Support Questions

chrsvarma · ‎02-20-2017

beeline> !connect jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false Connecting to jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false Enter username for jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false: rvchinta Enter password for jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false: ******** Connected to: Apache Hive (version 1.2.1000.2.5.3.0-37) Driver: Hive JDBC (version 1.2.1000.2.5.3.0-37) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://master1.chrsv.com:8443/defaul> show databases; +----------------+--+ | database_name | +----------------+--+ | default | | test | +----------------+--+

2017-02-20 14:43:45,115 INFO [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(398)) - Failed to authenticate with http/_HOST kerberos principal, trying with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(406)) - Failed to authenticate with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(209)) - Error: org.apache.hive.service.auth.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:407) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:159) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:565) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) at org.eclipse.jetty.server.Server.handle(Server.java:349) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:952) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.reflect.UndeclaredThrowableException at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1742) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:404) ... 23 more Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Authorization header received from the client is empty. at org.apache.hive.service.cli.thrift.ThriftHttpServlet.getAuthHeader(ThriftHttpServlet.java:548) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.access$100(ThriftHttpServlet.java:74) at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:449) at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:412) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724) ... 24 more 2017-02-20 14:43:45,172 INFO [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(145)) - Could not validate cookie sent, will try to generate a new cookie 2017-02-20 14:43:45,176 INFO [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(204)) - Cookie added for clientUserName knox

chrsvarma · ‎02-20-2017

I was able to make a successful connection, but i still see some error's in hs2 log....

Failed to authenticate with http/_HOST kerberos principal, trying with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(406)) - Failed to authenticate with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(209)) - Error:

mqureshi · ‎02-20-2017

@Raja Sekhar Chintalapati

Do you have all Kerberos tickets generated and valid? This is an authentication error where you only need to generaqte right tickets if you are using Ambari.

chrsvarma · ‎02-21-2017

@mqureshi every keytab and principal was created by ambari...and all of them are valid..

Shelton · ‎02-21-2017

@Raja Sekhar Chintalapati

Of course if you setup a KDC the keytabs are valid but you need to grab a valid one to proceed! Get the list of keytabs

List all valid keytabs

$ ls /etc/security/keytabs

List valid principals for this keytab

$ klist -kt /etc/security/keytabs/hive.service.keytab 
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab 
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------    
1 02/02/17 23:00:12 hive/Ambari-Host_name@YOUR_REALM.COM    
1 02/02/17 23:00:12 hive/Ambari-Host_name@YOUR_REALM.COM

Grab a valid ticket

$ kinit -kt /etc/security/keytabs/hive.service.keytab hive/Ambari-Host_name@YOUR_REALM.COM

Check validity

$ klist Ticket cache: FILE:/tmp/krb5cc_504
Default principal: hive/Ambari-Host_name@YOUR_REALM.COM 
Valid starting     Expires            Service principal
02/10/17 01:32:45  02/11/17 01:32:45  krbtgt/YOUR_REALM.COM@YOUR_REALM.COM         
renew until 02/10/17 01:32:45

Grab a valid ticket

$ kinit -kt /etc/security/keytabs/hive.service.keytab hive/Ambari-Host_name@YOUR_REALM.COM

This should have been the correct connect string if you had a valid ticket

beeline -u jdbc:hive2://hiveServer2_hostname:10000;principal=hive/Keytab@PRINCIPAL

With the above you should successfully log on and execute your HQL

Cloudera Community

Support Questions

hiveserver2 error