search

apache / seatunnel

SeaTunnel is a next-generation super high-performance, distributed, massive data integration tool.
https://seatunnel.apache.org/
Apache License 2.0
8.08k stars 1.83k forks source link

hivejdbc error,Unable to pass kerberos authentication #7802

Closed mengflow closed 1 week ago

mengflow commented 1 month ago

Search before asking

What happened

hivejdbc error,Unable to pass kerberos authentication

SeaTunnel Version

seatunnel 2.3.6

SeaTunnel Config

# Defining the runtime environment
env {
  parallelism = 2
  job.mode = "BATCH"
}
source{
    Jdbc {
        url = "jdbc:hive2://bigdata-hdp-01:10000/default;principal=ae/_HOST@HADOOP.COM"
        driver = "org.apache.hive.jdbc.HiveDriver"
        connection_check_timeout_sec = 100
        query = "select * from test_hive_source limit 16"
        useKerberos = true
        kerberos_keytab_path = "/opt/ahdp/hive/conf/security/keytabs/hive.service.keytab"
        kerberos_principal = "hdper/ae@HADOOP.COM"
        krb5_path = "/etc/krb5.conf"
    }
}

sink {
    Console {}
}

Running Command

apache-seatunnel-2.3.6/bin/seatunnel.sh --config apache-seatunnel-2.3.6/config/mqx/hive2hive.conf  -e local

Error Exception

2024-10-09 15:17:58,823 ERROR [o.a.t.t.TSaslTransport        ] [main] - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) ~[?:1.8.0_402-402]
        at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:96) ~[hive-exec-4.0.0.jar:4.0.0]
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:238) ~[hive-exec-4.0.0.jar:4.0.0]
        at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:39) ~[hive-exec-4.0.0.jar:4.0.0]
        at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:51) ~[hive-exec-4.0.0.jar:4.0.0]
        at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:48) ~[hive-exec-4.0.0.jar:4.0.0]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_402-402]
        at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_402-402]
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1729) ~[seatunnel-hadoop3-3.1.4-uber.jar:2.3.6]
        at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport.open(TUGIAssumingTransport.java:48) ~[hive-exec-4.0.0.jar:4.0.0]
        at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:512) ~[hive-jdbc-4.0.0.jar:4.0.0]
        at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:382) ~[hive-jdbc-4.0.0.jar:4.0.0]
        at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:285) ~[hive-jdbc-4.0.0.jar:4.0.0]
        at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:94) ~[hive-jdbc-4.0.0.jar:4.0.0]
        at org.apache.seatunnel.connectors.seatunnel.jdbc.internal.dialect.hive.HiveJdbcConnectionProvider$HiveConnectionProduceFunction.produce(HiveJdbcConnectionProvider.java:101) ~[connector-jdbc-2.3.6.jar:2.3.6]
        at org.apache.seatunnel.connectors.seatunnel.jdbc.internal.dialect.hive.HiveJdbcConnectionProvider.getOrEstablishConnection(HiveJdbcConnectionProvider.java:54) ~[connector-jdbc-2.3.6.jar:2.3.6]
        at org.apache.seatunnel.connectors.seatunnel.jdbc.utils.JdbcCatalogUtils.getConnection(JdbcCatalogUtils.java:377) ~[connector-jdbc-2.3.6.jar:2.3.6]
        at org.apache.seatunnel.connectors.seatunnel.jdbc.utils.JdbcCatalogUtils.getTables(JdbcCatalogUtils.java:129) ~[connector-jdbc-2.3.6.jar:2.3.6]
        at org.apache.seatunnel.connectors.seatunnel.jdbc.source.JdbcSource.<init>(JdbcSource.java:57) ~[connector-jdbc-2.3.6.jar:2.3.6]
        at org.apache.seatunnel.connectors.seatunnel.jdbc.source.JdbcSourceFactory.lambda$createSource$0(JdbcSourceFactory.java:80) ~[connector-jdbc-2.3.6.jar:2.3.6]
        at org.apache.seatunnel.api.table.factory.FactoryUtil.createAndPrepareSource(FactoryUtil.java:113) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.api.table.factory.FactoryUtil.createAndPrepareSource(FactoryUtil.java:74) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.engine.core.parse.MultipleTableJobConfigParser.parseSource(MultipleTableJobConfigParser.java:361) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.engine.core.parse.MultipleTableJobConfigParser.parse(MultipleTableJobConfigParser.java:209) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.engine.client.job.ClientJobExecutionEnvironment.getLogicalDag(ClientJobExecutionEnvironment.java:114) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.engine.client.job.ClientJobExecutionEnvironment.execute(ClientJobExecutionEnvironment.java:182) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.core.starter.seatunnel.command.ClientExecuteCommand.execute(ClientExecuteCommand.java:158) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.core.starter.SeaTunnel.run(SeaTunnel.java:40) [seatunnel-starter.jar:2.3.6]
        at org.apache.seatunnel.core.starter.seatunnel.SeaTunnelClient.main(SeaTunnelClient.java:34) [seatunnel-starter.jar:2.3.6]
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162) ~[?:1.8.0_402-402]
        at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) ~[?:1.8.0_402-402]
        at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:189) ~[?:1.8.0_402-402]
        at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218) ~[?:1.8.0_402-402]
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) ~[?:1.8.0_402-402]
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ~[?:1.8.0_402-402]
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) ~[?:1.8.0_402-402]
        ... 28 more

Exception in thread "main" org.apache.seatunnel.core.starter.exception.CommandExecuteException: SeaTunnel job executed failed
        at org.apache.seatunnel.core.starter.seatunnel.command.ClientExecuteCommand.execute(ClientExecuteCommand.java:211)
        at org.apache.seatunnel.core.starter.SeaTunnel.run(SeaTunnel.java:40)
        at org.apache.seatunnel.core.starter.seatunnel.SeaTunnelClient.main(SeaTunnelClient.java:34)
Caused by: org.apache.seatunnel.api.table.factory.FactoryException: ErrorCode:[API-06], ErrorDescription:[Factory initialize failed] - Unable to create a source for identifier 'Jdbc'.
        at org.apache.seatunnel.api.table.factory.FactoryUtil.createAndPrepareSource(FactoryUtil.java:101)
        at org.apache.seatunnel.engine.core.parse.MultipleTableJobConfigParser.parseSource(MultipleTableJobConfigParser.java:361)
        at org.apache.seatunnel.engine.core.parse.MultipleTableJobConfigParser.parse(MultipleTableJobConfigParser.java:209)
        at org.apache.seatunnel.engine.client.job.ClientJobExecutionEnvironment.getLogicalDag(ClientJobExecutionEnvironment.java:114)
        at org.apache.seatunnel.engine.client.job.ClientJobExecutionEnvironment.execute(ClientJobExecutionEnvironment.java:182)
        at org.apache.seatunnel.core.starter.seatunnel.command.ClientExecuteCommand.execute(ClientExecuteCommand.java:158)
        ... 2 more
Caused by: java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://bigdata-hdp-01:10000/default;principal=hive/_HOST@HADOOP.COM: GSS initiate failed
        at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:420)
        at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:285)
        at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:94)
        at org.apache.seatunnel.connectors.seatunnel.jdbc.internal.dialect.hive.HiveJdbcConnectionProvider$HiveConnectionProduceFunction.produce(HiveJdbcConnectionProvider.java:101)
        at org.apache.seatunnel.connectors.seatunnel.jdbc.internal.dialect.hive.HiveJdbcConnectionProvider.getOrEstablishConnection(HiveJdbcConnectionProvider.java:54)
        at org.apache.seatunnel.connectors.seatunnel.jdbc.utils.JdbcCatalogUtils.getConnection(JdbcCatalogUtils.java:377)
        at org.apache.seatunnel.connectors.seatunnel.jdbc.utils.JdbcCatalogUtils.getTables(JdbcCatalogUtils.java:129)
        at org.apache.seatunnel.connectors.seatunnel.jdbc.source.JdbcSource.<init>(JdbcSource.java:57)
        at org.apache.seatunnel.connectors.seatunnel.jdbc.source.JdbcSourceFactory.lambda$createSource$0(JdbcSourceFactory.java:80)
        at org.apache.seatunnel.api.table.factory.FactoryUtil.createAndPrepareSource(FactoryUtil.java:113)
        at org.apache.seatunnel.api.table.factory.FactoryUtil.createAndPrepareSource(FactoryUtil.java:74)
        ... 7 more
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
        at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:199)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:281)
        at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:39)
        at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:51)
        at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:48)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1729)
        at org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport.open(TUGIAssumingTransport.java:48)
        at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:512)
        at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:382)
        ... 17 more

Zeta or Flink or Spark Version

No response

Java or Scala Version

No response

Screenshots

No response

Are you willing to submit PR?

Code of Conduct

arshadmohammad commented 1 month ago

We also encountered this error.

github-actions[bot] commented 3 weeks ago

This issue has been automatically marked as stale because it has not had recent activity for 30 days. It will be closed in next 7 days if no further activity occurs.

github-actions[bot] commented 1 week ago

This issue has been closed because it has not received response for too long time. You could reopen it if you encountered similar problems in the future.