java - 无法使用来自集群外部机器(Windows)的 java 类的 JDBC 连接到 Kerberized HIVE/hadoop 集群(linux)
问题描述
我有一个 HIVE/hadoop 集群,我可以在节点上使用 beeline 连接到表并从表中检索数据 beeline -u "jdbc:hive2://xxxxx02:10000/default;principal=hive/_HOST@DEV.HADOOP.XXXX .COM",在使用 kinit 生成 Kerberos 票证之后。
任何帮助是极大的赞赏 !
当我尝试在 java 类中使用 apache JDBC 时,我无法连接同一个集群
- Eclipse 是我在 Windows 机器上的 IDE。
- 我正在使用 Hive JDBC 驱动程序
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-jdbc</artifactId>
<version>3.1.2</version>
</dependency>
- 集群上的 Hive 版本:
$ rpm -qa|grep hadoop
hadoop_2_6_0_3_8-yarn-2.7.3.2.6.0.3-8
hadoop_2_6_0_3_8-libhdfs-2.7.3.2.6.0.3-8
teradata-connector-1.4.3-hadoop2.x
ambari-metrics-hadoop-sink-2.5.0.3-7
hadoop_2_6_0_3_8-mapreduce-2.7.3.2.6.0.3-8
teradata-hadoop-tools-2.16.12.48-1
teradata-hadoop-builder-2.6.25.22-1
hadoop_2_6_0_3_8-2.7.3.2.6.0.3-8
hadoop_2_6_0_3_8-client-2.7.3.2.6.0.3-8
hadoop_2_6_0_3_8-hdfs-2.7.3.2.6.0.3-8
我已经从节点生成了一个 keytab 文件并复制到我正在运行 Java 类的 Windows 机器上
这是代码`
try {
Class.forName("org.apache.hive.jdbc.HiveDriver");
System.setProperty("sun.security.jgss.debug", "true");
System.setProperty("java.security.auth.login.config", "jaas1.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
System.setProperty("java.security.krb5.conf", "krb5.ini");
System.out.println("Connecting...");
Connection con = DriverManager.getConnection(
"jdbc:hive2://xxx02.xxx.com:10000/default;principal=hive/xxx02.xxx.com@DEV.HADOOP.XXXX.COM;");
System.out.println("...Connected");
con.close();
} catch (ClassNotFoundException e) {
logger.error("Driver not found");
} catch (Exception e) {
e.printStackTrace();
}
- jaas1.conf 和 krb5.ini 位于 Eclipse 根项目文件夹中。
jaas1.conf 如下:
> Client {
> com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true
> keyTab=”c:\users\shiredd\spr.keytab”
> principal="shiredd@ABC.COM"
> doNotPrompt=true;
> };
- 错误是:
connecting...
Search Subject for Kerberos V5 INIT cred (<<DEF>>, sun.security.jgss.krb5.Krb5InitCredential)
15686 [WARN] HiveConnection: Failed to connect to xxx02.abc.com:10000
java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://xxx02.abc.com:10000/default;principal=hive/xxxx02.abc.com@DEV.HADOOP.ABC.COM;: java.io.IOException: Configuration Error:
Line 4: expected [option key], found [null]
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:256)
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at ca.loblaw.eiBuildingBlocks.HiveJDBCOverHTTP.main(HiveJDBCOverHTTP.java:36)
Caused by: java.lang.SecurityException: java.io.IOException: Configuration Error:
Line 4: expected [option key], found [null]
at sun.security.provider.ConfigFile$Spi.<init>(Unknown Source)
at sun.security.provider.ConfigFile.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at javax.security.auth.login.Configuration$2.run(Unknown Source)
at javax.security.auth.login.Configuration$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Unknown Source)
at sun.security.jgss.LoginConfigImpl$1.run(Unknown Source)
at sun.security.jgss.LoginConfigImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.LoginConfigImpl.<init>(Unknown Source)
at sun.security.jgss.GSSUtil.login(Unknown Source)
at sun.security.jgss.krb5.Krb5Util.getInitialTicket(Unknown Source)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)
at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Unknown Source)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown Source)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:51)
at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:48)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1190)
at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport.open(TUGIAssumingTransport.java:48)
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:343)
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:228)
... 4 more
Caused by: java.io.IOException: Configuration Error:
Line 4: expected [option key], found [null]
at sun.security.provider.ConfigFile$Spi.ioException(Unknown Source)
at sun.security.provider.ConfigFile$Spi.match(Unknown Source)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(Unknown Source)
at sun.security.provider.ConfigFile$Spi.readConfig(Unknown Source)
at sun.security.provider.ConfigFile$Spi.init(Unknown Source)
at sun.security.provider.ConfigFile$Spi.init(Unknown Source)
... 43 more**
解决方案
推荐阅读
- apache - 带有 Plesk 的 Django 部署问题“没有配置名为 '<>' 的 WSGI 守护进程”
- java - 删除给定节点之前的节点
- javascript - 空数组的串联如何防止排序突变?
- javascript - XMLHttpRequest 调用不返回任何内容
- android - 使用 json 在两个微调器中填充省和市
- c - 这里发生了什么,Buffer-Overflow 跳过了几个字节
- node.js - 如何使用 Google Calendar API 和 NodeJS 列出用户的可用日历
- java - 在 JSONArray 中获取长度未知的 JSONArray
- html - FontAwesome 5 - 多色图标
- azure - Azure EdgeHub 是否加密 MessageStore 中的消息?