Member since
11-15-2017
1
Post
0
Kudos Received
0
Solutions
11-15-2017
03:38 PM
The setup
- host is mac osx
- cloudera quickstart vm (192.168.99.100) with hostname as "quickstart.cloudera"
- another centos vm (192.168.99.101) with hostname as "osboxes"
On the quickstart vm, i am able to run the beeline command and view the default database with the command below. I do a kinit , followed by this command
> beeline -u "jdbc:hive2://quickstart.cloudera:10000/default;principal=hive/quickstart.cloudera@CLOUDERA;auth=kerberos"
On the centos vm
- my krb5.conf at /etc/krb5.conf
[libdefaults]
default_realm = CLOUDERA
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
CLOUDERA = {
kdc = quickstart.cloudera
admin_server = quickstart.cloudera
}
[domain_realm]
In my /etc/hosts i have pointed to quickstart vm
192.168.99.100 quickstart.cloudera
Step 1) I create a principal for user at centosvm on quickstart vm. At quickstart vm i do:
[cloudera@quickstart ~]$ sudo kadmin
Authenticating as principal cloudera-scm/admin@CLOUDERA with password.
Password for cloudera-scm/admin@CLOUDERA:
kadmin: addprinc sc@CLOUDERA
WARNING: no policy specified for sc@CLOUDERA; defaulting to no policy
Enter password for principal "sc@CLOUDERA":
Re-enter password for principal "sc@CLOUDERA":
Principal "sc@CLOUDERA" created.
kadmin: q
Step 2) I do kinit from centos vm
[sc@osboxes apache-hive-2.1.1-bin]$ kinit sc@CLOUDERA
Password for sc@CLOUDERA:
[sc@osboxes apache-hive-2.1.1-bin]$ klist
Ticket cache: FILE:/tmp/krb5cc_1001
Default principal: sc@CLOUDERA
Valid starting Expires Service principal
11/16/2017 07:18:32 11/17/2017 07:18:32 krbtgt/CLOUDERA@CLOUDERA
renew until 11/23/2017 07:18:32
Step 3) I have downloaded the beeline binaries at centos vm and did no changes to conf files. I run
[sc@osboxes apache-hive-2.1.1-bin]$ ./bin/beeline -u "jdbc:hive2://quickstart.cloudera:10000/default;principal=hive/quickstart.cloudera@CLOUDERA;auth=kerberos"
which: no hbase in (/usr/local/apache-maven/bin:/usr/local/maven/bin:/usr/local/ant/bin:/usr/local/gradle/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/sc/.local/bin:/home/sc/bin)
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/sc/apache-hive-2.1.1-bin/lib/log4j-slf4j-impl-2.4.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/usr/lib/zookeeper/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Connecting to jdbc:hive2://quickstart.cloudera:10000/default;principal=hive/quickstart.cloudera@CLOUDERA;auth=kerberos
17/11/16 07:26:03 [main]: ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) ~[?:1.7.0_131]
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94) ~[hive-exec-2.1.1.jar:2.1.1]
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) [hive-exec-2.1.1.jar:2.1.1]
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37) [hive-exec-2.1.1.jar:2.1.1]
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52) [hive-exec-2.1.1.jar:2.1.1]
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49) [hive-exec-2.1.1.jar:2.1.1]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.7.0_131]
at javax.security.auth.Subject.doAs(Subject.java:421) [?:1.7.0_131]
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1917) [hadoop-common-2.6.0-cdh5.12.1.jar:?]
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49) [hive-exec-2.1.1.jar:2.1.1]
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:227) [hive-jdbc-2.1.1.jar:2.1.1]
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:182) [hive-jdbc-2.1.1.jar:2.1.1]
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107) [hive-jdbc-2.1.1.jar:2.1.1]
at java.sql.DriverManager.getConnection(DriverManager.java:571) [?:1.7.0_131]
at java.sql.DriverManager.getConnection(DriverManager.java:187) [?:1.7.0_131]
at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:145) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:209) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.Commands.connect(Commands.java:1469) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.Commands.connect(Commands.java:1364) [hive-beeline-2.1.1.jar:2.1.1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_131]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_131]
at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:54) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.BeeLine.execCommandWithPrefix(BeeLine.java:1104) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:1143) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.BeeLine.initArgs(BeeLine.java:783) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:862) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:502) [hive-beeline-2.1.1.jar:2.1.1]
at org.apache.hive.beeline.BeeLine.main(BeeLine.java:485) [hive-beeline-2.1.1.jar:2.1.1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_131]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_131]
at org.apache.hadoop.util.RunJar.run(RunJar.java:221) [hadoop-common-2.6.0-cdh5.12.1.jar:?]
at org.apache.hadoop.util.RunJar.main(RunJar.java:136) [hadoop-common-2.6.0-cdh5.12.1.jar:?]
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) ~[?:1.7.0_131]
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121) ~[?:1.7.0_131]
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) ~[?:1.7.0_131]
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223) ~[?:1.7.0_131]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) ~[?:1.7.0_131]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ~[?:1.7.0_131]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) ~[?:1.7.0_131]
... 35 more
17/11/16 07:26:03 [main]: WARN jdbc.HiveConnection: Failed to connect to quickstart.cloudera:10000
Unknown HS2 problem when communicating with Thrift server.
Error: Could not open client transport with JDBC Uri: jdbc:hive2://quickstart.cloudera:10000/default;principal=hive/quickstart.cloudera@CLOUDERA;auth=kerberos: GSS initiate failed (state=08S01,code=0)
Beeline version 2.1.1 by Apache Hive
What i am doing wrong here and not able to connect from the centos vm ??
... View more
Labels:
- Labels:
-
Apache Hive
-
Kerberos
-
Quickstart VM