我正在尝试使用Sqoop 1.4.5从带有Kerberos身份验证的SQL Server导入一些数据,但我收到一些身份验证错误,如下所示。我已经为我的用户授予了Kerberos票证。
15/11/11 14:13:46 INFO sqoop.Sqoop: Running Sqoop version: 1.4.5-cdh5.4.2
15/11/11 14:13:46 WARN tool.BaseSqoopTool: Setting your password on the command-line is insecure. Consider using -P instead.
15/11/11 14:13:46 INFO tool.BaseSqoopTool: Using Hive-specific delimiters for output. You can override
15/11/11 14:13:46 INFO tool.BaseSqoopTool: delimiters with --fields-terminated-by, etc.
15/11/11 14:13:46 INFO teradata.TeradataManagerFactory: Loaded connector factory for 'Cloudera Connector Powered by Teradata' on version 1.4c5
15/11/11 14:13:46 INFO manager.SqlManager: Using default fetchSize of 1000
15/11/11 14:13:46 INFO tool.CodeGenTool: Beginning code generation
15/11/11 14:13:48 INFO manager.SqlManager: Executing SQL statement: XXXXX ;
15/11/11 14:13:48 INFO manager.SqlManager: Executing SQL statement: XXXXX ;
15/11/11 14:13:48 INFO orm.CompilationManager: HADOOP_MAPRED_HOME is /opt/cloudera/parcels/CDH/lib/hadoop-mapreduce
Note: ./tmp/XXXXX/QueryResult.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
15/11/11 14:13:50 INFO orm.CompilationManager: Writing jar file: ./tmp/XXXXX/QueryResult.jar
15/11/11 14:13:50 INFO mapreduce.ImportJobBase: Beginning query import.
15/11/11 14:13:50 INFO Configuration.deprecation: mapred.jar is deprecated. Instead, use mapreduce.job.jar
15/11/11 14:13:50 INFO Configuration.deprecation: mapred.map.tasks is deprecated. Instead, use mapreduce.job.maps
15/11/11 14:13:51 INFO hdfs.DFSClient: Created HDFS_DELEGATION_TOKEN token 42791 for saitoped on ha-hdfs:nameservice1
15/11/11 14:13:51 INFO security.TokenCache: Got dt for hdfs://nameservice1; Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:nameservice1, Ident: (HDFS_DELEGATION_TOKEN token 42791 for saitoped)
15/11/11 14:13:54 INFO db.DBInputFormat: Using read commited transaction isolation
15/11/11 14:13:54 INFO mapreduce.JobSubmitter: number of splits:1
15/11/11 14:13:54 INFO mapreduce.JobSubmitter: Submitting tokens for job: job_1447260428787_0025
15/11/11 14:13:54 INFO mapreduce.JobSubmitter: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:nameservice1, Ident: (HDFS_DELEGATION_TOKEN token 42791 for saitoped)
15/11/11 14:13:55 INFO impl.YarnClientImpl: Submitted application application_1447260428787_0025
15/11/11 14:13:55 INFO mapreduce.Job: The url to track the job: https://XXXXX/proxy/application_1447260428787_0025/
15/11/11 14:13:55 INFO mapreduce.Job: Running job: job_1447260428787_0025
15/11/11 14:14:04 INFO mapreduce.Job: Job job_1447260428787_0025 running in uber mode : false
15/11/11 14:14:04 INFO mapreduce.Job: map 0% reduce 0%
15/11/11 14:14:28 INFO mapreduce.Job: Task Id : attempt_1447260428787_0025_m_000000_0, Status : FAILED
Error: java.lang.RuntimeException: java.lang.RuntimeException: com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:312f6965-4044-4a25-bb99-619272faf085
at org.apache.sqoop.mapreduce.db.DBInputFormat.setConf(DBInputFormat.java:167)
at org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
at org.apache.hadoop.mapred.MapTask.runNewMapper(MapTask.java:749)
at org.apache.hadoop.mapred.MapTask.run(MapTask.java:341)
at org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:163)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
at org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:158)
Caused by: java.lang.RuntimeException: com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:312f6965-4044-4a25-bb99-619272faf085
at org.apache.sqoop.mapreduce.db.DBInputFormat.getConnection(DBInputFormat.java:220)
at org.apache.sqoop.mapreduce.db.DBInputFormat.setConf(DBInputFormat.java:165)
... 9 more
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:312f6965-4044-4a25-bb99-619272faf085
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:176)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:268)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:2691)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:2234)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$000(SQLServerConnection.java:41)
at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:2220)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:5696)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:1715)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1326)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:215)
at org.apache.sqoop.mapreduce.db.DBConfiguration.getConnection(DBConfiguration.java:302)
at org.apache.sqoop.mapreduce.db.DBInputFormat.getConnection(DBInputFormat.java:213)
... 10 more
Caused by: java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.getClientCredential(KerbAuthentication.java:199)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:150)
... 25 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:192)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:406)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:60)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:153)
at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:189)
at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:187)
... 29 more
Bellow是我的Sqoop字符串
sqoop import
--connect $JDBC_URL
--username $JDBC_USER
--password ***
--bindir ./tmp/$DATABASE_NAME/$DESTINE_TABLE
--outdir ./tmp/$DATABASE_NAME/$DESTINE_TABLE
--query $QUERY $HIVE_CMD
--hive-import
--hive-table=$DATABASE_NAME.$DESTINE_TABLE
--hive-overwrite
--hive-drop-import-delims
--target-dir /$ENVIRONMENT/edl/infra/...
关于如何解决这个问题的任何想法?
答案 0 :(得分:-1)
The error message states that Microsoft SQL Server ignores your user/password parameters because it expects "single-sign-on" with an implicit Microsoft-compliant (i.e. SSPI) Kerberos ticket -- the kind produced by Microsoft Active Directory for Microsoft Windows.
But Hadoop uses Java-compliant (i.e. GSSAPI) Kerberos tickets. These do not work for Skull Server.
And anyway you probably don't want to use "single-sign-on" since you provide a user/password on the Sqoop command line!
So the short answer is: edit the JDBC URL to remove the integratedsecurity=true stuff that probably lurks there. And pleaaaaaase read some SQL Server documentation.