带ssl的直线查询(配置单元配置错误?)

jdgnovmf  于 2021-06-02  发布在  Hadoop
关注(0)|答案(2)|浏览(635)

我正在研究一个集群,该集群使用kerberos进行直线查询:

beeline -u "jdbc:hive2://server_hive.server.lan:10000/default;principal=hive/server_hive.server.lan@COMPTES.RACINE.LOCAL;AuthMech=1;ssl=true;sslTrustStore=/opt/cloudera/security/jks/cm.truststore;trustStorePassword=XXXXX" -e "show databases"

但我有个错误:

Connecting to jdbc:hive2://server_hive.server.lan:10000/default;principal=hive/server_hive.server.lan@COMPTES.RACINE.LOCAL;AuthMech=1;ssl=true;sslTrustStore=/opt/cloudera/security/jks/cm.truststore;trustStorePassword=XXXXX
Unknown HS2 problem when communicating with Thrift server.
Error: Could not open client transport with JDBC Uri: jdbc:hive2://server_hive.server.lan:10000/default;principal=hive/server_hive.server.lan@COMPTES.RACINE.LOCAL;AuthMech=1;ssl=true;sslTrustStore=/opt/cloudera/security/jks/cm.truststore;trustStorePassword=XXXXX: Peer indicated failure: GSS initiate failed (state=08S01,code=0)
No current connection

我真的不知道怎么了。它在另一个集群上工作,但不是在这个集群上。Hive日志说:

[HiveServer2-Handler-Pool: Thread-43]: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)]
    at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
    at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
    at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
    at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
    at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:793)
    at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:790)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:360)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1776)
    at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:790)
    at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
    at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:167)
    ... 14 more
Caused by: KrbException: Checksum failed
    at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:102)
    at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:94)
    at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
    at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:281)
    at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149)
    at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829)
    ... 17 more
Caused by: java.security.GeneralSecurityException: Checksum failed
    at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:408)
    at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:91)
    at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:100)
    ... 23 more
May 18, 2:28:08.319 PM  ERROR   org.apache.thrift.server.TThreadPoolServer  
[HiveServer2-Handler-Pool: Thread-43]: Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: GSS initiate failed
    at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
    at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:793)
    at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:790)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:360)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1776)
    at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:790)
    at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
    at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
    at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
    at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
    ... 10 more

请问什么可以生成校验和失败?

wgxvkvu9

wgxvkvu91#

好的,经过一些研究,一个配置单元负载平衡器被设置好了。因此,当设置负载平衡器时,它只侦听虚拟ip,您不能再直接向配置单元服务器请求。
因此,如果您设置虚拟ip,您必须查询vip,而不是其他主机。
或者您必须删除vip才能直接查询配置单元服务器。

vfwfrxfs

vfwfrxfs2#

你能按以下步骤做吗
输入
bash中的直线
输入
!连接jdbc:hive2://server\u hive.server。lan:10000/;主体=hive/server\u hive.server。lan@comptes.racine.local
要查看它,请输入用户名

相关问题