You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ranger.apache.org by Taher Koitawala <ta...@gslab.com> on 2017/12/01 02:02:26 UTC

Re: Ranger cannot connect to Hiveserver2

I get this SASL negotiation failure error in hiveserver2 logs when i do
test connection from Ranger Web UI.

To connect to hiveserver2 from beeline we use
jdbc:hive2://hiveserver2_host:10000 and then we enter our LDAP username and
password. We have put the ldap certificate in the jvm keystore of
hiveserver2

On Dec 1, 2017 12:53 AM, "Ramesh Mani" <rm...@hortonworks.com> wrote:

> Taher,
>
> Where do you see this SSL error? Is that when you do test connection in
> the Ranger UI for hive service?
>
> How do you connect to HiveServer2 via beeline? Can you share the command
> what you used for this.
>
> Thanks,
> Ramesh
>
> From: Taher Koitawala <ta...@gslab.com>
> Reply-To: "user@ranger.apache.org" <us...@ranger.apache.org>
> Date: Thursday, November 30, 2017 at 4:24 AM
> To: "user@ranger.apache.org" <us...@ranger.apache.org>
> Subject: Ranger cannot connect to Hiveserver2
>
> Hi All,
>          We were using hive with ldap before and ranger was able to
> connect to hiveserver2. However since we moved hive from ldap to ldaps,
> ranger cannot connect to hiveserver2 now. Exception i get is on hiveserver2
> side is SASL negotiation failure.
>
> I am guessing its the LDAP s certificate issue. When ranger prepares a
> client to connect to hiveserver2 may be it cannot find the certificate. I
> think that is strange because Ranger is liked to LDAPS and is allowing LDAP
> users to login to ranger with their creds. It just cannot connect to
> hiveserver2.
>
> My Ranger Webui plugin configurations are as follows:
>
> Service Name: hive_test
> Active Status: Enabled
> Username: <ranger_user> //LDAP user just for ranger
> Password: password
> jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver
> jdbc.url: jdbc:hive2://<hiveserver2_host>:10000
> Common Name for Certificate: blank
> Add new Configurations: BLANK
>
>
>
> Exception thrown is attached below
>
>

Re: Ranger cannot connect to Hiveserver2

Posted by Ramesh Mani <rm...@hortonworks.com>.

Taher,

Test connection is just to verify that the ranger UI lookup   will work fine. Lookup feature is to list the Database/ tables/cloumns why maintaining policies. it won't affect the Ranger Plugin at all, so you can configure the Ranger Hive Plugin and it should work.
If you want the lookup to work without issue, check that what user /password that is there in Ranger Hive Service config. It should be the user/password you use to connect to beeline.

Thanks,
Ramesh

From: Taher Koitawala <ta...@gslab.com>>
Reply-To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Date: Sunday, December 3, 2017 at 11:47 PM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: Re: Ranger cannot connect to Hiveserver2

Hi All can you guys please help me out on this


On Fri, Dec 1, 2017 at 7:32 AM, Taher Koitawala <ta...@gslab.com>> wrote:
I get this SASL negotiation failure error in hiveserver2 logs when i do test connection from Ranger Web UI.

To connect to hiveserver2 from beeline we use jdbc:hive2://hiveserver2_host:10000 and then we enter our LDAP username and password. We have put the ldap certificate in the jvm keystore of hiveserver2

On Dec 1, 2017 12:53 AM, "Ramesh Mani" <rm...@hortonworks.com>> wrote:
Taher,

Where do you see this SSL error? Is that when you do test connection in the Ranger UI for hive service?

How do you connect to HiveServer2 via beeline? Can you share the command what you used for this.

Thanks,
Ramesh

From: Taher Koitawala <ta...@gslab.com>>
Reply-To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Date: Thursday, November 30, 2017 at 4:24 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: Ranger cannot connect to Hiveserver2

Hi All,
         We were using hive with ldap before and ranger was able to connect to hiveserver2. However since we moved hive from ldap to ldaps, ranger cannot connect to hiveserver2 now. Exception i get is on hiveserver2 side is SASL negotiation failure.

I am guessing its the LDAP s certificate issue. When ranger prepares a client to connect to hiveserver2 may be it cannot find the certificate. I think that is strange because Ranger is liked to LDAPS and is allowing LDAP users to login to ranger with their creds. It just cannot connect to hiveserver2.

My Ranger Webui plugin configurations are as follows:

Service Name: hive_test
Active Status: Enabled
Username: <ranger_user> //LDAP user just for ranger
Password: password
jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver
jdbc.url: jdbc:hive2://<hiveserver2_host>:10000
Common Name for Certificate: blank
Add new Configurations: BLANK



Exception thrown is attached below

Re: Ranger cannot connect to Hiveserver2

Posted by Taher Koitawala <ta...@gslab.com>.

Hi All can you guys please help me out on this


On Fri, Dec 1, 2017 at 7:32 AM, Taher Koitawala <ta...@gslab.com>
wrote:

> I get this SASL negotiation failure error in hiveserver2 logs when i do
> test connection from Ranger Web UI.
>
> To connect to hiveserver2 from beeline we use
> jdbc:hive2://hiveserver2_host:10000 and then we enter our LDAP username
> and password. We have put the ldap certificate in the jvm keystore of
> hiveserver2
>
> On Dec 1, 2017 12:53 AM, "Ramesh Mani" <rm...@hortonworks.com> wrote:
>
>> Taher,
>>
>> Where do you see this SSL error? Is that when you do test connection in
>> the Ranger UI for hive service?
>>
>> How do you connect to HiveServer2 via beeline? Can you share the command
>> what you used for this.
>>
>> Thanks,
>> Ramesh
>>
>> From: Taher Koitawala <ta...@gslab.com>
>> Reply-To: "user@ranger.apache.org" <us...@ranger.apache.org>
>> Date: Thursday, November 30, 2017 at 4:24 AM
>> To: "user@ranger.apache.org" <us...@ranger.apache.org>
>> Subject: Ranger cannot connect to Hiveserver2
>>
>> Hi All,
>>          We were using hive with ldap before and ranger was able to
>> connect to hiveserver2. However since we moved hive from ldap to ldaps,
>> ranger cannot connect to hiveserver2 now. Exception i get is on hiveserver2
>> side is SASL negotiation failure.
>>
>> I am guessing its the LDAP s certificate issue. When ranger prepares a
>> client to connect to hiveserver2 may be it cannot find the certificate. I
>> think that is strange because Ranger is liked to LDAPS and is allowing LDAP
>> users to login to ranger with their creds. It just cannot connect to
>> hiveserver2.
>>
>> My Ranger Webui plugin configurations are as follows:
>>
>> Service Name: hive_test
>> Active Status: Enabled
>> Username: <ranger_user> //LDAP user just for ranger
>> Password: password
>> jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver
>> jdbc.url: jdbc:hive2://<hiveserver2_host>:10000
>> Common Name for Certificate: blank
>> Add new Configurations: BLANK
>>
>>
>>
>> Exception thrown is attached below
>>
>>