0
When I use zeppelin0.8.1 to connect hive with kerberos, it doesn't work, the following problem occurs.
ERROR [2019-07-25 03:46:19,513] ({pool-2-thread-2} JDBCInterpreter.java[open]:197) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.
WARN [2019-07-25 03:46:19,524] ({pool-2-thread-2} JDBCInterpreter.java[appendProxyUserToURL]:494) - User impersonation for hive has changed please refer: http://zeppe
lin.apache.org/docs/latest/interpreter/jdbc.html#apache-hive
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 1 time(s).
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 2 time(s).
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 3 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 4 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 5 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 6 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 7 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 8 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 9 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 10 time(s).
ERROR [2019-07-25 03:46:19,841] ({pool-3-thread-1} KerberosInterpreter.java[call]:146) - runKerberosLogin failed for max attempts, calling close interpreter.
INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/sdwsdn2@DWSP.COM using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false
INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:324) - Supplied authorities: sdwsmn1:10000
INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:443) - Resolved authority: sdwsmn1:10000
ERROR [2019-07-25 03:46:20,174] ({pool-2-thread-2} TSaslTransport.java[open]:313) - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:229)
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:184)
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363)
at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:410)
at org.apache.zeppelin.jdbc.JDBCInterpreter.access$000(JDBCInterpreter.java:91)
at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:459)
at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:456)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:456)
at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:673)
at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:801)
at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:103)
at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:633)
at org.apache.zeppelin.scheduler.Job.run(Job.java:188)
at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 43 more
I tried to find the answer to this question. The solution is to use the kinit command to log in to kerberos or provide a keytab file to log in to get the ticket.I looked at the log file and the zeppelin source and found that zeppelin used the keytab to log in successfully, but did not get the ticket.
INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/sdwsdn2@DWSP.COM using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false
Below is the configuration of my zeppelin hive Interpreter:
default.driver=org.apache.hive.jdbc.HiveDriver
default.url=jdbc:hive2://sdwsmn1:10000/default;principal=hive/sdwsmn1@DWSP.COM;
zeppelin.jdbc.auth.type=KERBEROS
zeppelin.jdbc.keytab.location=/usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab
zeppelin.jdbc.principal=hive/sdwsdn2@DWSP.COM
The cluster I am using is CDH6.2.0 and the jdk version is 1.8.0_131.I don't know how to solve this problem now. can you help me? Thanks.
Although it says "Login successful", I wonder why there are 10 lines saying "runKerberosLogin failed" just before that – user1686 – 2019-07-25T09:48:52.077