0

We are migrating existing (production CDH 5.8 cluster) oozie + hive2 jobs to new CDH 5.8 cluster. Unfortunately the hive2 actions are failing with the below error after migration.

Error: Could not open client transport with JDBC Uri: jdbc:hive2://xxxxx.yyy.net:10000/default: Peer indicated failure: DIGEST-MD5: IO error acquiring \ password (state=08S01,code=0)

Could someone help me to understand the reason for the below error message ?

13
  • hive.server2.use.SSL is disabled and our cluster is KERBEROS authenticated. Do you think the property still work ?
    – William R
    Commented Feb 13, 2017 at 16:15
  • What is the value set for hive.server2.thrift.sasl.qop? Commented Feb 13, 2017 at 16:16
  • Parameter itself not present in config file.
    – William R
    Commented Feb 13, 2017 at 16:18
  • Can you add it with the value of auth-conf? Commented Feb 13, 2017 at 16:18
  • Sure we will try and one more point that existing cluster load balancer was not enabled but new once does have Load balancer.
    – William R
    Commented Feb 13, 2017 at 16:23

1 Answer 1

0

The default Hive Kerberos delegation token store method can cause failures with Oozie HiveServer2 actions in certain environments. Cloudera suggests using org.apache.hadoop.hive.thrift.ZooKeeperTokenStore, or connecting to a single HiveServer2 instance behind the load balancer to avoid this connection failure.

When using multiple HiveServer2 instances front-ended by a load balancer, Oozie Hive2 actions can start a connection and get a delegation token on the first HiveServer2, and then because of load-balancing, get another connection to the next HiveServer2 when making the query. This causes the second connection to fail.

For HiveMetaStore HA, it is recommended to use DBTokenStore instead of ZookeeperTokenStore in order to better support a large number of requests to HiveMetaStore. For HiveServer2 HA, use ZookeeperTokenStore until DBTokenStore is getting stable in CDH with HIVE-12270.

CM > Hive > Configuration > HiveServer2 Advanced Configuration Snippet (Safety Valve) for hive-site.xml and enter:

<property>
  <name>hive.cluster.delegation.token.store.class</name>     
  <value>org.apache.hadoop.hive.thrift.ZooKeeperTokenStore</value>
</property>

CM > Hive > Configuration > Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml and enter:

<property> 
  <name>hive.cluster.delegation.token.store.class</name>
  <value>org.apache.hadoop.hive.thrift.DBTokenStore</value>  </property>

(this is optional if you have set "Hive Metastore Delegation Token Store" to "org.apache.hadoop.hive.thrift.DBTokenStore")

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.