I'm a newbie to hdp and knox.
My HDP environment description:
HDP version - 2.6
HS2 is enabled
Hive transport mode - HTTP
Knox installed via ambari
SSL is not enabled
non Kerberized instance
Issue:
I'm trying to connect to HIVE via beeline. The connection string is "!connect jdbc:hive2://:8443/;transportMode=http;httpPath=gateway//hive". the user name : admin, password: admin-password. Its throws an an error : "18/06/18 08:17:39 [main]: ERROR jdbc.HiveConnection: Error opening session org.apache.thrift.transport.TTransportException: org.apache.http.NoHttpResponseException: :8443 failed to respond" and "Error: Could not establish connection to jdbc:hive2://:8443/;transportMode=http;httpPath=gateway//hive: org.apache.http.NoHttpResponseException: :8443 failed to respond (state=08S01,code=0)".
Things I've tired:
I've tried changing the httpPath with "cliserver", "gateway/default/hive" and they didn't work.
I've tried to changing the connection url with " !connect jdbc:hive2://:10001/default;transportMode=http; httpPath=cliservice;" it worked but as it doesn't server the purpose of knox. as I'm trying to use exposed hive port.
I appreciate if anyone can help me with detailed solution to this problem.
You need to specify trust store and trust store password. e.g.
{code}
beeline -u "jdbc:hive2://:8443/;ssl=true;sslTrustStore=/gateway.jks;trustStorePassword=;transportMode=http;httpPath=gateway/default/hive" -n admin -p admin-password
{code}
Here we are assuming you have demo ldap setup (not recommended for production).
Also, you need
Knox host
Knox truststore location (for HDP /var/lib/knox/data-x.x.x.x-xxxx/security/keystores/gateway.jks)
Truststore password (default knox)
The path should be gateway/default/hive
Hope it helps.
Related
I have configured the ZK Server to use SSL (signed cert, trust store,keystore, modified zookeeper.properties all setup done and good). Zookeeper starts and listens on the port 2182 for SSL requests and no errors in the zookeeper and kafka server logs.
#new properties added in kafka/config/zookeeper.properties
secureClientPort=2182
authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.trustStore.location=/path/to/ssl/kafka.zookeeper.truststore.jks
ssl.trustStore.password=serversecret
ssl.keyStore.location=/path/to/ssl/kafka.zookeeper.keystore.jks
ssl.keyStore.password=serversecret
ssl.clientAuth=need
Now to connect to secure zookeeper using ZK-CLI I am following similar approach. Create zk-client cert, get it signed, create truststore and keystore for the same. Create the properties file and trying to connect to ZK server but I get an error
Command not found: Command not found /path/to/ssl/zookeeper-client.properties
$ kafka/bin/zookeeper-shell.sh localhost:2182 -zk-tls-config-file /Users/path/to/ssl/zookeeper-client.properties
Connecting to localhost:2182
ZooKeeper -server host:port cmd args
addauth scheme auth
close
.....
Command not found: Command not found /Users/path/to/ssl/zookeeper-client.properties
My zookeeper-client.properties looks like this
$cat /Users/path/to/ssl/zookeeper-client.properties
#zookeeper.connect=localhost:2182
zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
zookeeper.ssl.client.enable=true
zookeeper.ssl.protocol=TLSv1.2
zookeeper.ssl.truststore.location=/Users/path/to/ssl/kafka.zookeeper-client.truststore.jks
zookeeper.ssl.truststore.password=serversecret
zookeeper.ssl.keystore.location=/Users/path/to/ssl/kafka.zookeeper-client.keystore.jks
zookeeper.ssl.keystore.password=serversecret
Kafka Server logs at the start of the ZK.
[2021-07-16 11:27:38,676] INFO binding to port 0.0.0.0/0.0.0.0:2181 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2021-07-16 11:27:43,760] INFO bound to port 2181 (org.apache.zookeeper.server.NettyServerCnxnFactory)
.....
[2021-07-16 11:27:43,819] INFO Using org.apache.zookeeper.server.NettyServerCnxnFactory as server connection factory (org.apache.zookeeper.server.ServerCnxnFactory)
[2021-07-16 11:27:43,819] INFO binding to port 0.0.0.0/0.0.0.0:2182 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2021-07-16 11:27:43,821] INFO bound to port 2182 (org.apache.zookeeper.server.NettyServerCnxnFactory)
...
When I try to connect to port 2182 with the zk-client the server logs doesn't show an entry (probably because it is not able to connect as the command to initiate connection fails)
I am using kafka_2.12 version and it has zookeeper-3.5.7
What am I missing here? To me configurations look as expected and the zk-cli shouldn't throw
Reference :
https://atsc.com.sg/docs/edp/7-security/zookeeper-mutual-tls/
https://docs.confluent.io/platform/current/security/zk-security.html
Thanks,
JE
I think the problem is that your cli is running from older version that does not yet support this parameter, check your execution path , are you truly executing from the "current" version?
Middleware: Oracle HTTP Server(OHS)
Version: 12.2.1.3
Configured Oracle HTTP Server(OHS) in standalone mode. Node manager is running perfectly. While starting "./startComponent.sh ohs1" i am getting the below error,
"""
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Error: Error occurred while performing nmConnect : Cannot connect to Node Manager. : Unrecognized SSL message, plaintext connection?
"""
The solution found in internet is to changing the SecureListener to false in Nodemanager properties file.
When i did that i got the below error,
"""
weblogic.nodemanager.NMConnectException: Connection refused (Connection refused). Could not connect to NodeManager. Check that it is running at localhost/XXX.0.X.X:XXXX.
Error: Error occurred while performing nmConnect : Cannot connect to Node Manager. : Connection refused (Connection refused). Could not connect to NodeManager. Check that it is running at localhost/XXX.0.X.X:XXXX.
"""
And the solution for this is Setting the SecureListener to true in node manager properties file.
I am confused. Can someone help in resolving these errors?
Installed Oracle Access Manager(OAM) and OHS on same machine, but installed OHS in Standalone mode in different folder. After that, uninstalled OHS and Installed OHS in the same folder where i installed OAM, It worked.
I am using the below mentioned connection URL to connect to hive server using beeline.
!connect
jdbc:hive2://sandbox.hortonworks.com:21000/default;ssl=true;sslTrustStore=/var/lib/knox/data-2.3.2.0-2950/security/keystores/gateway.jks;trustStorePassword=knox?hive.server2.transport.mode=http;httpPath=gateway/default/hive
After the connection I am getting below mentioned error.
Could not open client transport with JDBC Uri:
jdbc:hive2://sandbox.hortonworks.com:21000/default;ssl=true;sslTrustStore=/var/lib/knox/data-2.3.2.0-2950/security/keystores/gateway.jks;trustStorePassword=knox?hive.server2.transport.mode=http;httpPath=gateway/default/hive:
Could not create http connection to
jdbc:hive2://sandbox.hortonworks.com:21000/default;ssl=true;sslTrustStore=/var/lib/knox/data-2.3.2.0-2950/security/keystores/gateway.jks;trustStorePassword=knox?hive.server2.transport.mode=http;httpPath=gateway/default/hive.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection? (state=08S01,code=0)
Kindly help me to resolve this error.
There will be multiple reasons for getting this error.
Make sure Knox is running using ambari and Check which port number it is using. By default knox uses 8443
Check SSL store location is correct. It varies based on which version of sandbox you are using
Check trustStorePassword is correct. Default password is knox. Otherwise use your Knox master password.
Make sure hive configuration is set to hive.server2.transport.mode to http
After the configuration changes make sure that you restarted the knox gateway
Does anyone know why I am unable to connect to my server using the Notepad++ NppFTP plugin with SFTP?
I have a CentOS 6.4 server with SSH on port 22.
When I try and connect using NppFTP I get the following output:
[NppFTP] Everything initialized
Connecting
[SFTP] Connection failed : Error reading socket
Unable to connect
Disconnected
This used to work when I had my SSH port set to 3264 but when I changed the SSH port back to 22 NppFTP stopped working. All the settings for the profile are correct including the right IP, username, password and port (22).
I can connect with SFTP using FileZilla and WinSCP successfully with these same SFTP details and I can connect with SSH using PuTTY.
I can connect with SFTP to other servers using NppFTP so I believe there is an issue in my server config I'm just not sure where or what.
I looked at the access logs but found no attempt at a connection from NppFTP, I turned the firewall off and still nothing.
In the end I got in touch with my server company and it turns out it was a problem on their end. This is what they had to say:
"This was caused by an IPS rule inspecting the network packets coming into the infrastructure, which helps identify brute force attacks."
Very strange, but after they made the change NppFTP can now connect successfully.
Sorry but I am a newbie... I have checked other questions but nothing has worked and I am not great with SSH.
Followed the steps to connect to EC2 with SSH in Eclipse. Worked like a charm. Then I terminated the working server and started a new instance.
Now I can't connect and receive
RSEG1066 "Failed to connect sshd on server name" Auth failed
Also Port 22 is open ->
Port 22 (SSH) Source: 0.0.0.0/0
My SSH connection references the new hostname and I have applied my .pem file via rsa. Any thoughts? What else should I check?
Thank you.
Seems many people are having this problem with AWS when terminating an instance and launching a new instance. Here is what I did to solve the problem for me.
Terminated instance
Deleted key pair from AWS console
Deleted key pair from client
Launched a new instance
When prompted, used a different name for my key pair (.pem) file
Choose the default security group
Added SSH / Port 22 inbound access to the security group
Connected (with user *ubuntu* since I am using an ubunutu server)
And if using Eclipse RSE like the tutorial link in the original question, be sure to restart Eclipse before connecting.