[jira] [Updated] (HIVE-28220) Jdbc connection always fails when retrying in zookeeper service discovery mode with kerberos.

Thu, 25 Apr 2024 23:26:09 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-28220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zhen Wang updated HIVE-28220:
-----------------------------
    Description: 
When jdbc connection is retried, the principal of the next server is ignored, 
causing kerberos authentication of retried connection to always fail.

 

[https://github.com/apache/hive/blob/4614ce72a7f366674d89a3a78f687e419400cb89/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java#L372]

 

error detail:
{code:java}
Exception in thread "main" java.sql.SQLException: Could not open client 
transport for any of the Server URI's in ZooKeeper: Peer indicated failure: GSS 
initiate failed
    at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:256)
    at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:270)
    at org.example.Test6$.main(Test6.scala:20)
    at org.example.Test6.main(Test6.scala)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated 
failure: GSS initiate failed
    at 
org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:277)
    at 
org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
    at 
org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:51)
    at 
org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:48)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
    at 
org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport.open(TUGIAssumingTransport.java:48)
    at 
org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:343)
    at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:228)
    ... 5 more {code}

  was:
When jdbc connection is retried, the principal of the next server is ignored, 
causing kerberos authentication of retried connection to always fail.

 

[https://github.com/apache/hive/blob/4614ce72a7f366674d89a3a78f687e419400cb89/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java#L372]

 

error detail:

```

Exception in thread "main" java.sql.SQLException: Could not open client 
transport for any of the Server URI's in ZooKeeper: Peer indicated failure: GSS 
initiate failed
    at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:256)
    at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:270)
    at org.example.Test6$.main(Test6.scala:20)
    at org.example.Test6.main(Test6.scala)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated 
failure: GSS initiate failed
    at 
org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:277)
    at 
org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
    at 
org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:51)
    at 
org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:48)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
    at 
org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport.open(TUGIAssumingTransport.java:48)
    at 
org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:343)
    at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:228)
    ... 5 more

```


> Jdbc connection always fails when retrying in zookeeper service discovery 
> mode with kerberos.
> ---------------------------------------------------------------------------------------------
>
>                 Key: HIVE-28220
>                 URL: https://issues.apache.org/jira/browse/HIVE-28220
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 3.1.2, 4.0.0
>            Reporter: Zhen Wang
>            Priority: Major
>
> When jdbc connection is retried, the principal of the next server is ignored, 
> causing kerberos authentication of retried connection to always fail.
>  
> [https://github.com/apache/hive/blob/4614ce72a7f366674d89a3a78f687e419400cb89/jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java#L372]
>  
> error detail:
> {code:java}
> Exception in thread "main" java.sql.SQLException: Could not open client 
> transport for any of the Server URI's in ZooKeeper: Peer indicated failure: 
> GSS initiate failed
>     at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:256)
>     at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:107)
>     at java.sql.DriverManager.getConnection(DriverManager.java:664)
>     at java.sql.DriverManager.getConnection(DriverManager.java:270)
>     at org.example.Test6$.main(Test6.scala:20)
>     at org.example.Test6.main(Test6.scala)
> Caused by: org.apache.thrift.transport.TTransportException: Peer indicated 
> failure: GSS initiate failed
>     at 
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
>     at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:277)
>     at 
> org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
>     at 
> org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:51)
>     at 
> org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:48)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at javax.security.auth.Subject.doAs(Subject.java:422)
>     at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
>     at 
> org.apache.hadoop.hive.metastore.security.TUGIAssumingTransport.open(TUGIAssumingTransport.java:48)
>     at 
> org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:343)
>     at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:228)
>     ... 5 more {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to