Member since
06-13-2016
76
Posts
13
Kudos Received
6
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1169 | 08-09-2017 06:54 PM | |
1574 | 05-03-2017 02:25 PM | |
2169 | 03-28-2017 01:56 PM | |
2409 | 09-26-2016 09:05 PM | |
1758 | 09-22-2016 03:49 AM |
09-06-2017
06:23 PM
Hello, I have a kerberos-enabled cluster and trying to enable SASL/PLAIN as well on the same broker. SASL (GSSAPI) works fine. These are the steps i took: 1) Added PlainLoginModule to kafka_jaas.conf (all other sections already there due to kerberos) KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="{{kafka_keytab_path}}"
storeKey=true
useTicketCache=false
serviceName="{{kafka_bare_jaas_principal}}"
principal="{{kafka_jaas_principal}}";
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret"
user_alice="alice-secret";
};
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
renewTicket=true
serviceName="{{kafka_bare_jaas_principal}}";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="{{kafka_keytab_path}}"
storeKey=true
useTicketCache=false
serviceName="zookeeper"
principal="{{kafka_jaas_principal}}";
};
I've also validated, -Djava.security.auth.login.config=/usr/hdp/current/kafka-broker/config/kafka_jaas.conf is being loaded (ps -ef | grep kafka_jaas.conf) 2) Created a kafka_plain_jaas_client.conf KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="alice"
password="alice-secret";
};
3) Update to server.properties sasl.enabled.mechanisms=GSSAPI,PLAIN
advertised.listeners=PLAINTEXTSASL://ip-123-0-0-12.ec2.internal:6667 4) Producer.proerties security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN 5) Restarted Kafka When I use the old kafka_client_jaas that references com.sun.security.auth.module.Krb5LoginModule, everything still works but using the new client_jaas with plainLoginModule I get: kafka@ip-170-0-0-12:/usr/hdp/current/kafka-broker/bin$ /usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list ip-170-0-0-12.ec2.internal:6667 --topic ssl_plain_test -producer.config /usr/hdp/current/kafka-broker/conf/producer.properties --security-protocol PLAINTEXTSASL
d
[2017-09-06 18:13:56,982] WARN Error while fetching metadata with correlation id 0 : {ssl_plain_test=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)
[2017-09-06 18:13:57,183] WARN Error while fetching metadata with correlation id 1 : {ssl_plain_test=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)
[2017-09-06 18:13:57,284] WARN Error while fetching metadata with correlation id 2 : {ssl_plain_test=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)
[2017-09-06 18:13:57,385] WARN Error while fetching metadata with correlation id 3 : {ssl_plain_test=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)
[2017-09-06 18:13:57,485] WARN Error while fetching metadata with correlation id 4 : {ssl_plain_test=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)
I edited: /usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh to point to my client_jaas: export KAFKA_CLIENT_KERBEROS_PARAMS="-Djava.security.auth.login.config=$KAFKA_HOME/config/kafka_plain_jaas_client.conf" Any ideas? Thanks!
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Kafka
08-09-2017
06:54 PM
1 Kudo
Hey Eyad, One option is to use the XML as the starting point/ingestion/trigger. Once you get the getFile/fetchFile you can pass it to evaluateXPath to read/parse the XML file and turn the values into attributes. Once you have the attributes you should have everything you need to prep the file (fetch file, create table, putHDFS, etc). We do something similar for our ingestion but use a sql db that has all the metadata information. Once we detect a file, we query mysql to pull in the similar info you have in your XML file.
... View more
07-07-2017
07:42 PM
Hi, Getting the below error during nifi startup: Exception in thread "main" java.net.BindException: Cannot assign requested address (Bind failed)
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.bind(ServerSocket.java:329)
at org.apache.nifi.bootstrap.NiFiListener.start(NiFiListener.java:38)
at org.apache.nifi.bootstrap.RunNiFi.start(RunNiFi.java:1022)
at org.apache.nifi.bootstrap.RunNiFi.main(RunNiFi.java:216) I've left nifi.properties default and verified ports not being used nifi.web.http.host= nifi.web.http.port=8080 any ideas?
... View more
Labels:
- Labels:
-
Apache NiFi
06-30-2017
05:13 AM
Hi, We are ingesting a very complex XML file (super nested, unordered elements etc). We have HDP and HDF for ingestion and considering a few options:
1. XML Serde on File (not the most intuitive for really complex structures)
2. Spit XML into child splits and remerge into 1:M hive tables (a little better than option 1 but still gets a little crazy)
3. Convert XML to JSON with xlst, and use hive Serde. I found JSON SerDe a little more flexible and was able to deal with the deep nested, unordered entities okay.
4. Convert XML directly to Avro with Spark 5. Read XML and pull out only relevant entities/attributes Any recommendations or other approaches people have succesffuly used?
... View more
Labels:
- Labels:
-
Apache Hive
06-30-2017
05:05 AM
Hi - Is it possible to setup a Hierarchy of tags that can be searchable (either API or UI) through the parent tag? If for example I have 4 tags, company1,company2,company3,company4 and a parent tag of vendors. Is there a way for me to search vendors and it to come up with the tag list of company1-4? I have created tags that inheirt from others but cant see this relationship in the UI
... View more
Labels:
- Labels:
-
Apache Atlas
06-30-2017
04:59 AM
Hi - upgraded from HDF 2.x -> 3.0 (ran into issue with upgrade so wiped everything 2.x related and installed 3). Getting the below error in app log during startup. Everything done through Ambari 2017-06-29 20:11:31,391 ERROR [NiFi logging handler] org.apache.nifi.StdErr Failed to start web server: Error creating bean with name 'niFiWebApiSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setJwtAuthenticationProvider(org.apache.nifi.web.security.jwt.JwtAuthenticationProvider); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtAuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'jwtService' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtService' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'keyService' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyService' defined in class path resource [nifi-administration-context.xml]: Cannot resolve reference to bean 'keyTransactionBuilder' while setting bean property 'transactionBuilder'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyTransactionBuilder' defined in class path resource [nifi-administration-context.xml]: Cannot resolve reference to bean 'keyDataSource' while setting bean property 'dataSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyDataSource': FactoryBean threw exception on object creation; nested exception is org.h2.jdbc.JdbcSQLException: Error while creating file "/data/1/nifi/database_repository_rock" [90062-176] I do see: 2017-06-29 20:11:10,586 - Creating directory Directory['/data/1/nifi/database_repository'] since it doesn't exist.
2017-06-29 20:11:10,586 - Changing owner for /data/1/nifi/database_repository_rock from 0 to nifi 2017-06-29 20:11:10,586 - Changing group for /data/1/nifi/database_repository_rock from 0 to nifi Permissions and everything looks to be set correctly. Have tried completely removing /data/1/* and clearing other remnants of previous install. any ideas or places I should look? Only happens
... View more
Labels:
- Labels:
-
Apache NiFi
06-30-2017
04:47 AM
Hi Ashutosh, I would use Hortonworks contact us support page for questions around certification and options you may have. Someone should be in touch with you https://hortonworks.com/marketo-contact-training Thanks, Matt
... View more
05-03-2017
02:25 PM
Look like it was just hive needed to be restarted (no restart prompt was there)...none of the above made any difference.
ranger.usersync.ldap.username.caseconversion=lower ranger.usersync.ldap.groupname.caseconversion=lower This is only used for usersync - how ranger imports your users in groups. It doesnt affect how your username or group will appear in audit Please verify the auth_to_local rules in the host where hive is running, usually in /usr/hdp/<Version>/hadoop/conf You can also try copy/link core-site.xml to /etc/hive/conf/conf.server and /etc/hive/conf This didnt make any difference either, i believe its because it hive uses: usr/hdp/current/hadoop-client/conf/:
... View more
05-03-2017
03:46 AM
Hello, When i run hive commands, ranger audit is picking up my user name with Capitals e.g "John.Doe". When I do HDFS Commands, its lower case "john.doe" My Principal is: John.Doe@CORP.AD and we have auth-to-local rules to convert this to all lower case. (john.doe)
In ranger we are also doing ranger.user.sync case conversion to lower so if we use user policies, only hdfs will work (e.g. i appear as john.doe in users and since Hive comes in as "John.Doe" user policies dont get applied). Example: CREATE TABLE test.permtest (field1 int); - the location of this folder is /data/2017 [john.doe@edge1 ~]$ hdfs dfs -ls /data/2017/ drwxr-xr-x - John.Doe hdfs 0 2017-05-02 20:43 /data/2017/permtest As you can see from the above, the table gets created with the ACL permissions as John.Doe. ------- Now when I do HDFS commands, e.g. it comes up as expected (john.doe - lower case) [john.doe@edge1 ~]$ hdfs dfs -mkdir /data/2017/permtest1 drwxr-xr-x - John.Doe hdfs 0 2017-05-02 20:43 /data/2017/permtest drwxr-xr-x - john.doe hdfs 0 2017-05-02 20:44 /data/2017/permtest1 The John.Doe and john.doe is what gets passed to ranger for authorization and this is a problem since user ranger sync brings over "john.doe" and so any Hive policies wont work. Any ideas?
... View more
Labels:
- Labels:
-
Apache Hadoop
-
Apache Hive
-
Apache Ranger
03-28-2017
02:18 PM
1) locally..I would also change generate flow file processor to have a file size of say 1KB to start and scale up from there. It looks like you've left it as the default of 0. (30,000 flow files but 0 bytes) 2) You need to make sure all route paths are taken care of. If you put your cursor over the yellow exclamation mark it'll highlight error. In your case you need to handle the failure route. (send to funnel or another processor) 3) Once compresscontent is completed
... View more
03-28-2017
02:00 PM
Also, is the cluster kerberized? Do you have ranger policies for Hive?
... View more
03-28-2017
01:58 PM
@dvt isoft Are the tables you've created via ODBC showing up in beeline? What about if you try creating a database instead.
... View more
03-28-2017
01:56 PM
@ARUN Hi, HDFS permissions is managed by a combination of ranger + native HDFS permissions (POSIX). Just because you've set ranger policies for those 3 users, doesnt mean they are the only users who are allowed to access HDFS. In your case, arun is still able to access hdfs because all folders in HDFS have 'r' access for others (eg. /tmp - drwxrwxrwx) The link below has best practicess in managing HDFS permissions with ranger and native hadoop permissions: https://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/ One of the important steps is to change HDFS umask to 077 from 022. This will prevent any new files or folders to be accessed by anyone other than the owner. As an example you can do the below: As hdfs user: 1. hdfs dfs -mkdir /tmp/ranger_test 2 hdfs dfs -chmod 700 /tmp/ranger_test (folder permission becomes "drwx------" - changing umask to 077 will do this for future files) 3. switch to ARUN user 4. hdfs dfs -ls /tmp/ranger_test (you should get an error along the lines of: " ls: Permission denied: user=arun, access=READ_EXECUTE, inode="/tmp/ranger_test":hdfs:hdfs:drwx------" 5. Add a policy in ranger to allow arun access to /tmp/ranger_test 6. try to access the /tmp/ranger_test folder with arun Hope this helps,
... View more
03-28-2017
01:32 PM
@dvt isoft Hi, Are you able to access hive through command line? If so, I would look to see if your table is showing up there. I would also double check the database is selected correctly. Are you creating it in default database or creating your own database and a table within it. Thanks
... View more
03-28-2017
01:27 PM
@Anishkumar Valsalam I usually test nifi cluster functions by setting up a very simple flow such as: GenerateFlowFile -> CompressContent -> UpdateAttribute This involves high rate flow file generation, CPU usage, and provenance emission. It will give you a certain level of knowledge on the health of your system These links are also very useful in determining throughput expectations http://docs.hortonworks.com/HDPDocuments/HDF1/HDF-1.2/bk_Overview/content/performance-expectations-and-characteristics-of-nifi.html http://docs.hortonworks.com/HDPDocuments/HDF2/HDF-2.1.0/bk_dataflow-command-line-installation/content/hdf_isg_hardware.html
... View more
02-10-2017
08:25 PM
@Matt Clarke Thanks Matt, very useful info. It was about 20 tar files, which turned into almost 1000 individual files that I was looking to ZIP back to 20 files. Looks like the major problem was the bin #. It was set to 1, once I increased that it had no problem with the multiple tar files that were queued up. I only had 1 concurrent tasks so I was surprised that even with 1 bin, it would look to create a new bin. For selected prioritizers it was the default " first in first out", so if its untaring one tar file at a time it should finish a whole bin before moving to the next one.
... View more
02-09-2017
06:00 AM
Hi I have the processors unpackContent -> MergeContent. I use this to untar a file and then zip the files. I am using the defragment merge strategy and have been noticing that when MergeContent has to handle many flowfiles at once (flowfile queue builds up before MergeContent) from many different fragments I get "Expected number of fragments is X but only getting Y". Simply routing failures back to merge content or creating a run schedule delay helped solve this but wondering why this would be happening. Thanks,
... View more
- Tags:
- Data Processing
- NiFi
Labels:
- Labels:
-
Apache NiFi
01-26-2017
06:55 AM
No but all ports are open between the two machines. When I run phoenix-client (which works), i use the same node NiFI is running on so i don't think its a connection issue: Works from nifi node: /usr/hdp/current/phoenix-client/bin/sqlline.py zk:2181:/hbase-secure:hbase-dev-hadoop@DEV.COM:/etc/security/keytabs/hbase.headless.keytab
... View more
01-26-2017
06:45 AM
1 Kudo
Hello, I have secured HDP cluster and a nifi flow that ingests JSON and inserts it into a Phoenix Table Getfile->ConvertJsonToSQL->ReplaceText(insert to update)->PutSQL. Prior to enabling kerberos the flow was working fine. After enabling kerberos, I changed the connection pool to: jdbc:phoenix:localhost:2181:/hbase-secure:hbase-dev@DEV.COM:/etc/security/keytabs/hbase.headless.keytab This connection URL works fine with sqlline/phoenix client Now when I start the flow, it initially hangs for a while and I end up with the below logs Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (org.apache.hadoop.hbase.client.RetriesExhaustedException: Failed after attempts=36, exceptions:
Thu Jan 26 06:36:52 UTC 2017, null, java.net.SocketTimeoutException: callTimeout=60000, callDuration=68021: row 'SYSTEM:CATALOG,,' on table 'hbase:meta' at region=hbase:meta,,1.1588230740, hostname=ip-123-431-1-123.ec2.internal,16020,1485391803237, seqNum=0
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549) ~[na:na]
at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) ~[na:na]
at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) ~[na:na]
at org.apache.nifi.dbcp.DBCPConnectionPool.getConnection(DBCPConnectionPool.java:231) ~[na:na]
... 18 common frames omitted
Caused by: java.net.SocketTimeoutException: callTimeout=60000, callDuration=68130: row 'SYSTEM:CATALOG,,' on table 'hbase:meta' at region=hbase:meta,,1.1588230740, hostname=ip-172-40-1-51.ec2.internal,16020,1485391803237, seqNum=0
at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:159) ~[na:na]
at org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:65) ~[na:na]
... 3 common frames omitted
Caused by: org.apache.hadoop.hbase.exceptions.ConnectionClosingException: Call to ip-172-40-1-51.ec2.internal/172.40.1.51:16020 failed on local exception: org.apache.hadoop.hbase.exceptions.ConnectionClosingException: Connection to ip-172-40-1-51.ec2.internal/172.40.1.51:16020 is closing. Call id=9, waitTime=3
at org.apache.hadoop.hbase.ipc.RpcClientImpl.wrapException(RpcClientImpl.java:1258) ~[na:na]
at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1229) ~[na:na]
at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:213) ~[na:na]
at org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:287) ~[na:na]
at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:32741) ~[na:na]
at org.apache.hadoop.hbase.client.ScannerCallable.openScanner(ScannerCallable.java:373) ~[na:na]
at org.apache.hadoop.hbase.client.ScannerCallable.call(ScannerCallable.java:200) ~[na:na]
at org.apache.hadoop.hbase.client.ScannerCallable.call(ScannerCallable.java:62) ~[na:na]
at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithoutRetries(RpcRetryingCaller.java:200) ~[na:na]
at org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:364) ~[na:na]
at org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:338) ~[na:na]
at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126) ~[na:na]
... 4 common frames omitted
Caused by: org.apache.hadoop.hbase.exceptions.ConnectionClosingException: Connection to ip-172-40-1-51.ec2.internal/172.40.1.51:16020 is closing. Call id=9, waitTime=3
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.cleanupCalls(RpcClientImpl.java:1047) ~[na:na]
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.close(RpcClientImpl.java:846) ~[na:na]
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.run(RpcClientImpl.java:574) ~[na:na]
Any ideas on what I could be missing? Similar behaviour with executeSQL. Thanks!
... View more
Labels:
- Labels:
-
Apache NiFi
-
Apache Phoenix
11-25-2016
05:43 AM
@Sunile Manjee Followed the above and getting: An error occurred while establishing the connection:
Long Message:
Remote driver error: RuntimeException: java.sql.SQLFeatureNotSupportedException -> SQLFeatureNotSupportedException: (null exception message)
Details:
Type: org.apache.calcite.avatica.AvaticaClientRuntimeException
Stack Trace:
AvaticaClientRuntimeException: Remote driver error: RuntimeException: java.sql.SQLFeatureNotSupportedException -> SQLFeatureNotSupportedException: (null exception message). Error -1 (00000) null
java.lang.RuntimeException: java.sql.SQLFeatureNotSupportedException
at org.apache.calcite.avatica.jdbc.JdbcMeta.propagate(JdbcMeta.java:681)
at org.apache.calcite.avatica.jdbc.JdbcMeta.connectionSync(JdbcMeta.java:671)
at org.apache.calcite.avatica.remote.LocalService.apply(LocalService.java:314)
at org.apache.calcite.avatica.remote.Service$ConnectionSyncRequest.accept(Service.java:2001)
at org.apache.calcite.avatica.remote.Service$ConnectionSyncRequest.accept(Service.java:1977)
at org.apache.calcite.avatica.remote.AbstractHandler.apply(AbstractHandler.java:95)
at org.apache.calcite.avatica.remote.ProtobufHandler.apply(ProtobufHandler.java:46)
at org.apache.calcite.avatica.server.AvaticaProtobufHandler.handle(AvaticaProtobufHandler.java:124)
at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52)
at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.sql.SQLFeatureNotSupportedException
at org.apache.phoenix.jdbc.PhoenixConnection.setCatalog(PhoenixConnection.java:799)
at org.apache.calcite.avatica.jdbc.JdbcMeta.apply(JdbcMeta.java:652)
at org.apache.calcite.avatica.jdbc.JdbcMeta.connectionSync(JdbcMeta.java:666)
... 15 more
at org.apache.calcite.avatica.remote.Service$ErrorResponse.toException(Service.java:2453)
at org.apache.calcite.avatica.remote.RemoteProtobufService._apply(RemoteProtobufService.java:61)
at org.apache.calcite.avatica.remote.ProtobufService.apply(ProtobufService.java:89)
at org.apache.calcite.avatica.remote.RemoteMeta$5.call(RemoteMeta.java:148)
at org.apache.calcite.avatica.remote.RemoteMeta$5.call(RemoteMeta.java:134)
at org.apache.calcite.avatica.AvaticaConnection.invokeWithRetries(AvaticaConnection.java:715)
at org.apache.calcite.avatica.remote.RemoteMeta.connectionSync(RemoteMeta.java:133)
at org.apache.calcite.avatica.AvaticaConnection.sync(AvaticaConnection.java:664)
at org.apache.calcite.avatica.AvaticaConnection.getAutoCommit(AvaticaConnection.java:181)
at com.onseven.dbvis.g.B.C.ā(Z:1315)
at com.onseven.dbvis.g.B.F$A.call(Z:1369)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745) Through CLI, i am able to connect : p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #5330e1}
span.s1 {font-variant-ligatures: no-common-ligatures} [cloudbreak@ip-172-40-1-169 bin]$ ./sqlline-thin.py Setting property: [incremental, false] Setting property: [isolation, TRANSACTION_READ_COMMITTED] issuing: !connect jdbc:phoenix:thin:url=http://localhost:8765;serialization=PROTOBUF none none org.apache.phoenix.queryserver.client.Driver Connecting to jdbc:phoenix:thin:url=http://localhost:8765;serialization=PROTOBUF Triple checked I am loading the correct driver. Anything else I could be missing?
... View more
10-31-2016
04:40 PM
@Gerg Git No I did not, I ended up using a different LDAP server freeipa which has been proven to integrate with kerberos and knox nicely. I was using openldap, cloudbreak and amazon linux servers on HDP 2.5. I suspect its something related to that or the way I had installed kerberos. What are you using?
... View more
10-12-2016
02:43 PM
@santoshsb They are already configured to point to the nameservice URI. See my first screenshot: hive --service metatool -listFSRootListing FS Roots. hdfs://cluster1/apps/hive/warehouse/test2.d hdfs://cluster1/apps/hive/warehouse/raw.db hdfs://cluster1/apps/hive/warehouse/test.db hdfs://cluster1/apps/hive/warehouse hdfs://cluster1/apps/hive/warehouse/lookup.db
... View more
10-11-2016
10:36 PM
Hello, After enabling HA on the name node, hive is unable to access the hive databases whose metastore name got updated to the new FS path: Error: Error while compiling statement: FAILED: SemanticException java.lang.IllegalArgumentException: java.net.UnknownHostException: cluster1 (state=42000,code=40000) hive metastore tool shows: hive --service metatool -listFSRootListing FS Roots..
hdfs://cluster1/apps/hive/warehouse/test2.db
hdfs://cluster1/apps/hive/warehouse/raw.db
hdfs://cluster1/apps/hive/warehouse/test.db
hdfs://cluster1/apps/hive/warehouse
hdfs://cluster1/apps/hive/warehouse/lookup.db cluster1 is the correct fs.defaultFS that was setup during HA. <property>
<name>fs.defaultFS</name>
<value>hdfs://cluster1</value>
<final>true</final>
</property> If I create a new database in hive, it gets created using the actual name node host name: 0: jdbc:hive2://ip-10-555-2-555.ec2.internal:> create database test3; No rows affected (0.148 seconds) Listing FS Roots.. hdfs://ip-10-123-5-42.ec2.internal:8020/apps/hive/warehouse/test3.db any ideas on what could be missing? hdfs client works fine with the HA name.
... View more
Labels:
- Labels:
-
Apache Hadoop
-
Apache Hive
10-04-2016
10:47 PM
Hello, I am trying to access hive JDBC through Knox in a secured cluster (kerberos). When accessing them directly, it works fine. I am able to connect with hiveserver directly in HTTP mode passing in kerbeos principal and creating kerberos ticket beeline -u 'jdbc:hive2:/<hive_server>:10001/;transportMode=http;httpPath=cliservice;principal=hive/_HOST@DEV.COM' and access WEBHDFS fine directly connecting to namenode: curl -i --negotiate -u : 'http://<namenode>:50070/webhdfs/v1/?op=LISTSTATUS' Going through Knox gateway (using sample LDAP for simplicity), I get: curl -iku guest:guest-password -X GET 'https://<knox_gateway>:8443/gateway/default/webhdfs/v1/?op=LISTSTATUS' <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 401 Authentication required</title>
</head><body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /webhdfs/v1/.
Reason:<pre> Authentication required</pre></p><hr/><i><small>Powered by Jetty://</small></i><br/> In gateway-audit i do see the request getting translated to the actual internal request but its returning 401. audit|WEBHDFS||||access|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|unavailable|Request method: GET audit|WEBHDFS|guest|||authentication|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|success| audit|WEBHDFS|guest|||authentication|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|success|Groups: [] audit|WEBHDFS|guest|||authorization|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|success| audit|WEBHDFS|guest|||dispatch|uri|http://<name_node>:50070/webhdfs/v1/?op=LISTSTATUS&doAs=guest|unavailable|Request method: GET audit|WEBHDFS|guest|||dispatch|uri|http://<name_node>:50070/webhdfs/v1/?op=LISTSTATUS&doAs=guest|success|Response status: 401 audit|WEBHDFS|guest|||access|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|success|Response status: 401 Similarly in Hive, I can connect to hiveserver directly but when I attempt through knox I get: 16/10/04 22:31:34 [main]: ERROR jdbc.HiveConnection: Error opening sessionorg.apache.thrift.transport.TTransportException: HTTP Response code: 401 In Hive server logs: 2016-10-04 22:31:34,063 INFO [HiveServer2-HttpHandler-Pool: Thread-299]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(398)) - Failed to authenticate with http/_HOST kerberos principal, trying with hive/_HOST kerberos principal 2016-10-04 22:31:34,063 ERROR [HiveServer2-HttpHandler-Pool: Thread-299]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doKerberosAuth(406)) - Failed to authenticate with hive/_HOST kerberos principal 2016-10-04 22:31:34,064 ERROR [HiveServer2-HttpHandler-Pool: Thread-299]: thrift.ThriftHttpServlet (ThriftHttpServlet.java:doPost(209)) - Error: org.apache.hive.service.auth.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:407) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:159) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:565) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) at org.eclipse.jetty.server.Server.handle(Server.java:349) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:952) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.reflect.UndeclaredThrowableException at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1742) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:404) ... 23 more Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Authorization header received from the client is empty. at org.apache.hive.service.cli.thrift.ThriftHttpServlet.getAuthHeader(ThriftHttpServlet.java:548) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.access$100(ThriftHttpServlet.java:74) at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:449) at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:412) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724) ... 24 more FYI I have: hadoop.proxyuser.knox.hosts=<knox_gateway>hadoop.proxyuser.knox.groups=* Thanks for any help!
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Knox
09-28-2016
07:20 PM
they are - i use the same credentials for the UI's that go through knox gateway, also in knoxgateway log i see:
2016-09-28 19:19:06,039 INFO hadoop.gateway (AclsAuthorizationFilter.java:doFilter(85)) - Access Granted: true
... View more
09-28-2016
06:24 PM
@skothari Getting the below: 16/09/28 18:23:43 [main]: ERROR jdbc.HiveConnection: Error opening session org.apache.thrift.transport.TTransportException: HTTP Response code: 401 at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:262) at org.apache.thrift.transport.THttpClient.flush(THttpClient.java:313) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62) at org.apache.hive.service.cli.thrift.TCLIService$Client.send_OpenSession(TCLIService.java:154) at org.apache.hive.service.cli.thrift.TCLIService$Client.OpenSession(TCLIService.java:146) at org.apache.hive.jdbc.HiveConnection.openSession(HiveConnection.java:552) at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:170) at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) at java.sql.DriverManager.getConnection(DriverManager.java:571) at java.sql.DriverManager.getConnection(DriverManager.java:187) at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:146) at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:211) at org.apache.hive.beeline.Commands.connect(Commands.java:1190) at org.apache.hive.beeline.Commands.connect(Commands.java:1086) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:52) at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:989) at org.apache.hive.beeline.BeeLine.execute(BeeLine.java:832) at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:790) at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:490) at org.apache.hive.beeline.BeeLine.main(BeeLine.java:473) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.hadoop.util.RunJar.run(RunJar.java:233) at org.apache.hadoop.util.RunJar.main(RunJar.java:148)
HTTP Response code: 401 (state=08S01,code=0)
... View more
09-28-2016
04:26 PM
Hello, I am trying to connect to hive server JDBC through knox that has kerberos authentication. I was able to connect through knox but after enabling kerberos im having some issues. Prior to kerberos this worked: jdbc:hive2://<knox_host>:8443/;ssl=true;sslTrustStore=/knox/gateway.jks;trustStorePassword=knox?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive connecting directly without knox: !connect jdbc:hive2://<hiveserver_hist>:10001/default;principal=hive/_HOST@REALM.COM;transportMode=http;httpPath=cliservice I've tried many different jdbc connection string combinations with no success. Is the principal=hive/_HOST@REALM.COM required? Last i tried was: jdbc:hive2://<knox_host>:8443/;ssl=false;httpPath=gateway/default/hive;transportMode=http;sslTrustStore=/knox/gateway.jks;trustStorePassword=knox Which gave me: org.apache.thrift.transport.TTransportException: org.apache.http.NoHttpResponseException: ec2-54-85-108-57.compute-1.amazonaws.com:8443 failed to respond
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Knox
09-27-2016
06:18 PM
1 Kudo
Hello, I've created an HDF instance that authenticates with LDAP, the initial admin was setup using a SSL certificate so I can get into the NiFi console as the admin user. I am trying to grant access to another non-admin user and getting the below error when trying to login from another host that does not have certificate: 2016-09-27 17:56:55,897 INFO [NiFi Web Server-28] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for cn=test user,ou=users,dc=hadoop,dc=com
2016-09-27 17:56:55,898 INFO [NiFi Web Server-28] o.a.n.w.a.c.AccessDeniedExceptionMapper cn=test user,ou=users,dc=hadoop,dc=com does not have permission to access the requested resource. Returning Forbidden response. It looks like its authenticating fine with my LDAP server but running to issues with authorization. In the NiFi console i've created that user, "cn=test user,ou=users,dc=hadoop,dc=com" and granted access policy to "view the component. Here is login-identity provider: <property name="User Search Base">OU=users,DC=hadoop,DC=com</property> <property name="User Search Filter">uid={0}</property> and the results of ldapsearch: # test user, users, instream.com dn: cn=test user,ou=users,dc=hadoop,dc=com uid: tuser Am I creating the user incorrectly in NiFi or require any additional settings in nifi.properties? Thanks
... View more
Labels:
- Labels:
-
Apache NiFi
09-26-2016
09:05 PM
The Nifi team has identified and issue with Hive scripts causing this processor to hang. Basically these hive commands are running Mapreduce or Tez jobs that are producing a lot of standard out which is being returned to the NiFi processor. If the amount of stdout or sterr returned gets large the processor can hang. To prevent this from happening, we recommend adding the “-S” option to hive commands or “—silent=true” to beeline commands that are executed using the NiFi script processors.
... View more