Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1392

Hive test connection is failing even if jdbc.url configured is correct in Ranger 0.7.0

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.7.0, 1.0.0, 0.7.1
    • Component/s: Ranger
    • Labels:
      None

      Description

      even if jdbc.url is correct then also ranger hive test connection is failing.
      jdbc.url is configured to
      jdbc:hive2://ctr-e127-1486658464320-1453-01-000004.hwx.site:2181,ctr-e127-1486658464320-1453-01-000003.hwx.site:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/_HOST@EXAMPLE.COM;transportMode=http;httpPath=cliservice;ssl=true;sslTrustStore=/etc/security/serverKeys/hivetruststore.jks;trustStorePassword=changeit
      but during test connection it gives error:

      org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance..
      Unable to connect to Hive Thrift Server instance..
      Could not establish connection to jdbc:hive2://ctr-e127-1486658464320-1453-01-000004.hwx.site:10001/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/_HOST@EXAMPLE.COM;transportMode=http;httpPath=cliservice;ssl=true;sslTrustStore=/etc/security/serverKeys/hivetruststore.jks;trustStorePassword=changeit: org.apache.hive.org.apache.http.client.ClientProtocolException.
      org.apache.hive.org.apache.http.client.ClientProtocolException.
      java.lang.RuntimeException: class org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback not org.apache.hive.org.apache.hadoop.security.GroupMappingServiceProvider.
      class org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback not org.apache.hive.org.apache.hadoop.security.GroupMappingServiceProvider.

      problem is during test connection hiveserver2 url is used dbc:hive2://ctr-e127-1486658464320-1453-01-000004.hwx.site:10001/; and servicediscovery mode is zookeeper,
      tried to connect manually to this url , it failed due to same error, but when remove zookeeper service discovery parameter then i was able to connect using beeline.
      so it seems somewhere this url is being modified.

      This happens in non WE clusters as well. Though the error is somewhat different:
      2017-02-16 00:24:23,432 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:125) - Init Lookup Login: security enabled, using lookupPrincipal/lookupKeytab
      2017-02-16 00:24:23,436 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:67) - Secured Mode: JDBC Connection done with preAuthenticated Subject

      2017-02-16 00:24:23,481 [timed-executor-pool-0] ERROR apache.ranger.services.hive.client.HiveClient (HiveClient.java:433) - Unable to Connect to Hive
      org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance
      at org.apache.ranger.services.hive.client.HiveClient.initConnection(HiveClient.java:549)

      As per Ramesh Mani:
      Issue being this class org.apache.hive.org.apache.hadoop.security.GroupMappingServiceProvider from hive-jdbc-1.2.1000.2.6.0.0-*-standalone.jar is getting loaded by ranger class-loader where as org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback is loaded by Tomcat class-loader.
      One way to fix is to pack hive-jdbc-1.2.1000.2.6.0.0-standalone.jar in /usr/hdp/2.6.0.0/ranger-admin/ews/webapp/WEB-INF/lib so the type issue will be resolved.

        Attachments

          Activity

            People

            • Assignee:
              spolavarapu Sailaja Polavarapu
              Reporter:
              deepakhuawei Deepak Sharma
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: