从远程计算机上的服务器连接到支持配置单元的kerberos

yqlxgs2m  于 2021-06-29  发布在  Hive
关注(0)|答案(2)|浏览(486)

我在本地机器上运行一个r,我的配置单元服务器在aws机器上使用cloudera配置,并使用kerberos启用。我现在无法使用jdbc连接从本地r示例连接到配置单元服务器。
我想知道是否有任何可用的选项,可以帮助我连接到配置单元服务器从r?我尝试了下面的代码并得到了错误。

library(RJDBC)
drv1 <- JDBC("org.apache.hive.jdbc.HiveDriver",list.files("Rjars/jars/hive_jdbc/",pattern="jar$",full.names=T))
con<-dbConnect(drv,'jdbc:hive2://ec2-xx-xx-xx-xxx.us-west-2.compute.amazonaws.com:10000/default;principal=hive/ip-xxx-xx-xx-xx.us-west-2.compute.internal@REALM.COM',"username","pwd")

控制台输出

Jun 09, 2016 3:34:07 PM org.apache.hive.jdbc.Utils parseURL
INFO: Supplied authorities: ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:10000
Error in .verify.JDBC.result(jc, "Unable to connect JDBC to ", url) : 
  Unable to connect JDBC to jdbc:hive2://ec2-xx-xx-xx-xxx.us-west-2.compute.amazonaws.com:10000/default;principal=hive/ip-xx-xx-xx-xx.us-west-2.compute.internal@REALM.COM (Could not initialize class org.apache.hadoop.security.UserGroupInformation)
Jun 09, 2016 3:34:07 PM org.apache.hive.jdbc.Utils parseURL
INFO: Resolved authority: ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com:10000
ycl3bljg

ycl3bljg1#

我也遇到过同样的情况。我的解决方案是:

connCloudera <- function(db_user, KrbRealm, KrbHostFQDN, KrbHostPort, DB,
                         jdbcDriverPath, KrbServiceName='hive', user=NULL, 
                         path_keytab=NULL,){
  #' Cloudera connection
  #'
  #' This function creates a connection to a kerberized Cloudera instance.
  #' 
  #' @param user user to login with kerberos
  #' @param db_user user to login to the db
  #' @param path_keytab path to kerberos keytab file
  #' @param KrbRealm Kerberos realm to connect to
  #' @param KrbHostFQDN Fully Qualified Domain Name of the Kerberos Host that exposes target service
  #' @param KrbHostPort port number to connect to on given host
  #' @param KrbServiceName name of the required service
  #' @param DB database to connect to
  #' @param jdbcDriverPath class path that needs to be appended in order to load the desired JDBC driver
  #'
  #' @keywords Cloudera, Kerberos
  #' @return connection
  #' @export
  #' @import DBI
  #' @import RJDBC

if(is.null(user)) user <- system('whoami',intern = TRUE)
if(is.null(path_keytab)) path_keytab <- paste0('/home/',user,'/',user,'.keytab')

system(paste0("kinit ",db_user,"@",KrbRealm," -k -t ",path_keytab))

hivedrv <- RJDBC::JDBC(driverClass="com.cloudera.hive.jdbc41.HS2Driver",
                       classPath=list.files(jdbcDriverPath, pattern="jar$", full.names=T),
                       identifier.quote="`")

authentication <- paste(paste0("jdbc:hive2://",KrbHostFQDN,":",KrbHostPort,"/",DB),
                            "AuthMech=1",
                            paste0("KrbRealm=",KrbRealm),
                            paste0("KrbHostFQDN=",KrbHostFQDN),
                            paste0("KrbServiceName=",KrbServiceName),
                            "SSL=1",
                            "AllowSelfSignedCert=1",
                            "CAIssuedCertNamesMismatch=1",
                            sep=";")

hivecon <- DBI::dbConnect(hivedrv, authentication)
return(hivecon)
}
p3rjfoxz

p3rjfoxz2#

你必须做“kinit”的等价物
在我的例子中,您可以使用与正在使用的cloudera版本等效的hadoop公共库,并执行以下说明:

Sys.setenv(KRB5_CONFIG = "/conf/krb5.conf")
Sys.setenv(sun.security.jgss.debug="FALSE");

conf=.jnew ("org.apache.hadoop.conf.Configuration")
conf$set("hadoop.security.authentication", "Kerberos")
ugi=J("org.apache.hadoop.security.UserGroupInformation")
ugi$setConfiguration (conf)
ugi$loginUserFromKeytab("webApp@MYCOMPANY","conf/webapp.keytab")

相关问题