在我们的群集上,我们进行了oozie设置,并且它运行正常。 现在我们添加了Kerberos和Ranger,并遇到以下问题:
Oozie按计划开始其工作流程(如纱线所示),但实际的蜂巢动作不会出现在纱线中。
详细说明:
我检查了工作是否在等待,事实并非如此,在纱线中我也没有看到新的,新的保存或接受的工作 我尝试了什么:
以hive用户身份启动oozie作业(我已授予游侠中所有表和hdfs文件的权限)没有任何区别
最后在krb5日志中找到了一条线索,仍然在寻找一种方法:
2016-07-19 18:53:46,157 INFO [pool-5-thread-53]: metastore.HiveMetaStore (HiveMetaStore.java:logInfo(747)) - 200: get_databases: NonExistentDatabaseUsedForHealthCheck
2016-07-19 18:53:46,157 INFO [pool-5-thread-53]: HiveMetaStore.audit (HiveMetaStore.java:logAuditEvent(372)) - ugi=oozie/myactualservername@MYACTUALDOMAINNAME ip=/someipaddress cmd=get_databases: NonExistentDatabaseUsedForHealthCheck
2016-07-19 18:53:46,158 INFO [pool-5-thread-53]: metastore.HiveMetaStore (HiveMetaStore.java:logInfo(747)) - 200: get_delegation_token
2016-07-19 18:53:46,158 INFO [pool-5-thread-53]: HiveMetaStore.audit (HiveMetaStore.java:logAuditEvent(372)) - ugi=oozie/myactualservername@MYACTUALDOMAINNAME ip=/someipaddress cmd=get_delegation_token
2016-07-19 18:53:46,159 INFO [pool-5-thread-53]: delegation.AbstractDelegationTokenSecretManager (AbstractDelegationTokenSecretManager.java:createPassword(385)) - Creating password for identifier: owner=u_batch, renewer=oozie, realUser=oozie/myactualservername@MYACTUALDOMAINNAME, issueDate=1468947226159, maxDate=1469552026159, sequenceNumber=15, masterKeyId=14, currentKey: 14
2016-07-19 18:53:46,160 INFO [pool-5-thread-53]: thrift.ZooKeeperTokenStore (ZooKeeperTokenStore.java:addToken(385)) - Added token: /hive/cluster/delegation/METASTORE/tokens/lotsofcharacterswerehere
2016-07-19 18:53:59,222 ERROR [pool-5-thread-198]: server.TThreadPoolServer (TThreadPoolServer.java:run(296)) - Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Invalid status -128
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:739)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:736)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1637)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:736)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: Invalid status -128
at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:184)
at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
... 10 more
答案 0 :(得分:0)
因为通过oozie提供的配置错误或不足。
因为您尝试以不安全的方式连接到安全的Metastore。 (在我看来,这应该会产生一个错误,但很明显它并不总是这样。请注意,如果碰巧看到krb5.log,你会看到错误。)
更新中提到的线索让我明白,与Metastore的连接并没有成功。
尝试使用不安全的方法连接到安全群集可能会导致您的尝试无限期挂起。
由于hive查询在没有oozie的情况下工作(并检查一般配置了正确的安全设置),我意识到问题必须来自oozie传递的配置。
在与参考hive-site.xml(应该在oozie工作流中引用的那个)进行比较后,我发现以下属性更改帮助我完成了工作:
<name>hive.metastore.sasl.enabled</name>
<value>true</value>
从false设置为true
<name>hive.metastore.kerberos.principal</name>
<value>hive/_HOST@putyourdomainnamehere</value>
上面添加(注意你应该留下_HOST它会被自动替换)
<name>hive.server2.authentication.kerberos.principal</name>
<value>hive/_HOST@putyourdomainnamehere</value>
上面添加了