[jira] [Commented] (RANGER-3188) HiveServer log showed Authentication Failed

soullearning (Jira) Tue, 25 Jan 2022 01:27:16 -0800


    [ 
https://issues.apache.org/jira/browse/RANGER-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17481674#comment-17481674
 ]


soullearning commented on RANGER-3188:
--------------------------------------

same question, Please tell me how to solve this problem。thanks.

> HiveServer log showed Authentication Failed
> -------------------------------------------
>
>                 Key: RANGER-3188
>                 URL: https://issues.apache.org/jira/browse/RANGER-3188
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.1.0
>         Environment: Hive Version: 3.1.2
> Ranger: 2.1
> os: centos
>            Reporter: Sekiro
>            Priority: Major
>
> When I create a table on AWS EMR 6.2 which shows the following error message.
> But eventually create success.
> Although does not affect the use but I really want to know why.:)
>  
> 2021-02-24T06:14:41,059 ERROR [925310d9-d40a-437a-af54-eeec38b2c8d5 
> HiveServer2-Handler-Pool: Thread-103([])]: client.RangerAdminRESTClient 
> (RangerAdminRESTClient.java:getUserRoles(434)) - getUserRoles() failed: HTTP 
> status=401, message=Authentication Failed, isSecure=false
> 2021-02-24T06:14:41,078 ERROR [925310d9-d40a-437a-af54-eeec38b2c8d5 
> HiveServer2-Handler-Pool: Thread-103([])]: authorizer.RangerHiveAuthorizer 
> (RangerHiveAuthorizer.java:initUserRoles(322)) - Error while fetching roles 
> from ranger for user : hadoop
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
>  org.apache.hadoop.security.AccessControlException: Permission denied.
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoleNamesFromRanger(RangerHiveAuthorizer.java:365)
>  ~[ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.initUserRoles(RangerHiveAuthorizer.java:320)
>  [ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoles(RangerHiveAuthorizer.java:329)
>  [ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:785)
>  [ranger-hive-plugin-2.1.0.jar:2.1.0]
>  at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1307) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1071) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:698) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1826) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1773) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1768) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hadoop.hive.ql.reexec.ReExecDriver.compileAndRespond(ReExecDriver.java:126)
>  [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:197)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:260)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.hive.service.cli.operation.Operation.run(Operation.java:247) 
> [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:541)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.cli.session.HiveSessionImpl.executeStatement(HiveSessionImpl.java:516)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_272]
>  at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_272]
>  at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_272]
>  at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_272]
>  at 
> org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at java.security.AccessController.doPrivileged(Native Method) [?:1.8.0_272]
>  at javax.security.auth.Subject.doAs(Subject.java:422) [?:1.8.0_272]
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
>  [hadoop-common-3.2.1-amzn-2.jar:?]
>  at 
> org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at com.sun.proxy.$Proxy68.executeStatement(Unknown Source) [?:?]
>  at 
> org.apache.hive.service.cli.CLIService.executeStatement(CLIService.java:282) 
> [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:563)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1557)
>  [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1542)
>  [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) 
> [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56)
>  [hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
>  [hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  [?:1.8.0_272]
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  [?:1.8.0_272]
>  at java.lang.Thread.run(Thread.java:748) [?:1.8.0_272]
> Caused by: org.apache.hadoop.security.AccessControlException: Permission 
> denied.
>  at 
> org.apache.ranger.admin.client.RangerAdminRESTClient.getUserRoles(RangerAdminRESTClient.java:437)
>  ~[?:?]
>  at 
> org.apache.ranger.plugin.service.RangerBasePlugin.getUserRoles(RangerBasePlugin.java:489)
>  ~[?:?]
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoleNamesFromRanger(RangerHiveAuthorizer.java:351)
>  ~[?:?]
>  ... 38 more



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3188) HiveServer log showed Authentication Failed

Reply via email to