Support Questions

Find answers, ask questions, and share your expertise

hiveserver2 error

avatar
Super Collaborator

beeline> !connect jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false Connecting to jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false Enter username for jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false: rvchinta Enter password for jdbc:hive2://master1.chrsv.com:8443/default;transportMode=http;httpPath=gateway/default/hive;ssl=false: ******** Connected to: Apache Hive (version 1.2.1000.2.5.3.0-37) Driver: Hive JDBC (version 1.2.1000.2.5.3.0-37) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://master1.chrsv.com:8443/defaul> show databases; +----------------+--+ | database_name | +----------------+--+ | default | | test | +----------------+--+

2017-02-20 14:43:45,115 INFO [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(398)) - Failed to authenticate with http/_HOST kerberos principal, trying with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(406)) - Failed to authenticate with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(209)) - Error: org.apache.hive.service.auth.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:407) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:159) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:565) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) at org.eclipse.jetty.server.Server.handle(Server.java:349) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:952) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.reflect.UndeclaredThrowableException at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1742) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:404) ... 23 more Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Authorization header received from the client is empty. at org.apache.hive.service.cli.thrift.ThriftHttpServlet.getAuthHeader(ThriftHttpServlet.java:548) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.access$100(ThriftHttpServlet.java:74) at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:449) at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:412) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724) ... 24 more 2017-02-20 14:43:45,172 INFO [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(145)) - Could not validate cookie sent, will try to generate a new cookie 2017-02-20 14:43:45,176 INFO [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(204)) - Cookie added for clientUserName knox

4 REPLIES 4

avatar
Super Collaborator

I was able to make a successful connection, but i still see some error's in hs2 log....

Failed to authenticate with http/_HOST kerberos principal, trying with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(406)) - Failed to authenticate with hive/_HOST kerberos principal 2017-02-20 14:43:45,116 ERROR [HiveServer2-HttpHandler-Pool: Thread-57]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(209)) - Error:

avatar
Super Guru
@Raja Sekhar Chintalapati

Do you have all Kerberos tickets generated and valid? This is an authentication error where you only need to generaqte right tickets if you are using Ambari.

avatar
Super Collaborator

@mqureshi every keytab and principal was created by ambari...and all of them are valid..

avatar
Master Mentor

@avatar imageRaja Sekhar Chintalapati

Of course if you setup a KDC the keytabs are valid but you need to grab a valid one to proceed! Get the list of keytabs

List all valid keytabs

$ ls /etc/security/keytabs 

List valid principals for this keytab

$ klist -kt /etc/security/keytabs/hive.service.keytab 
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab 
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------    
1 02/02/17 23:00:12 hive/Ambari-Host_name@YOUR_REALM.COM    
1 02/02/17 23:00:12 hive/Ambari-Host_name@YOUR_REALM.COM 

Grab a valid ticket

$ kinit -kt /etc/security/keytabs/hive.service.keytab hive/Ambari-Host_name@YOUR_REALM.COM 

Check validity

$ klist Ticket cache: FILE:/tmp/krb5cc_504
Default principal: hive/Ambari-Host_name@YOUR_REALM.COM 
Valid starting     Expires            Service principal
02/10/17 01:32:45  02/11/17 01:32:45  krbtgt/YOUR_REALM.COM@YOUR_REALM.COM         
renew until 02/10/17 01:32:45 

Grab a valid ticket

$ kinit -kt /etc/security/keytabs/hive.service.keytab hive/Ambari-Host_name@YOUR_REALM.COM

This should have been the correct connect string if you had a valid ticket

beeline -u jdbc:hive2://hiveServer2_hostname:10000;principal=hive/Keytab@PRINCIPAL

With the above you should successfully log on and execute your HQL