连接到Hive从远程计算机上的R启用了Kerberos

Question

我在本地计算机上运行了一个R，我的hive服务器使用cloudera在aws机器上配置并启用了kerberos。我现在无法使用我的JDBC连接从本地R实例连接到hive服务器。

我想知道是否有任何可用的选项可以帮助我从R连接到配置单元服务器？我尝试了以下代码并收到错误。

public IHttpActionResult GetAllPersons()
    {
        List<PersonModel> person;
        using (var context = new ContactsContext())
        {
            person = context.People.Include("PhoneNumbers.PhoneNumberType1").ToList()
                .Select(p => new PersonModel
                {
                    FirstName = p.FirstName,
                    LastName = p.LastName,
                    DepartmentName = p.Department1.Name,
                    PhoneNumbers = p.PhoneNumbers.Select(x => new PhoneNumberModel
                    {
                        PhoneNumberTypeName = x.PhoneNumberType1.Description,
                        TelephoneNumber = x.PhoneNumber1
                    })
                }).ToList();
        } 
        return Ok(new { People = person }); 
    }

控制台输出

library(RJDBC)
drv1 <- JDBC("org.apache.hive.jdbc.HiveDriver",list.files("Rjars/jars/hive_jdbc/",pattern="jar$",full.names=T))
con<-dbConnect(drv,'jdbc:hive2://ec2-xx-xx-xx-xxx.us-west-2.compute.amazonaws.com:10000/default;principal=hive/ip-xxx-xx-xx-xx.us-west-2.compute.internal@REALM.COM',"username","pwd")

Answer 1

您必须做相当于“ kinit”的动作

就我而言，您可以使用与所使用的cloudera版本等效的hadoop-common库，并执行以下说明：

Sys.setenv(KRB5_CONFIG = "/conf/krb5.conf")
Sys.setenv(sun.security.jgss.debug="FALSE");

conf=.jnew ("org.apache.hadoop.conf.Configuration")
conf$set("hadoop.security.authentication", "Kerberos")
ugi=J("org.apache.hadoop.security.UserGroupInformation")
ugi$setConfiguration (conf)
ugi$loginUserFromKeytab("webApp@MYCOMPANY","conf/webapp.keytab")

Answer 2

我当时处在同样的情况。 我的解决方法是：

connCloudera <- function(db_user, KrbRealm, KrbHostFQDN, KrbHostPort, DB,
                         jdbcDriverPath, KrbServiceName='hive', user=NULL, 
                         path_keytab=NULL,){
  #' Cloudera connection
  #'
  #' This function creates a connection to a kerberized Cloudera instance.
  #' 
  #' @param user user to login with kerberos
  #' @param db_user user to login to the db
  #' @param path_keytab path to kerberos keytab file
  #' @param KrbRealm Kerberos realm to connect to
  #' @param KrbHostFQDN Fully Qualified Domain Name of the Kerberos Host that exposes target service
  #' @param KrbHostPort port number to connect to on given host
  #' @param KrbServiceName name of the required service
  #' @param DB database to connect to
  #' @param jdbcDriverPath class path that needs to be appended in order to load the desired JDBC driver
  #'
  #' @keywords Cloudera, Kerberos
  #' @return connection
  #' @export
  #' @import DBI
  #' @import RJDBC

if(is.null(user)) user <- system('whoami',intern = TRUE)
if(is.null(path_keytab)) path_keytab <- paste0('/home/',user,'/',user,'.keytab')

system(paste0("kinit ",db_user,"@",KrbRealm," -k -t ",path_keytab))


hivedrv <- RJDBC::JDBC(driverClass="com.cloudera.hive.jdbc41.HS2Driver",
                       classPath=list.files(jdbcDriverPath, pattern="jar$", full.names=T),
                       identifier.quote="`")

authentication <- paste(paste0("jdbc:hive2://",KrbHostFQDN,":",KrbHostPort,"/",DB),
                            "AuthMech=1",
                            paste0("KrbRealm=",KrbRealm),
                            paste0("KrbHostFQDN=",KrbHostFQDN),
                            paste0("KrbServiceName=",KrbServiceName),
                            "SSL=1",
                            "AllowSelfSignedCert=1",
                            "CAIssuedCertNamesMismatch=1",
                            sep=";")

hivecon <- DBI::dbConnect(hivedrv, authentication)
return(hivecon)
}