You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "hansonhe (Jira)" <ji...@apache.org> on 2022/06/08 03:23:00 UTC

[jira] [Commented] (RANGER-3188) HiveServer log showed Authentication Failed

    [ https://issues.apache.org/jira/browse/RANGER-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17551372#comment-17551372 ] 

hansonhe commented on RANGER-3188:
----------------------------------

My hadoop Environments are hive-3.1.2,ranger-2.1.0,hadoop-3.1.4,the same error as following:
2022-06-06 18:37:40 ERROR client.RangerAdminRESTClient: getUserRoles() failed: HTTP status=401, message=Authentication Failed, isSecure=false
2022-06-06 18:37:40,892 ERROR [a430b069-9f15-4a70-b02b-aad28ba22a6f HiveServer2-Handler-Pool: Thread-72] client.RangerAdminRESTClient: getUserRoles() failed: HTTP status=401, message=Authen
tication Failed, isSecure=false

How to solve it?

> HiveServer log showed Authentication Failed
> -------------------------------------------
>
>                 Key: RANGER-3188
>                 URL: https://issues.apache.org/jira/browse/RANGER-3188
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.1.0
>         Environment: Hive Version: 3.1.2
> Ranger: 2.1
> os: centos
>            Reporter: Sekiro
>            Priority: Major
>
> When I create a table on AWS EMR 6.2 which shows the following error message.
> But eventually create success.
> Although does not affect the use but I really want to know why.:)
>  
> 2021-02-24T06:14:41,059 ERROR [925310d9-d40a-437a-af54-eeec38b2c8d5 HiveServer2-Handler-Pool: Thread-103([])]: client.RangerAdminRESTClient (RangerAdminRESTClient.java:getUserRoles(434)) - getUserRoles() failed: HTTP status=401, message=Authentication Failed, isSecure=false
> 2021-02-24T06:14:41,078 ERROR [925310d9-d40a-437a-af54-eeec38b2c8d5 HiveServer2-Handler-Pool: Thread-103([])]: authorizer.RangerHiveAuthorizer (RangerHiveAuthorizer.java:initUserRoles(322)) - Error while fetching roles from ranger for user : hadoop
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException: org.apache.hadoop.security.AccessControlException: Permission denied.
>  at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoleNamesFromRanger(RangerHiveAuthorizer.java:365) ~[ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.initUserRoles(RangerHiveAuthorizer.java:320) [ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoles(RangerHiveAuthorizer.java:329) [ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:785) [ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1307) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1071) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:698) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1826) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1773) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1768) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.reexec.ReExecDriver.compileAndRespond(ReExecDriver.java:126) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:197) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:260) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.operation.Operation.run(Operation.java:247) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:541) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatement(HiveSessionImpl.java:516) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_272]
>  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_272]
>  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_272]
>  at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_272]
>  at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at java.security.AccessController.doPrivileged(Native Method) [?:1.8.0_272]
>  at javax.security.auth.Subject.doAs(Subject.java:422) [?:1.8.0_272]
>  at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730) [hadoop-common-3.2.1-amzn-2.jar:?]
>  at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at com.sun.proxy.$Proxy68.executeStatement(Unknown Source) [?:?]
>  at org.apache.hive.service.cli.CLIService.executeStatement(CLIService.java:282) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:563) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1557) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1542) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56) [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286) [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_272]
>  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_272]
>  at java.lang.Thread.run(Thread.java:748) [?:1.8.0_272]
> Caused by: org.apache.hadoop.security.AccessControlException: Permission denied.
>  at org.apache.ranger.admin.client.RangerAdminRESTClient.getUserRoles(RangerAdminRESTClient.java:437) ~[?:?]
>  at org.apache.ranger.plugin.service.RangerBasePlugin.getUserRoles(RangerBasePlugin.java:489) ~[?:?]
>  at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoleNamesFromRanger(RangerHiveAuthorizer.java:351) ~[?:?]
>  ... 38 more



--
This message was sent by Atlassian Jira
(v8.20.7#820007)