java - Sådan tilsluttes impala server fra klient/lokal windows clearing curbs auth

Indlæg af Hanne Mølgaard Plasc

Problem



Jeg arbejder med Impala Cloudera-opsætningen for at læse data fra db. Under Java-kode er angivet til at forbinde (kører på serveren med succes) og hente data fra db med Kerberos auth.


Java kode jeg bruger:


private static void init() {
                System.setProperty("sun.security.krb5.debug", "true");
                System.setProperty("java.security.krb5.conf", "server-path/krb5.conf");
                System.setProperty("java.security.auth.login.config", "server-path/jaas.conf");
        }

        private static void createConnection() throws Exception {

                Connection conn = null;
                PreparedStatement pstmt = null;
                try {
                        init();
                        Class.forName("com.cloudera.impala.jdbc4.Driver");

                        // Authenticating Kerberos principal
                        System.out.println("Principal Authentication: ");
                        final String user = "user";
                        final String keyPath = "conserver-path/user.keytab";

                        org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
                        conf.set("hadoop.security.authentication", "Kerberos");
                        UserGroupInformation.setConfiguration(conf);
                        UserGroupInformation.loginUserFromKeytab(user, keyPath);

                        conn = DriverManager.getConnection("jdbc:impala://ipaddress;AuthMech=1;KrbRealm=realm;KrbHostFQDN=fqdn;KrbServiceName=impala",
                                                        "user", "pwd");
                        System.out.println(conn);
                        System.out.println("=========================================================================");

                        String query = "select count(*) from tableName";
                        System.out.println("Connection :" + conn);
                        pstmt = conn.prepareStatement(query);
                        ResultSet rs = pstmt.executeQuery();
                        System.out.println(rs);
                        System.out.println("--------------------------------------------");

                        while (rs != null && rs.next()) {
//                              System.out.println(rs.getFetchSize());
                                System.out.println(rs.getInt(1));
                        }
                } catch(Exception e) {
                        e.printStackTrace();
                } finally {
                        if(pstmt != null) pstmt.close();
                        if(conn != null) conn.close();
                }
        }


Jeg har et problem, mens jeg kører det samme fra lokal/windows-miljø for at oprette forbindelse til server/Cloudera Impala-databasen. Har kopieret jaas.conf, kerb5.conf, user.keytab til den lokale sti, men programmet kaster:


>>> Found no TGT's in LSA
java.sql.SQLException: [Simba][ImpalaJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Princpal Name for authentication.
        at com.cloudera.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
        at com.cloudera.hivecommon.api.HiveServer2ClientFactory.createClient(Unknown Source)
        at com.cloudera.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
        at com.cloudera.impala.core.ImpalaJDBCConnection.establishConnection(Unknown Source)
        at com.cloudera.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
        at com.cloudera.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
        at com.cloudera.jdbc.common.AbstractDriver.connect(Unknown Source)
        at java.sql.DriverManager.getConnection(DriverManager.java:571)
        at java.sql.DriverManager.getConnection(DriverManager.java:215)
        at Com.connection.impala.TestImpala.createConnection(TestImpala.java:50)
Caused by: com.cloudera.support.exceptions.GeneralException: [Simba][ImpalaJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Princpal Name for authentication .
        ... 10 more


Læs få links til henholdsvis Kerberos Constrained Delegation. Kunne ikke forstå, hvad og hvordan præcis trinene skal følges. [6]


Hjælp mig med at køre og få forbindelsen succesfuldt fra Windows-maskine.

Bedste reference