Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Impala service does not work after enabling Kerberos on the CM.

Impala service does not work after enabling Kerberos on the CM.

Explorer

Hello!

Impala service has not worked since enabling Kerberos on the CM.
I've tried and changed configuration a lot but It didn't still work.

I've changed Kerberos Encryption Types to
des3-hmac-sha1
arcfour-hmac
des-hmac-sha1
des-cbc-md5
des-cbc-crc


/etc/krb5.conf

 

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 1d
renew_lifetime = 7d
forwardable = true
renewable = true
rdns = false
default_realm = ISAAC.COM
default_ccache_name = KEYRING:persistent:%{uid}
max_renewable_life = 90d

[realms]
ISAAC.COM = {
kdc = kdc.isaac.com:88
admin_server = kdc.isaac.com:749
default_domain = isaac.com
}

[domain_realm]
.isaac.com = ISAAC.COM
isaac.com = ISAAC.COM

 


/var/kerberos/krb5kdc/kdc.conf

 

[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88

[realms]
ISAAC.COM = {
#master_key_type = aes256-cts
max_renewable_life = 7d 0h 0m 0s
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
default_principal_flags = +renewable
}


/var/kerberos/krb5kdc/kadm5.acl

*/admin@ISAAC.COM *


That is my ERROR

 

11:45:45.987 AM INFO cc:362
Logged in from keytab as impala/dn.isaac.com@ISAAC.COM (short username impala)
11:45:45.988 AM INFO cc:858
Kerberos ticket granted to impala/dn.isaac.com@ISAAC.COM
11:45:45.988 AM INFO cc:731
Using external kerberos principal "impala/dn.isaac.com@ISAAC.COM"
11:45:45.988 AM INFO cc:1091
External communication is authenticated with Kerberos
11:45:45.988 AM INFO cc:234
catalogd version 3.0.0-cdh6.0.1 RELEASE (build 9a74a5053de5f7b8dd983802e6d75e58d31472db)
Built on Wed Sep 19 11:27:37 PDT 2018
11:45:45.988 AM INFO cc:235
Using hostname: dn.isaac.com
11:45:45.989 AM INFO cc:156
Flags (see also /varz are on debug webserver):
--catalog_service_port=26000
--initial_hms_cnxn_timeout_s=120
...........
11:45:48.510 AM INFO java:188
Found configuration file file:/run/cloudera-scm-agent/process/394-impala-CATALOGSERVER/hive-conf/hive-site.xml
11:45:49.295 AM INFO java:459
Trying to connect to metastore with URI thrift://mn.isaac.com:9083
11:45:49.996 AM INFO java:533
Opened a connection to metastore, current connections: 1
11:45:49.997 AM INFO java:586
Connected to metastore.
11:45:50.121 AM INFO java:459
Trying to connect to metastore with URI thrift://mn.isaac.com:9083
11:45:50.154 AM INFO java:533
............
11:45:50.368 AM INFO java:459
Trying to connect to metastore with URI thrift://mn.isaac.com:9083
11:45:50.383 AM INFO java:533
Opened a connection to metastore, current connections: 10
11:45:50.383 AM INFO java:586
Connected to metastore.
11:45:51.240 AM INFO java:1102
Invalidating all metadata. Version: 0
11:45:51.390 AM INFO java:914
Loading native functions for database: default
11:45:51.391 AM INFO java:930
Loaded native functions for database: default
11:45:51.391 AM INFO java:941
Loading Java functions for database: default
11:45:51.391 AM INFO java:952
Loaded Java functions for database: default
11:45:51.420 AM INFO java:1170
Invalidated all metadata.
11:45:51.427 AM INFO cc:190
Starting statestore subscriber
11:45:51.428 AM INFO cc:452
ThriftServer 'StatestoreSubscriber' started on port: 23020
11:45:51.428 AM INFO cc:217
Registering with statestore
11:45:51.434 AM INFO cc:78
Couldn't open transport for dn.isaac.com:24000 (No more data to read.)
11:45:51.434 AM INFO cc:94
Unable to connect to dn.isaac.com:24000

 

 

# vi /var/log/catalogd/catalogd.dn.isaac.com.impala.log.ERROR.20181206-115245.4361

F1206 11:53:18.085758 4361 catalogd-main.cc:88] Couldn't open transport for dn.isaac.com:24000 (No more data to read.)
. Impalad exiting.
*** Check failure stack trace: ***
@ 0x22ce71d
@ 0x22cffc2
@ 0x22ce0f7
@ 0x22d16be
@ 0x9b47e8
@ 0x96aa07
@ 0x7f5e346f0c05
@ 0x9b3411
Picked up JAVA_TOOL_OPTIONS: -Xmx8g
Wrote minidump to /var/log/impala-minidumps/catalogd/99579f34-ce2b-49d7-30c5bc88-c9d7478c.dmp

 

anyone have any solution?

1 REPLY 1
Highlighted

Re: Impala service does not work after enabling Kerberos on the CM.

Explorer

My Impala Error

 

impala error.png

 

additional impala conf

 

impala conf.png