“ ICMP端口无法访问”-无法通过JDBC连接到HIVE数据库(使用KERBEROS)

时间:2019-08-07 21:57:08

标签: jdbc hive kerberos

我正在尝试通过JDBC从我的应用程序访问HIVE数据库。我面临一些连接问题。 我在这里尝试了很多事情,例如尝试TCP等,但还是失败了。

public class HiveJDBC {
private static String driverName = "org.apache.hive.jdbc.HiveDriver";

  /**
 * @param args
 * @throws SQLException
   */
  public static void main(String[] args) throws SQLException {
      try {
      Class.forName(driverName);
    } catch (ClassNotFoundException e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
      System.exit(1);
    }
    System.setProperty("sun.security.jgss.debug","true");
        System.setProperty("java.security.krb5.realm","FDLDEV.COM");
        System.setProperty("java.security.auth.useSubjectCredsOnly","false");
        System.setProperty("java.security.krb5.conf","krb5.conf");
        System.setProperty("java.security.krb5.kdc","10.230.137.236");
        System.setProperty("sun.security.krb5.debug", "true");

          try{
              LOG.info("Starting:");
              org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
              conf.set("hadoop.security.authentication", "kerberos");
              UserGroupInformation.setConfiguration(conf);
              UserGroupInformation.loginUserFromKeytab("122*121@ABC.COM", "122*121.keytab");
    Connection con = DriverManager.getConnection("jdbc:hive2://ip-12-***-156-227.ec2.internal:2999,ip-10-***-123-123.ec2.internal:1299,ip-10-230-137-16.ec2.internal:1299/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2-llap0;principal=123@ABC.COM");
    Statement stmt = con.createStatement();

Krb5.conf:

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = ABC.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]    
FDLDEV.COM = {
   kdc = 10.***.***.236
   admin_server = 10.***.***.236
}

[domain_realm]
.abc.com = ABC.COM
 abc.com = ABC.COM

输出:

Caused by: javax.security.auth.login.LoginException: ICMP Port Unreachable
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:808) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:952) ~[hadoop-common-2.6.5.jar!/:?]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    ... 83 more
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT Caused by: java.net.PortUnreachableException: ICMP Port Unreachable
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.net.PlainDatagramSocketImpl.receive0(Native Method) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.net.AbstractPlainDatagramSocketImpl.receive(AbstractPlainDatagramSocketImpl.java:143) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.net.DatagramSocket.receive(DatagramSocket.java:812) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.internal.UDPClient.receive(NetClient.java:206) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:404) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KdcComm.send(KdcComm.java:348) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KdcComm.send(KdcComm.java:229) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KdcComm.send(KdcComm.java:200) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)  ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_222]
2019-08-07T17:27:26.35-0400 [APP/PROC/WEB/0] OUT    at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:952) ~[hadoop-common-2.6.5.jar!/:?]

我在这里想念什么?我花了很多时间尝试进行故障排除,但是没有运气。任何帮助表示赞赏。预先感谢

1 个答案:

答案 0 :(得分:0)

我遇到了同样的问题...这是因为代码没有加载所有的conf文件。因此,其中一些人尝试与kerberos连接,但是kerberos拒绝了它,因此您无法获得ICMP端口。

简而言之,请检查您的conf文件。路径错误