you dont have to change anything.

Explorer

I'm using an older version HDP-2.4 and i have installed zeppelin stand alone, só the jdbc(hive) don't exist i have to create it.

I allready tried zeppelin.jdbc.keytab.location and zeppelin.jdbc.principal with the zeppelin keytab and principal and got the same error that i posted.

Is something wrong on the url ?

Thanks for your suggestion.

@J Nunes

Other issue might be a wrong jdbc hive URL. Can you try to connect via beeline and see if this URL is working or not?

Explorer

Thanks for the tip i have tested and the url doesn't work, but i have changed the fqdn of hive machine for _HOST

and finally worked on beeline.

But on Zeppelin with the correct url tested on beeline keeps sending the following error, can you help me, thanks in advance:

java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://rhtxsand001.corporativo.pt:10000/;principal=hive/_HOSTt@RHTXSAND.CORPORATIVO.PT;hive.server2.proxy.user=hive: GSS initiate failed at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:210) at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:156) at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:208) at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79) at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205) at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861) at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435) at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363) at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:270) at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:351) at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:369) at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:561) at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:660) at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:94) at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:489) at org.apache.zeppelin.scheduler.Job.run(Job.java:175) at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316) at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37) at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52) at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657) at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49) at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:185) ... 27 more

@J Nunes

Just to make sure, Can you please check if there is a typo in URL (I see 'HOSTt', is it correct?)

jdbc:hive2://rhtxsand001.corporativo.pt:10000/;principal=hive/_HOSTt@RHTXSAND.CORPORATIVO.PT;hive.server2.proxy.user=hive

Explorer

the 'HOSTt' was just my mistake when passing the error to here.

The url that i used was: jdbc:hive2://rhtxsand001.corporativo.pt:10000/;principal=hive/_HOST@RHTXSAND.CORPORATIVO.PT;hive.server2.proxy.user=hive

@J Nunes

Can you remove ;hive.server2.proxy.user=hive from the URL and see if it works?

Explorer

I have tested without it and gives the same error

Explorer

15075-jdbc-config.jpg

I have fixed the keytab path but i got same error.

@J Nunes

Can you post the screenshot of your jdbc config again?

Also in the original screenshot, the keytab path you have put is /etc/security/xxxx . Traditionally, on HDP clusters it is /etc/security/keytabs/xxxx . Can you verify if this path is correct?

@J Nunes

From your 2nd screenshot, I believe you are still not configuring keytab and principal correctly

You should use these:

zeppelin.jdbc.keytab.location : /etc/security/keytabs/zeppelin.server.kerberos.keytab

Then do

klist -kt /etc/security/keytabs/zeppelin.server.kerberos.keytab

and copy the principal name that it is showing as output of that command and configure that into zeppelin.jdbc.principal properties

Explorer

Hi have tried with keytab of the user running the zeppelin and got the same error.

Needs to be exactly a user zeppelin?

Because we use user hue to run both hue and zeppelin and use the same keytabs.