Saturday, June 6, 2020

HOW TO: Setup Beeline on linux for connecting to remote instance of Hive using Kerberos

To set up the connectivity, you have to download binaries that are required for a successful connection. These binaries can be downloaded from below links:

After downloading the tar files, extract them using below commands:

tar -xvzf hadoop-2.5.1.tar.gz
tar -xvzf apache-hive-1.2.1-bin.tar.gz

Folder Structure:
Let's say you extracted the tar files @/home/user/beeline. At this path, two new folders will get created hadoop-2.5.1 and apache-hive-1.2.1-bin.  Now also extract JRE here. Also, create two empty folders "conf" and "bin".
So your directory structure is now:


/home/user/beeline
/home/user/beeline/hadoop-2.5.1
/home/user/beeline/apache-hive-1.2.1-bin
/home/user/beeline/jre
/home/user/beeline/conf
/home/user/beeline/bin

setEnv.sh File:
Create setEnv.sh file and save it inside "bin" folder. Paste below content inside it:

export HADOOP_HOME=/home/user/beeline/hadoop-2.5.1
export HIVE_HOME=/home/user/beeline/apache-hive-1.2.1-bin
export JAVA_HOME=/home/user/beeline/jre
PATH=$PATH:$HIVE_HOME/bin:$JAVA_HOME/bin
export HADOOP_OPTS="$HADOOP_OPTS -Dsun.security.krb5.debug=true -Djava.security.krb5.conf=/home/user/beeline/conf/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=/home/user/beeline/conf/jaas.conf"

jaas.conf File:

Create and save jaas.conf file under conf folder

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};
krb5.conf File:

Create and save krb5.conf File under conf folder. Modify this file as per your environment.

[logging]
default = FILE:~/krb5libs.log
kdc = FILE:~/krb5kdc.log
admin_server = FILE:~/kadmind.log
kdc_rotate = {"period"=>"1d", "versions"=>200}
admin_server_rotate = {"period"=>"1d", "versions"=>201}

[libdefaults]
    default_realm = DOMAIN.COM
    dns_lookup_realm = false
    dns_lookup_kdc = false
    forwardable = true
    renew_lifetime = 30d
    ticket_lifetime = 30d
    renewable = yes
    service = yes
    kdc_timeout = 5000
    default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-hmac-sha1
    default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-hmac-sha1
    allow_weak_crypto = yes
    udp_preference_limit = 1

[realms]
  DOMAIN.COM = {
     kdc = kdcserver.domain.com:88
     default_domain  = domain.com
    }

  [domain_realm]
    .domain.com = DOMAIN.COM 
    domain.com = DOMAIN.COM

[appdefaults]
  pam = {
      debug = false
      forwardable = true
      renew_lifetime = 36000
      ticket_lifetime = 36000
      krb4_convert = false
    }

Source file & generate kerberos ticket:
source /home/user/beeline/bin/setEnv.sh
kinit -kt <Location of keytab file>/krbuser.keytab <SPN> (“krb5-workstation” rpm is required to run kinit command.)
klist (To check if ticket is generated successfully.)

Connect to Hive instance:
beeline –u “JDBC URL” 

 beeline -u "jdbc:hive2://<hive hostname>.domain.com:10000/;principal=hive/<hive hostname>.domain.com@DOMAIN.COM"


Posted by at 1 comment:
Labels: , , , ,

Monday, September 11, 2017

OEM 13c : Error Occurred: WebTier Could Not Be Started.


Error Message on starting OMS:

 $ ./emctl start oms

Oracle Enterprise Manager Cloud Control 13c Release 2

Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.

Starting Oracle Management Server...

WebTier Could Not Be Started.

Error Occurred: WebTier Could Not Be Started.

What does log emctl.log says?

[Thread-2] INFO  commands.BaseCommand run.605 - log4j:WARN No appenders could be found for logger (emctl.secure.oms.AdminCredsWalletUtil).

[Thread-2] INFO  commands.BaseCommand run.605 - log4j:WARN Please initialize the log4j system properly.

[Thread-1] INFO  commands.BaseCommand run.605 - Failed to get passwords from credential store

[Thread-1] INFO  commands.BaseCommand run.605 - Exception:  java.io.IOException  value:  java.io.IOException

 What is the health or status of emkey?
$ ./emctl status emkey

Oracle Enterprise Manager Cloud Control 13c Release 2

Copyright (c) 1996, 2016 Oracle Corporation.  All rights reserved.

Enter Enterprise Manager Root (SYSMAN) Password :

Error occurred. Check the log /app/oracle/gc_inst/em/EMGC_OMS1/sysman/log/secure.log

Hmm emkey health not good. What does secure.log says now?

Caused by: java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer!

        at javax.crypto.JarVerifier.verifyPolicySigned(JarVerifier.java:292)

        at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:317)

        at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:262)

What does this error message suggest?

jurisdiction policy files” suggest something wrong with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File.

What to do?

First check the java version, then download and copy the policy file accordingly.
$ $JDK_HOME/bin/java -version
java version "1.7.0_111"
Java(TM) SE Runtime Environment (build 1.7.0_111-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.111-b13, mixed mode)

Now download the policy file available @ http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

If using JDK8 then download the file available @ http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

and then copy below jars

US_export_policy.jar
local_policy.jar

to $JDK_HOME/jre/lib/security

 

Restart OMS Server
./emctl start OMS

 
Posted by at No comments:

Monday, April 4, 2016

Connect to MS SQL Database from Weblogic using Domain ID

MS SQL Database can be accessed using user domain id through Oracle Weblogic Server data source. This can be achieved using open source MS SQL driver JTDS. It can be downloaded from https://sourceforge.net/projects/jtds/files/jtds.

 PRE-CONFIGURATION STEPS:-

  • Download the open source JDBC driver for Microsoft SQL Server.
  • Unzip the jtds-1.3.1-dist.zip 
  • Copy jtds-1.3.1.jar to $DOMAIN_HOME/lib
  • Restart the servers
CONFIGURATION STEPS:-

  • Click on "Lock & Edit" under "Change Center"
  • On the Home Page, Click on "Data Source" under "Services"
  • Under "Configuration" tab, Click on "New", select "Generic Data Source". Give the Name & JNDI Name.For Database Type. Select "MS SQL Server".Click "Next"
 
  • Select "Other" for "Database Driver"
    Click "Next"

  • Select the "Transaction Options"
    Click "Next"
  • Provide "Database User Name" & "Password"
    Click "Next"

  • Driver Class Name: net.sourceforge.jtds.jdbc.Driver
    URL: jdbc:jtds:sqlserver://mysqldb.mycompany.com:1433/DB_NAME;domain=MYCOMPANY;USENTLMV2=TRUE
    Click on "Test Configuration"
    Click "Next"

  • Select Targets
    Click "Finish"
Posted by at 1 comment:

Connection Factory in Weblogic adapter disappear



Issue: Connection Factory in Weblogic adapter disappear

Description: When I am trying to create a new connection factory, it disappears when the adapter is updated and changes are activated in the weblogic console.

Error Message: In Admin log below message is seen
JNDI lookup of 'eis/DB/SOAXACP' failed due to: While trying to lookup 'eis.DB/SOAXACP' didn't find subcontext 'eis'. Resolved ''
javax.naming.NameNotFoundException: While trying to lookup 'eis.DB/SOAXACP' didn't find subcontext 'eis'. Resolved ''; remaining name 'eis/DB/SOAXACP'
        at weblogic.jndi.internal.BasicNamingNode.newNameNotFoundException(BasicNamingNode.java:1224)
        at weblogic.jndi.internal.BasicNamingNode.lookupHere(BasicNamingNode.java:268)
        at weblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:217)
        at weblogic.jndi.internal.BasicNamingNode.lookupIgnorePartition(BasicNamingNode.java:1503)

Cause: The issue is caused due to Plan.xml. It is either corrupted or belongs to different adapter (i.e. using jms adapter plan.xml to save db adapter connection factory)

Solution: Recreate a new Plan.xml and then try to add the new connection factory to it.
Posted by at No comments:

Tuesday, January 26, 2016

[EPM HYPERION 11.1.2.4] A 'Not Found' error occurred communicating with the server

ERROR:

After doing fresh installation and setup of EPM 11.1.2.4, getting below error when login on WORKSPACE.

A 'Not Found' error occurred communicating with the server.

 URI: http://localhost:19000/raframework/conf/ToolsConfig.xml

 Status: 404 - Not Found

 Content: text/html; charset=iso-8859-1
 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 <html><head>
 <title>404 Not Found</title>
 </head><body>
 <h1>Not Found</h1>
 <p>The requested URL /raframework/conf/ToolsConfig.xml was not found.</p>
 </body></html>

CAUSE:

OHS is not aware of context "raframework", hence it does not know where to forward the request.

SOLUTION:

Add the context to mod_wl_ohs.conf file as below:


cd $FMW_HOME/user_projects/epmsystem1/httpConfig/ohs/config/OHS/ohs_component
cp  mod_wl_ohs.conf mod_wl_ohs.conf.01282016
vi mod_wl_ohs.conf
Add below snippet at the end:--
<LocationMatch ^/raframework>
    SetHandler weblogic-handler
    WeblogicCluster localhost:9000
    WLIOTimeoutSecs 6000
    Idempotent OFF
    WLSocketTimeoutSecs 600
</LocationMatch>

Restart OHS:
cd $FMW_HOME/user_projects/epmsystem1/httpConfig/ohs/bin
/opmnctl stopall
/opmnctl startall


Try to login again on workspace.
Posted by at No comments:
Subscribe to: Posts (Atom)