Details
-
Question
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
1.10.0
-
None
-
None
Description
I am unable to test Hive sink with Flume on a kerberized cluster, see below exception. Also, I noticed there is no option in Flume user guide to provide a keytab/principal similar to HDFS and HBase sinks. How do we use Hive sink on a kerberized cluster?
2022-07-21T07:39:29,035 ERROR [hive-sink1-call-runner-0] org.apache.thrift.transport.TSaslTransport - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) ~[?:1.8.0_331]
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:96) ~[libthrift-0.14.1.jar:0.14.1]
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:236) [libthrift-0.14.1.jar:0.14.1]
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:39) [libthrift-0.14.1.jar:0.14.1]
at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:51) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:48) [hive-exec-3.1.2.jar:3.1.2]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_331]
at javax.security.auth.Subject.doAs(Subject.java:422) [?:1.8.0_331]
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1729) [hadoop-common-3.1.2.odh.1.0.dfc6dd56066.jar:?]
at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport.open(TUGIAssumingTransport.java:48) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:531) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:225) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.common.HiveClientCache$CacheableHiveMetaStoreClient.<init>(HiveClientCache.java:409) [hive-hcatalog-core-3.1.2.jar:3.1.2]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:1.8.0_331]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:1.8.0_331]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:1.8.0_331]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [?:1.8.0_331]
at org.apache.hadoop.hive.metastore.utils.JavaUtils.newInstance(JavaUtils.java:84) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.<init>(RetryingMetaStoreClient.java:95) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:148) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:133) [hive-exec-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.common.HiveClientCache$5.call(HiveClientCache.java:297) [hive-hcatalog-core-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.common.HiveClientCache$5.call(HiveClientCache.java:292) [hive-hcatalog-core-3.1.2.jar:3.1.2]
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) [guava-11.0.2.jar:?]
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) [guava-11.0.2.jar:?]
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) [guava-11.0.2.jar:?]
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) [guava-11.0.2.jar:?]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) [guava-11.0.2.jar:?]
at com.google.common.cache.LocalCache.get(LocalCache.java:3965) [guava-11.0.2.jar:?]
at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) [guava-11.0.2.jar:?]
at org.apache.hive.hcatalog.common.HiveClientCache.getOrCreate(HiveClientCache.java:292) [hive-hcatalog-core-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.common.HiveClientCache.get(HiveClientCache.java:267) [hive-hcatalog-core-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.common.HCatUtil.getHiveMetastoreClient(HCatUtil.java:569) [hive-hcatalog-core-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.streaming.HiveEndPoint$ConnectionImpl.getMetaStoreClient(HiveEndPoint.java:529) [hive-hcatalog-streaming-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.streaming.HiveEndPoint$ConnectionImpl.<init>(HiveEndPoint.java:327) [hive-hcatalog-streaming-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.streaming.HiveEndPoint$ConnectionImpl.<init>(HiveEndPoint.java:294) [hive-hcatalog-streaming-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.streaming.HiveEndPoint.newConnectionImpl(HiveEndPoint.java:229) [hive-hcatalog-streaming-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.streaming.HiveEndPoint.newConnection(HiveEndPoint.java:206) [hive-hcatalog-streaming-3.1.2.jar:3.1.2]
at org.apache.hive.hcatalog.streaming.HiveEndPoint.newConnection(HiveEndPoint.java:117) [hive-hcatalog-streaming-3.1.2.jar:3.1.2]
at org.apache.flume.sink.hive.HiveWriter$8.call(HiveWriter.java:379) [flume-hive-sink-1.10.0.jar:1.10.0]
at org.apache.flume.sink.hive.HiveWriter$8.call(HiveWriter.java:376) [flume-hive-sink-1.10.0.jar:1.10.0]
at org.apache.flume.sink.hive.HiveWriter$11.call(HiveWriter.java:428) [flume-hive-sink-1.10.0.jar:1.10.0]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_331]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_331]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_331]
at java.lang.Thread.run(Thread.java:750) [?:1.8.0_331]
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:772) ~[?:1.8.0_331]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) ~[?:1.8.0_331]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ~[?:1.8.0_331]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) ~[?:1.8.0_331]
... 45 more