..png)
zeppelin0.8.1을 사용하여 Hive를 Kerberos와 연결하면 작동하지 않고 다음과 같은 문제가 발생합니다.
ERROR [2019-07-25 03:46:19,513] ({pool-2-thread-2} JDBCInterpreter.java[open]:197) - zeppelin will be ignored. driver.zeppelin and zeppelin.url is mandatory.
WARN [2019-07-25 03:46:19,524] ({pool-2-thread-2} JDBCInterpreter.java[appendProxyUserToURL]:494) - User impersonation for hive has changed please refer: http://zeppe
lin.apache.org/docs/latest/interpreter/jdbc.html#apache-hive
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 1 time(s).
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 2 time(s).
INFO [2019-07-25 03:46:19,837] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 3 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 4 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 5 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 6 time(s).
INFO [2019-07-25 03:46:19,838] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 7 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 8 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 9 time(s).
INFO [2019-07-25 03:46:19,840] ({pool-3-thread-1} KerberosInterpreter.java[call]:143) - runKerberosLogin failed for 10 time(s).
ERROR [2019-07-25 03:46:19,841] ({pool-3-thread-1} KerberosInterpreter.java[call]:146) - runKerberosLogin failed for max attempts, calling close interpreter.
INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/[email protected] using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false
INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:324) - Supplied authorities: sdwsmn1:10000
INFO [2019-07-25 03:46:20,146] ({pool-2-thread-2} Utils.java[parseURL]:443) - Resolved authority: sdwsmn1:10000
ERROR [2019-07-25 03:46:20,174] ({pool-2-thread-2} TSaslTransport.java[open]:313) - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:229)
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:184)
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363)
at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:410)
at org.apache.zeppelin.jdbc.JDBCInterpreter.access$000(JDBCInterpreter.java:91)
at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:459)
at org.apache.zeppelin.jdbc.JDBCInterpreter$2.run(JDBCInterpreter.java:456)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:456)
at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:673)
at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:801)
at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:103)
at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:633)
at org.apache.zeppelin.scheduler.Job.run(Job.java:188)
at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 43 more
나는 이 질문에 대한 답을 찾으려고 노력했습니다. 해결 방법은 kinit 명령을 사용하여 Kerberos에 로그인하거나 로그인용 keytab 파일을 제공하여 티켓을 얻는 것입니다. 로그 파일과 zeppelin 소스를 살펴보니 zeppelin이 keytab을 사용하여 로그인에 성공했지만 실제로는 그렇지 않았습니다. 티켓을 받지 마세요.
INFO [2019-07-25 03:46:20,060] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:1147) - Login successful for user hive/[email protected] using keytab
file /usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab. Keytab auto renewal enabled : false
다음은 제플린 하이브 인터프리터의 구성입니다.
default.driver=org.apache.hive.jdbc.HiveDriver
default.url=jdbc:hive2://sdwsmn1:10000/default;principal=hive/[email protected];
zeppelin.jdbc.auth.type=KERBEROS
zeppelin.jdbc.keytab.location=/usr/local/zeppelin-0.8.0-bin-all/conf/hive.sdwsdn2.keytab
zeppelin.jdbc.principal=hive/[email protected]
제가 사용하고 있는 클러스터는 CDH6.2.0이고 jdk 버전은 1.8.0_131입니다. 현재 이 문제를 어떻게 해결해야 할지 모르겠습니다. 도와주세요? 감사해요.