Support Questions

Hi Team,

I am using Ambari -2.1.2 and HDP -2.3.0.0-2557 with kerberos and Ranger configured.

I tried to setup HIVE repository in Ranger but test connection fails. Below are my repository details -

where jdbc url is - " jdbc:hive2://node2.example.com:10000/default;principal=hive/node2.example.com@example.com "

I tested same using beeline from the node2.example.com where i have my hiveserver2 installed. Below are logs -

===

beeline> !connect jdbc:hive2://node2.example.com:10000/default;principal=hive/node2.example.com@example.com

Connecting to jdbc:hive2://node2.example.com:10000/default;principal=hive/node2.example.com@example.com

Enter username for jdbc:hive2://node2.example.com:10000/default;principal=hive/node2.example.com@example.com: hive

Enter password for jdbc:hive2://node2.example.com:10000/default;principal=hive/node2.example.com@example.com: ****

Connected to: Apache Hive (version 1.2.1.2.3.0.0-2557)

Driver: Hive JDBC (version 1.2.1.2.3.0.0-2557)

Transaction isolation: TRANSACTION_REPEATABLE_READ

0: jdbc:hive2://node2.example.com:10000/defau>

===

below are ranger xa-admin logs i see -

Error: Could not open client transport with JDBC Uri: jdbc:hive2://node2.example.com:10000/default;principal=hive/node2.example.com@example.com: GSS initiate failed (state=08S01,code=0)

0: jdbc:hive2://node2.example.com:10000/defau (closed)> 16/03/30 10:29:59 [main]: ERROR transport.TSaslTransport: SASL negotiation failure

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)

at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)

at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)

at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)

at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)

at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAs(Subject.java:422)