Support Questions

bish765485 · ‎09-27-2024

Hey Team,

I am want to connect hive with SSL and Kerberos.

Getting error with trying to connect via beeline and got the following error:

root@ip-172-31-13-77:~# beeline -u "jdbc:hive2://ec2-52-66-58-15.ap-south-1.compute.amazonaws.com:10000/default;principal=hive/ec2-52-66-58-15.ap-south-1.compute.amazonaws.com@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM;ssl=true;sslTrustStore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;trustStorePassword=******************"
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/opt/cloudera/parcels/CDH-7.1.7-1.cdh7.1.7.p0.15945976/jars/log4j-slf4j-impl-2.13.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/opt/cloudera/parcels/CDH-7.1.7-1.cdh7.1.7.p0.15945976/jars/slf4j-log4j12-1.7.30.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
WARNING: Use "yarn jar" to launch YARN applications.
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/opt/cloudera/parcels/CDH-7.1.7-1.cdh7.1.7.p0.15945976/jars/log4j-slf4j-impl-2.13.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/opt/cloudera/parcels/CDH-7.1.7-1.cdh7.1.7.p0.15945976/jars/slf4j-log4j12-1.7.30.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Connecting to jdbc:hive2://ec2-52-66-58-15.ap-south-1.compute.amazonaws.com:10000/default;principal=hive/ec2-52-66-58-15.ap-south-1.compute.amazonaws.com@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM;ssl=true;sslTrustStore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;trustStorePassword=W9KFVmohGT4H0wk90viVjP6NLljSUjNBSHs4gnKd4uS
24/09/27 07:11:34 [main]: WARN jdbc.HiveConnection: Failed to connect to ec2-52-66-58-15.ap-south-1.compute.amazonaws.com:10000
Unknown HS2 problem when communicating with Thrift server.
Error: Could not open client transport with JDBC Uri: jdbc:hive2://ec2-52-66-58-15.ap-south-1.compute.amazonaws.com:10000/default;principal=hive/ec2-52-66-58-15.ap-south-1.compute.amazonaws.com@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM;ssl=true;sslTrustStore=/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks;trustStorePassword=************************: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching ec2-52-66-58-15.ap-south-1.compute.amazonaws.com found. (state=08S01,code=0)

Looking for help and get it fix.
It is little urgent please reply at the earliest
Thanks in advance
Ankit Bishnoi

hadoopranger · ‎09-27-2024

1)Please check for a valid kerberos ticket before connecting to hive

$Kinit

$beeline

2) Can you please check the hive metastore logs for more details

bish765485 · ‎09-27-2024

Hey
thanks for reaching me out @hadoopranger
After kinit I am trying to connect via beeline:
Please logs of the hive metastore:
2024-09-27 12:51:13,989 INFO org.apache.hadoop.fs.TrashPolicyDefault: [pool-5-thread-62]: Moved: 'hdfs://ip-172-31-13-77.ap-south-1.compute.internal:8020/user/hue/.cloudera_manager_hive_metastore_canary/cloudera_manager_metastore_canary_test_catalog_hive_HIVEMETASTORE_ac9f056b57b5af07c85fc6a689cb47ce' to trash at: hdfs://ip-172-31-13-77.ap-south-1.compute.internal:8020/user/hue/.Trash/Current/user/hue/.cloudera_manager_hive_metastore_canary/cloudera_manager_metastore_canary_test_catalog_hive_HIVEMETASTORE_ac9f056b57b5af07c85fc6a689cb47ce1727441473987
2024-09-27 12:51:13,993 WARN org.apache.hadoop.hive.metastore.utils.FileUtils: [pool-5-thread-62]: File does not exist: hdfs://ip-172-31-13-77.ap-south-1.compute.internal:8020/user/hue/.cloudera_manager_hive_metastore_canary/cloudera_manager_metastore_canary_test_catalog_hive_HIVEMETASTORE_ac9f056b57b5af07c85fc6a689cb47ce; Force to delete it.
2024-09-27 12:51:13,994 ERROR org.apache.hadoop.hive.metastore.utils.FileUtils: [pool-5-thread-62]: Failed to delete hdfs://ip-172-31-13-77.ap-south-1.compute.internal:8020/user/hue/.cloudera_manager_hive_metastore_canary/cloudera_manager_metastore_canary_test_catalog_hive_HIVEMETASTORE_ac9f056b57b5af07c85fc6a689cb47ce
2024-09-27 12:51:13,995 INFO org.apache.hadoop.hive.metastore.HiveMetaStore: [pool-5-thread-62]: 62: Cleaning up thread local RawStore...
2024-09-27 12:51:13,995 INFO org.apache.hadoop.hive.metastore.HiveMetaStore.audit: [pool-5-thread-62]: ugi=hue/ip-172-31-13-77.ap-south-1.compute.internal@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM ip=172.31.13.77 cmd=Cleaning up thread local RawStore...
2024-09-27 12:51:13,995 INFO org.apache.hadoop.hive.metastore.ObjectStore: [pool-5-thread-62]: RawStore: org.apache.hadoop.hive.metastore.ObjectStore@b6195da, with PersistenceManager: org.datanucleus.api.jdo.JDOPersistenceManager@142daedd will be shutdown
2024-09-27 12:51:13,995 INFO org.apache.hadoop.hive.metastore.HiveMetaStore: [pool-5-thread-62]: 62: Done cleaning up thread local RawStore
2024-09-27 12:51:13,995 INFO org.apache.hadoop.hive.metastore.HiveMetaStore.audit: [pool-5-thread-62]: ugi=hue/ip-172-31-13-77.ap-south-1.compute.internal@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM ip=172.31.13.77 cmd=Done cleaning up thread local RawStore
2024-09-27 12:51:13,995 INFO org.apache.hadoop.hive.metastore.HiveMetaStore: [pool-5-thread-62]: 62: Done cleaning up thread local RawStore
2024-09-27 12:51:13,995 INFO org.apache.hadoop.hive.metastore.HiveMetaStore.audit: [pool-5-thread-62]: ugi=hive/ip-172-31-13-77.ap-south-1.compute.internal@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM ip=172.31.13.77 cmd=Done cleaning up thread local RawStore

Output of the klist command:

root@ip-172-31-13-77:/var/log/hive# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hive/ec2-52-66-58-15.ap-south-1.compute.amazonaws.com@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM

Valid starting Expires Service principal
09/27/24 06:50:48 09/27/24 16:50:48 krbtgt/AP-SOUTH-1.COMPUTE.AMAZONAWS.COM@AP-SOUTH-1.COMPUTE.AMAZONAWS.COM
renew until 10/04/24 06:50:39

Moreover;Also check the logs of the hiveserver also:
root@ip-172-31-13-77:/var/log/hive# tail -f hadoop-cmf-hive-HIVESERVER2-ip-172-31-13-77.ap-south-1.compute.internal.log.out
at java.io.BufferedInputStream.read(BufferedInputStream.java:345) ~[?:1.8.0_232]
at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127) ~[hive-exec-3.1.3000.7.1.7.0-551.jar:3.1.3000.7.1.7.0-551]
at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86) ~[hive-exec-3.1.3000.7.1.7.0-551.jar:3.1.3000.7.1.7.0-551]
at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:178) ~[hive-exec-3.1.3000.7.1.7.0-551.jar:3.1.3000.7.1.7.0-551]
at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125) ~[hive-exec-3.1.3000.7.1.7.0-551.jar:3.1.3000.7.1.7.0-551]
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) ~[hive-exec-3.1.3000.7.1.7.0-551.jar:3.1.3000.7.1.7.0-551]
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41) ~[hive-exec-3.1.3000.7.1.7.0-551.jar:3.1.3000.7.1.7.0-551]
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216) ~[hive-exec-3.1.3000.7.1.7.0-551.jar:3.1.3000.7.1.7.0-551]
... 10 more
2024-09-27 12:31:54,081 INFO org.apache.hadoop.hive.ql.metadata.HiveMaterializedViewsRegistry: [HiveMaterializedViewsRegistry-0]: Materialized views registry has been refreshed

Please let me know if any things needs to be check and configured
Thanks
Ankit

Cloudera Community

Support Questions

Unknown HS2 problem when communicating with Thrift server via beeline