CODEWITHSUNDEEP
hadoophiveooziehortonworks-data-platform
srikanth
srikanth

Reputation: 121

Oozie hive action with kerberos on HDP-1.3.3

I'm trying to execute hive script from oozie hive action on kerberos enabled environment.

Here is my workflow.xml

<action name="hive-to-hdfs">
    <hive xmlns="uri:oozie:hive-action:0.2">
        <job-tracker>${jobTracker}</job-tracker>
        <name-node>${nameNode}</name-node>
        <job-xml>hive-site.xml</job-xml>
        <configuration>
            <property>
                <name>mapred.job.queue.name</name>
                <value>${queueName}</value>
            </property>
        </configuration>
        <script>script.q</script>
        <param>HIVE_EXPORT_TIME=${hiveExportTime}</param>
    </hive>
    <ok to="pass"/>
    <error to="fail"/>

I'm facing issue when trying to connect to hive metastore.

6870 [main] INFO hive.metastore - Trying to connect to metastore with URI thrift://10.0.0.242:9083 Heart beat Heart beat 67016 [main] WARN hive.metastore - set_ugi() not successful, Likely cause: new client talking to old server. Continuing without it. org.apache.thrift.transport.TTransportException: java.net.SocketTimeoutException: Read timed out at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) at org.apache.thrift.transport.TTransport.readAll(TTransport.java:84) at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:378) at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:297)

67018 [main] INFO hive.metastore - Waiting 1 seconds before next connection attempt. 68018 [main] INFO hive.metastore - Connected to metastore. Heart beat Heart beat 128338 [main] WARN org.apache.hadoop.hive.metastore.RetryingMetaStoreClient - MetaStoreClient lost connection. Attempting to reconnect. org.apache.thrift.transport.TTransportException: java.net.SocketTimeoutException: Read timed out at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) at org.apache.thrift.transport.TTransport.readAll(TTransport.java:84) at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:378) at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:297)

129339 [main] INFO hive.metastore - Trying to connect to metastore with URI thrift://10.0.0.242:9083 Heart beat Heart beat 189390 [main] WARN hive.metastore - set_ugi() not successful, Likely cause: new client talking to old server. Continuing without it. org.apache.thrift.transport.TTransportException: java.net.SocketTimeoutException: Read timed out at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) at org.apache.thrift.transport.TTransport.readAll(TTransport.java:84) at org.apache.thrift.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:378) at org.apache.thrift.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:297)

189391 [main] INFO hive.metastore - Waiting 1 seconds before next connection attempt. 190391 [main] INFO hive.metastore - Connected to metastore. Heart beat Heart beat 250449 [main] ERROR org.apache.hadoop.hive.ql.parse.SemanticAnalyzer - org.apache.hadoop.hive.ql.metadata.HiveException: Unable to fetch table SESSION_MASTER at org.apache.hadoop.hive.ql.metadata.Hive.getTable(Hive.java:953) at org.apache.hadoop.hive.ql.metadata.Hive.getTable(Hive.java:887) at org.apache.hadoop.hive.ql.parse.SemanticAnalyzer.getMetaData(SemanticAnalyzer.java:1083) at org.apache.hadoop.hive.ql.parse.SemanticAnalyzer.getMetaData(SemanticAnalyzer.java:1059)

When I disable kerberos security workflow works fine

Upvotes: 1

Views: 1011

Answers (1)

Jeremy Beard
Jeremy Beard

Reputation: 2725

To enable your Oozie Hive action to function on a secured cluster you need to include a <credentials> section with a credential of type 'hcat' to your workflow.

Your workflow would then look something like:

<workflow-app name='workflow' xmlns='uri:oozie:workflow:0.1'>
    <credentials>
        <credential name='hcat' type='hcat'>
            <property>
                <name>hcat.metastore.uri</name>
                <value>HCAT_URI</value>
            </property>
            <property> 
                <name>hcat.metastore.principal</name>
                <value>HCAT_PRINCIPAL</value>
            </property>
        </credential>
    </credentials>

    <action name="hive-to-hdfs" cred="hcat">
        <hive xmlns="uri:oozie:hive-action:0.2">
            <job-tracker>${jobTracker}</job-tracker>
            <name-node>${nameNode}</name-node>
            <job-xml>hive-site.xml</job-xml>
            <configuration>
                <property>
                    <name>mapred.job.queue.name</name>
                    <value>${queueName}</value>
                </property>
            </configuration>
            <script>script.q</script>
            <param>HIVE_EXPORT_TIME=${hiveExportTime}</param>
        </hive>
        <ok to="pass"/>
        <error to="fail"/>
    </action>
</workflow>

There is also Oozie documentation about this feature.

Upvotes: 2

Related Questions