hudi icon indicating copy to clipboard operation
hudi copied to clipboard

Published 20 hours ago verified publisher icon apache

How to use Kerberos in Hudi integrated Flink?data cannot be written to hdfs.

Open FWLamb opened this issue 1 year ago • 14 comments

image image image image

I have configured the Kerberos-related parameters in the Flink configuration file and executed the kinit command before entering SQL client, but it still failed.

Environment Description

  • Hudi version : 0.14.0

  • Flink version : 1.16.2

  • Hadoop version :3.1.0

  • Storage (HDFS/S3/GCS..) : hdfs

FWLamb avatar Sep 07 '23 06:09 FWLamb

Did you config the kerb certificate in you flink configurations?

danny0405 avatar Sep 07 '23 07:09 danny0405

Did you config the kerb certificate in you flink configurations?

Yes, please take a look at the fourth picture above.

FWLamb avatar Sep 07 '23 07:09 FWLamb

Did you configure it on all the cluster nodes?

danny0405 avatar Sep 07 '23 07:09 danny0405

Did you configure it on all the cluster nodes?

I only deployed a single node for testing

FWLamb avatar Sep 07 '23 07:09 FWLamb

When I submit a job by writing code, it can be successful, but this problem arises when using SQL client.

FWLamb avatar Sep 07 '23 07:09 FWLamb

SQL client has it's own config yamls, not sure whether we can configure the kerb there

danny0405 avatar Sep 07 '23 07:09 danny0405

Flink1.14 and later versions have removed the sql-client-defaults. yaml file

FWLamb avatar Sep 07 '23 07:09 FWLamb

Can you write the group:user to which the path "tmp/hudi_flink/t1" belongs? Can you take a screenshot and see if your ticket should be configured as' hive:hive '

jiaojietao avatar Sep 08 '23 02:09 jiaojietao

Uploading image.png…

Translation: I also encountered the same problem. When integrating Flink with Hudi, I created a table in Flink-SQL and synchronized it to Hive. However, I cannot perform Hive JDBC Kerberos authentication during the synchronization to Hive. My Hive cluster does not have user passwords, only Kerberos authentication.

Toroidals avatar Oct 17 '23 08:10 Toroidals

Did you try the HMS sync mode then instead of the JDBC.

danny0405 avatar Oct 17 '23 08:10 danny0405

I have also encountered this problem, and I would like to ask you how you can solve it

wangzhenwen681 avatar Dec 22 '23 01:12 wangzhenwen681

How did you configure the kerb certificate in your hive conf?

danny0405 avatar Dec 22 '23 02:12 danny0405

jobManager log 2023-12-22 16:35:07,730 WARN org.apache.hadoop.hive.metastore.HiveMetaStoreClient [] - set_ugi() not successful, Likely cause: new client talking to old server. Continuing without it. org.apache.thrift.transport.TTransportException: null hivemetastore log ERROR org.apache.thrift.server.TThreadPoolServer - Error occurred during processing of message. java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Invalid status -128 Caused by: org.apache.thrift.transport.TTransportException: Invalid status -128 environment hudi-0.14.0 flink-1.16.2 flinksql is CREATE TABLE test_hudi(

id int, num int, ts int, primary key (id) not enforced ) PARTITIONED BY (num) with( 'connector'='hudi', 'path' = 'hdfs:///data/test/test_hudi', 'table.type'='COPY_ON_WRITE',
'hive_sync.enable'='true', 'hive_sync.db'='test', 'hive_sync.table'='test_hudi', 'hive_sync.mode'='hms' ,
'hive_sync.metastore.uris' = 'thrift://datasophon01:9083', 'hive_sync.use_jdbc'='true', 'hive_sync.use_kerberos' = 'true', 'hive_sync.kerberos.krb5.conf' = '/etc/krb5.conf', 'hive_sync.kerberos.principal' = 'hive/[email protected]', 'hive_sync.kerberos.keytab.file' = '/etc/security/keytab/hive.service.keytab', 'hive_sync.kerberos.keytab.name' = 'hive/[email protected]'
);

wangzhenwen681 avatar Dec 22 '23 08:12 wangzhenwen681

There was an another issue which a user fixed like this - https://github.com/apache/hudi/issues/9269#issuecomment-1659637537

If it is related and works, we can implement it as a general solution. cc @danny0405

ad1happy2go avatar Dec 22 '23 12:12 ad1happy2go