当我使用zeppelin0.8.1通过kerberos连接hive时,不起作用,出现以下问题。
ERROR [2019-07-25 03:46:19,513] ({pool-2-thread-2} JDBCInterpreter.java[open]:197) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.
WARN [2019-07-25 03:46:19,524] ({pool-2-thread-2} JDBCInterpreter.java[appendProxyUserToURL]:494) - User impersonation for hive has changed please refer: http://zeppe
lin.apache.org/docs/latest/interpreter/jdbc.html#apache-hive
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 1 time(s).
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 2 time(s).
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 3 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 4 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 5 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 6 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 7 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 8 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 9 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 10 time(s).
ERROR [2019-07-25 03:46:19,841] ({pool-3-thread-1} KerberosInterpreter.java[call]:146) - runKerberosLogin failed for max attempts, calling close interpreter.
INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/[email protected] using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false
INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:324) - Supplied authorities: sdwsmn1:10000
INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:443) - Resolved authority: sdwsmn1:10000
ERROR [2019-07-25 03:46:20,174] ({pool-2-thread-2} TSaslTransport.java[open]:313) - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:229)
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:184)
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363)
at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:410)
at org.apache.zeppelin.jdbc.JDBCInterpreter.access$000(JDBCInterpreter.java:91)
at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:459)
at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:456)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:456)
at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:673)
at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:801)
at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:103)
at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:633)
at org.apache.zeppelin.scheduler.Job.run(Job.java:188)
at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 43 more
我尝试寻找这个问题的答案,解决办法是使用 kinit 命令登录 kerberos 或者提供 keytab 文件登录获取 ticket。我查看了日志文件和 zeppelin 源码,发现 zeppelin 使用 keytab 登录成功,但是没有获取到 ticket。
INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/[email protected] using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false
下面是我的 zeppelin hive 解释器的配置:
default.driver=org.apache.hive.jdbc.HiveDriver
default.url=jdbc:hive2://sdwsmn1:10000/default;principal=hive/[email protected];
zeppelin.jdbc.auth.type=KERBEROS
zeppelin.jdbc.keytab.location=/usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab
zeppelin.jdbc.principal=hive/[email protected]
我使用的集群是CDH6.2.0,jdk版本是1.8.0_131,现在不知道怎么解决这个问题,能帮忙解决一下吗,谢谢