Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Zeppelin - HDP2.3.4 - Spark 1.5.2 => Kerberos issue

Highlighted

Zeppelin - HDP2.3.4 - Spark 1.5.2 => Kerberos issue

Guru

Hi,

I added Zeppelin 0.5.6 in an HDP 2.3.4 cluster (incl. Spark 1.5.2) based on HDP-tutorial and Zeppelin-Doc for the Kerberos part in spark interpreter.

Then I started the "Zeppelin Tutorial" notebook but it fails with error:

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
 at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
 at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
 at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
 at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
 at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
 at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:411)
 at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:550)
 at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:367)
 at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:716)
 at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:712)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.Subject.doAs(Subject.java:415)
 at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1548)

After that I tried to use simple Hive notebook with adjusted Hive interpreter, but even a "show databases" fails with

Could not open client transport with JDBC Uri: jdbc:hive2://hiveserver:10000/;principal=hive/hiveserver@realm: GSS initiate failed

The configuration of Hive interpreter looks like:

4566-hiveinterpreter-config.png

Any hints how to configure Zeppelin in HDP2.3.4 + Kerberos properly ?!?!

Thanks

2 REPLIES 2

Re: Zeppelin - HDP2.3.4 - Spark 1.5.2 => Kerberos issue

Guru

Hello @Gerd Koenig , is your Kerberos realm name set to "realm"? Would you mind using "principal=hive/<hiveserver-fqdn>@realm" in jdbc connection string?

Also I'd check if the beeline is working with this connection string.

Re: Zeppelin - HDP2.3.4 - Spark 1.5.2 => Kerberos issue

Guru

Hi @Vipin Rathor ,

I have to mask the hiveserver and realm, but yes, the connection details are correct and a beeline connection can be established successfully with exactly that string I have configured in the Zeppelin-Hive-Interpreter.

Don't have an account?
Coming from Hortonworks? Activate your account here