zeppelin Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

0

When I use zeppelin0.8.1 to connect hive with kerberos, it doesn't work, the following problem occurs.

ERROR [2019-07-25 03:46:19,513] ({pool-2-thread-2} JDBCInterpreter.java[open]:197) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.
 WARN [2019-07-25 03:46:19,524] ({pool-2-thread-2} JDBCInterpreter.java[appendProxyUserToURL]:494) - User impersonation for hive has changed please refer: http://zeppe
lin.apache.org/docs/latest/interpreter/jdbc.html#apache-hive
 INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 1 time(s).
 INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 2 time(s).
 INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 3 time(s).
 INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 4 time(s).
 INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 5 time(s).
 INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 6 time(s).
 INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 7 time(s).
 INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 8 time(s).
 INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 9 time(s).
 INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 10 time(s).
ERROR [2019-07-25 03:46:19,841] ({pool-3-thread-1} KerberosInterpreter.java[call]:146) - runKerberosLogin failed for  max attempts, calling close interpreter.
 INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/sdwsdn2@DWSP.COM using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false
 INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:324) - Supplied authorities: sdwsmn1:10000
 INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:443) - Resolved authority: sdwsmn1:10000
ERROR [2019-07-25 03:46:20,174] ({pool-2-thread-2} TSaslTransport.java[open]:313) - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
        at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
        at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
        at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
        at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
        at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
        at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:229)
        at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:184)
        at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:208)
        at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
        at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
        at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861)
        at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435)
        at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363)
        at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:270)
        at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:410)
        at org.apache.zeppelin.jdbc.JDBCInterpreter.access$000(JDBCInterpreter.java:91)
        at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:459)
        at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:456)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
        at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:456)
        at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:673)
        at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:801)
        at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:103)
        at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:633)
        at org.apache.zeppelin.scheduler.Job.run(Job.java:188)
        at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:748)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
        at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
        at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
        at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
        ... 43 more

I tried to find the answer to this question. The solution is to use the kinit command to log in to kerberos or provide a keytab file to log in to get the ticket.I looked at the log file and the zeppelin source and found that zeppelin used the keytab to log in successfully, but did not get the ticket.

INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/sdwsdn2@DWSP.COM using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false

Below is the configuration of my zeppelin hive Interpreter:

default.driver=org.apache.hive.jdbc.HiveDriver
default.url=jdbc:hive2://sdwsmn1:10000/default;principal=hive/sdwsmn1@DWSP.COM;
zeppelin.jdbc.auth.type=KERBEROS
zeppelin.jdbc.keytab.location=/usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab
zeppelin.jdbc.principal=hive/sdwsdn2@DWSP.COM

The cluster I am using is CDH6.2.0 and the jdk version is 1.8.0_131.I don't know how to solve this problem now. can you help me? Thanks.

user1067281

Posted 2019-07-25T09:32:57.343

Reputation: 1

Although it says "Login successful", I wonder why there are 10 lines saying "runKerberosLogin failed" just before that – user1686 – 2019-07-25T09:48:52.077

No answers

Asked: 2019-07-25T09:32:57.343

Viewed: 152 times

Active: 2019-07-25T09:32:57.343