0

Ubuntu を実行しているコンピューターに VMWare マシンを作成しました。そこで、デモ LDAP を使用して Apache Knox をセットアップしました。現在、SQuirreL を介して Knox への接続文字列をセットアップしようとしています。Cloudera の下で Hive と互換性を持たせる必要があるため、Hortonworks Sandbox を使用できません。Knox の構成を開始する前に、まず Hive JDBC ドライバーを使用して Knox に接続できるようにしたいと考えています。これが私がこれまで持っている文字列です:

jdbc:hive2://<host>:8443/;ssl=1;sslTrustStore=/gateway.jks;trustStorePassword=<master secret>?hive.server2.transport.mode=http;httpPath=gateway/default/hive

私の具体的な質問は次のとおりです。

  1. にはどのパスを使用すればよいsslTrustStoreですか? 現在は にあり/home/<user>/Downloads/knox-1.0.0/data/security/keystores/gateway.jksます。フルパスで同じ文字列を試しましたが、まだうまくいきません。

  2. 何に使うべきhttpPathですか?Knox は Hive を使用して Hadoop ノードに接続するため、私の VM には特に Hive がありません。

  3. 接続文字列に欠けているものは他にありますか?

SQuirreL で、エラー メッセージが表示されて [スタック トレース] をクリックすると、次のような結果が得られます。

java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.sql.SQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: \home\anudeep\Downloads\knox-1.0.0\data\security\keystores\gateway.jks (The system cannot find the path specified).
    at java.util.concurrent.FutureTask.report(Unknown Source)
    at java.util.concurrent.FutureTask.get(Unknown Source)
    at net.sourceforge.squirrel_sql.client.mainframe.action.OpenConnectionCommand.awaitConnection(OpenConnectionCommand.java:132)
    at net.sourceforge.squirrel_sql.client.mainframe.action.OpenConnectionCommand.access$100(OpenConnectionCommand.java:45)
    at net.sourceforge.squirrel_sql.client.mainframe.action.OpenConnectionCommand$2.run(OpenConnectionCommand.java:115)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
4

1 に答える 1

0

Can you connect to Hive directly without Knox ? Looking at the stack trace it appears that the keystore (gateway.jks) is not found, this could be permissions issue. Try installing Knox on the host machine. I had a lot of issues connecting to outside services (running on Host OS) from VM, but this could just be me. There are few ways to debug this, before that let me answer your questions:

  1. You are right, you need to use the security/keystores/gateway.jks path so that Beeline (or any JDBC client) can trust the certificates presented by Knox.
  2. Looks like you are using Apache Knox so your path would look something like gateway/sandbox/hive (you need to update the HIVE service url under sandbox.xml topology). gateway/default/hive is mostly used by Knox instances configured by Ambari, which I don't think is true in your case.
  3. Try making few changes such as ssl=true, and instead of query string (?) use a colon (:) for transport.mode i.e. ;transportMode=http

This is the connection sting that works for me with Beeline

beeline -u "jdbc:hive2://<knox-host>:8443/;ssl=true;sslTrustStore=/var/lib/knox/security/keystores/gateway.jks;trustStorePassword=<trustPassword>;transportMode=http;httpPath=gateway/sandbox/hive" -n admin -p admin-password

Now onto some debugging.

  1. I think it will be easier if you simply download Knox on your Host OS (instead of VM) and talk to Hive, Knox needs 'line of sight' to services it proxies, with VMs it can be tricky. Also, I find it convenient to troubleshoot and check logs. You do not need Hive running on the same machine, just a line of sight to Knox is enough.
  2. Make sure hive-server.xml has the property hive.server2.servermode=http, this gets me all the time :)
  3. This tutorial/example explains how to connect to Hive2 using Knox using JDBC, it uses groovy scripting but you can just look at the setup and connection strings.
  4. This is another example using KnoxShell to connect to Hive2.

Hope this helps.

于 2018-07-05T14:16:27.117 に答える