Member since
09-24-2015
49
Posts
67
Kudos Received
16
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
5344 | 03-29-2016 03:02 PM | |
3030 | 03-21-2016 01:34 PM | |
3504 | 03-07-2016 09:12 PM | |
2965 | 01-12-2016 10:01 PM | |
1077 | 01-11-2016 10:04 PM |
11-10-2021
12:54 AM
Hi, it should. But when You need to use certs signed with Your organisation use: convert .p12 to pfx (you will need also pem file) openssl pkcs12 -export -out YOUROWNNAME.pfx -inkey YOUR_KEYS.pem -in YOUR_KEYS.pem -certfile YOUR_KEYS.pem When You manage to get pfx file use: keytool -importkeystore -srckeystore gateway.pfx -srcstoretype pkcs12
-srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks]
-deststoretype jks -deststorepass [PASSWORD_JKS] -destalias gateway-identity [ALIAS_SRC] - read from pfx file to do that use: keytool -v -list -storetype pkcs12 -keystore YOUROWNNAME.pfx At end use this: mv gateway.jks /var/lib/knox/data-2.6.4.0-91/security/keystores/
... View more
03-30-2016
06:16 PM
Narasimha, Here are some great docs on Knox, http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Knox_Gateway_Admin_Guide/content/ch01.html. Also notice the guides posted by others here to help you with the setup. Eric
... View more
01-05-2017
11:44 PM
we are having the same issue with and our HDP version is 2.4.2, here are all the setting we have already implemented. Our beeline works for all users. There is no permission issue either. Here is the error logs and I have already attached few settings from our environment. 2017-01-03 10:04:22,851 INFO [HiveServer2-Handler-Pool: Thread-67181]: thrift.ThriftCLIService (ThriftCLIService.java:OpenSession(294)) - Client protocol version: HIVE_CLI_SERVICE_PROTOCOL_V1
2017-01-03 10:04:22,854 WARN [HiveServer2-Handler-Pool: Thread-67181]: thrift.ThriftCLIService (ThriftCLIService.java:OpenSession(308)) - Error opening session:
org.apache.hive.service.cli.HiveSQLException: Failed to validate proxy privilege of tabsrvtest for btaylo
at org.apache.hive.service.auth.HiveAuthFactory.verifyProxyAccess(HiveAuthFactory.java:379)
at org.apache.hive.service.cli.thrift.ThriftCLIService.getProxyUser(ThriftCLIService.java:731)
at org.apache.hive.service.cli.thrift.ThriftCLIService.getUserName(ThriftCLIService.java:367)
at org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:394)
at org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:297)
at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1257)
at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1242)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingProcessor.process(HadoopThriftAuthBridge.java:562)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:285)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.hadoop.security.authorize.AuthorizationException: User: tabsrvtest is not allowed to impersonate
btaylo
at org.apache.hadoop.security.authorize.DefaultImpersonationProvider.authorize(DefaultImpersonationProvider.java:119)
at org.apache.hadoop.security.authorize.ProxyUsers.authorize(ProxyUsers.java:102)
at org.apache.hadoop.security.authorize.ProxyUsers.authorize(ProxyUsers.java:116)
at org.apache.hive.service.auth.HiveAuthFactory.verifyProxyAccess(HiveAuthFactory.java:375)
... 13 more
2017-01-03 10:04:22,866 WARN [HiveServer2-Handler-Pool: Thread-67181]: thrift.ThriftCLIService (ThriftCLIService.java:CloseSession(456)) - Error closing session:
java.nio.BufferUnderflowException
at java.nio.Buffer.nextGetIndex(Buffer.java:506)
at java.nio.HeapByteBuffer.getLong(HeapByteBuffer.java:412)
at org.apache.hive.service.cli.HandleIdentifier.<init>(HandleIdentifier.java:46)
at org.apache.hive.service.cli.Handle.<init>(Handle.java:38)
at org.apache.hive.service.cli.SessionHandle.<init>(SessionHandle.java:45)
at org.apache.hive.service.cli.SessionHandle.<init>(SessionHandle.java:41)
at org.apache.hive.service.cli.thrift.ThriftCLIService.CloseSession(ThriftCLIService.java:447)
at org.apache.hive.service.cli.thrift.TCLIService$Processor$CloseSession.getResult(TCLIService.java:1277)
at org.apache.hive.service.cli.thrift.TCLIService$Processor$CloseSession.getResult(TCLIService.java:1262)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingProcessor.process(HadoopThriftAuthBridge.java:562)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:285)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745) core-site.pnghive-settings.png
... View more
01-27-2016
07:41 AM
Thanks @Kevin Minder , brilliant !
... View more
09-28-2018
03:13 AM
I'm having the same issue! https://knox.apache.org/books/knox-1-1-0/user-guide.html#Quick+Start Following the tutorial step by step and the I get this: root@hn0-securi:~/knox-1.1.0# curl -i -k -u guest:guest-password -X GET 'https://localhost:8443/gateway/sandbox/webhdfs/v1/?op=LISTSTATUS'
HTTP/1.1 500 Server Error
Date: Thu, 27 Sep 2018 07:45:22 GMT
Set-Cookie: JSESSIONID=5qbve5zzilryrp6nfy8zztn0;Path=/gateway/sandbox;Secure;HttpOnly
Set-Cookie: rememberMe=deleteMe; Path=/gateway/sandbox; Max-Age=0; Expires=Wed, 26-Sep-2018 07:45:22 GMT
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 317
Connection: close
Server: Jetty(9.2.22.v20170606)
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 500 Server Error</title>
</head>
<body><h2>HTTP ERROR 500</h2>
<p>Problem accessing /gateway/sandbox/webhdfs/v1/. Reason:
<pre> Server Error</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html> Please help !! Thanks
... View more
10-23-2015
01:54 PM
Specifically Knox supports TAM now ISAM via pre-authenticated headers. You can find out more here: http://knox.apache.org/books/knox-0-6-0/user-guide.html#Preauthenticated+SSO+Provider
... View more
09-29-2015
02:18 PM
2 Kudos
In the Knox <knox-home>/bin/gateway.sh file (e.g. /usr/hdp/current/knox-server/bin/gateway.sh) you will find a variable that can be populated with JVM memory settings. APP_MEM_OPTS="" For example, you could provide the values show below for an initial and max 2GB heap. Knox will need to be restarted for this to take effect. APP_MEM_OPTS="-Xms2g -Xmx2g"
... View more