Hadoop 使用SSL的直线查询(配置单元配置错误?)
我在一个拥有Kerberos的集群上玩游戏,以使直线查询工作:Hadoop 使用SSL的直线查询(配置单元配置错误?),hadoop,ssl,hive,kerberos,beeline,Hadoop,Ssl,Hive,Kerberos,Beeline,我在一个拥有Kerberos的集群上玩游戏,以使直线查询工作: beeline -u "jdbc:hive2://server_hive.server.lan:10000/default;principal=hive/server_hive.server.lan@COMPTES.RACINE.LOCAL;AuthMech=1;ssl=true;sslTrustStore=/opt/cloudera/security/jks/cm.truststore;trustStorePassword=XXX
beeline -u "jdbc:hive2://server_hive.server.lan:10000/default;principal=hive/server_hive.server.lan@COMPTES.RACINE.LOCAL;AuthMech=1;ssl=true;sslTrustStore=/opt/cloudera/security/jks/cm.truststore;trustStorePassword=XXXXX" -e "show databases"
Connecting to jdbc:hive2://server_hive.server.lan:10000/default;principal=hive/server_hive.server.lan@COMPTES.RACINE.LOCAL;AuthMech=1;ssl=true;sslTrustStore=/opt/cloudera/security/jks/cm.truststore;trustStorePassword=XXXXX
Unknown HS2 problem when communicating with Thrift server.
Error: Could not open client transport with JDBC Uri: jdbc:hive2://server_hive.server.lan:10000/default;principal=hive/server_hive.server.lan@COMPTES.RACINE.LOCAL;AuthMech=1;ssl=true;sslTrustStore=/opt/cloudera/security/jks/cm.truststore;trustStorePassword=XXXXX: Peer indicated failure: GSS initiate failed (state=08S01,code=0)
No current connection
[HiveServer2-Handler-Pool: Thread-43]: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)]
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:793)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:790)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1776)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:790)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:167)
... 14 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:102)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:281)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829)
... 17 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:408)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:91)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:100)
... 23 more
May 18, 2:28:08.319 PM ERROR org.apache.thrift.server.TThreadPoolServer
[HiveServer2-Handler-Pool: Thread-43]: Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: GSS initiate failed
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:793)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:790)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1776)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:790)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
... 10 more
[HiveServer2处理程序池:线程-43]:SASL协商失败
javax.security.sasl.SaslException:GSS启动失败[由GSSException引起:GSS-API级别未指定的失败(机制级别:校验和失败)]
位于com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
在org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluatechallengeeorresponse上(TSaslTransport.java:539)
位于org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
位于org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
位于org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
位于org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$tugiasumingtransportfactory$1.run(HadoopThriftAuthBridge.java:793)
位于org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$tugiasumingtransportfactory$1.run(HadoopThriftAuthBridge.java:790)
位于java.security.AccessController.doPrivileged(本机方法)
位于javax.security.auth.Subject.doAs(Subject.java:360)
位于org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1776)
在org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$tugiasumingtransportfactory.getTransport(HadoopThriftAuthBridge.java:790)
位于org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
位于java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
位于java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
运行(Thread.java:745)
原因:GSSExException:GSS-API级别未指定的故障(机制级别:校验和失败)
位于sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856)
位于sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
位于sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
位于com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:167)
... 14多
原因:krbeexception:校验和失败
位于sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:102)
位于sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:94)
位于sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
位于sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:281)
位于sun.security.krb5.KrbApReq.(KrbApReq.java:149)
位于sun.security.jgss.krb5.InitSecContextToken。(InitSecContextToken.java:108)
位于sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829)
... 还有17个
原因:java.security.GeneralSecurityException:校验和失败
位于sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:408)
位于sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:91)
位于sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:100)
... 23多
5月18日下午2:28:08.319错误org.apache.thrift.server.TThreadPoolServer
[HiveServer2处理程序池:线程-43]:处理消息期间出错。
java.lang.RuntimeException:org.apache.thrift.transport.ttTransportException:GSS启动失败
位于org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
位于org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$tugiasumingtransportfactory$1.run(HadoopThriftAuthBridge.java:793)
位于org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$tugiasumingtransportfactory$1.run(HadoopThriftAuthBridge.java:790)
位于java.security.AccessController.doPrivileged(本机方法)
位于javax.security.auth.Subject.doAs(Subject.java:360)
位于org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1776)
在org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$tugiasumingtransportfactory.getTransport(HadoopThriftAuthBridge.java:790)
位于org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
位于java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
位于java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
运行(Thread.java:745)
原因:org.apache.thrift.transport.ttTransportException:GSS启动失败
位于org.apache.thrift.transport.TSaslTransport.sendanthrowMessage(TSaslTransport.java:232)
位于org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
位于org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
位于org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
... 10多
请说明什么可以生成校验和失败?好的,经过一些研究,设置了一个配置单元负载平衡器。因此,当设置负载平衡器时,它只侦听虚拟IP,您不能再直接向配置单元服务器发出请求 因此,如果您设置虚拟IP,您必须查询VIP,而不是其他主机
或者,您必须删除VIP才能直接查询Hives服务器。您可以按以下操作吗