Hi,
I'd like to ask for a help with Oozie Hive2 action on HDP-2.3.4.0 cluster with Oozie 4.2.0.2.3 installed and with enabled security over Kerberos. Oozie job always ends up with following exception: HiveSQLException: Delegation token only supported over kerberos authentication. We have HiveServer2 configured with hive.server2.transport.mode=http, hive.server2.thrift.http.path=cliservice and hive.server2.thrift.http.port=10001. I'm not sure if I do something wrong or if this configuration is even supported but when we switch back HS2 transport mode to binary it works. Any kind of help is welcome. Exception stack trace (from HS2 log): 2016-08-25 11:01:23,337 ERROR [HiveServer2-HttpHandler-Pool: Thread-38]: thrift.ThriftCLIService (ThriftCLIService.java:GetDelegationToken(237)) - Error obtaining delegation token org.apache.hive.service.cli.HiveSQLException: Delegation token only supported over kerberos authentication at org.apache.hive.service.auth.HiveAuthFactory.getDelegationToken(HiveAuthFactory.java:283) at org.apache.hive.service.cli.session.HiveSessionImplwithUGI.getDelegationToken(HiveSessionImplwithUGI.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78) at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36) at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657) at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59) at com.sun.proxy.$Proxy20.getDelegationToken(Unknown Source) at org.apache.hive.service.cli.CLIService.getDelegationToken(CLIService.java:484) at org.apache.hive.service.cli.thrift.ThriftCLIService.GetDelegationToken(ThriftCLIService.java:231) at org.apache.hive.service.cli.thrift.TCLIService$Processor$GetDelegationToken.getResult(TCLIService.java:1573) at org.apache.hive.service.cli.thrift.TCLIService$Processor$GetDelegationToken.getResult(TCLIService.java:1558) at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) at org.apache.thrift.server.TServlet.doPost(TServlet.java:83) at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:171) Here is my workflow.xml content: <workflow-app xmlns="uri:oozie:workflow:0.5" name="HIVE2 HTTP Kerberos Test"> <global> <job-tracker>myrmaddress:8050</job-tracker> <name-node>hdfs://mynnaddress:8020/</name-node> </global> <credentials> <credential name="hive2creds" type="hive2"> <property> <name>hive2.jdbc.url</name> <value>jdbc:hive2://myhiveserver:10001/;sasl.qop=auth-conf;transportMode=http;httpPath=cliservice</value> </property> <property> <name>hive2.server.principal</name> <value>hive/myhiveserver@mydomain</value> </property> </credential> </credentials> <start to="MyHiveAction"/> <action cred="hive2creds" name=" MyHiveAction "> <hive2 xmlns="uri:oozie:hive2-action:0.1"> <jdbc-url> jdbc:hive2://myhiveserver:10001/;sasl.qop=auth-conf;transportMode=http;httpPath=cliservice </jdbc-url> <script>script.hql</script> </hive2> <ok to="end"/> <error to="fail"/> </action> <kill name="fail"> <message>Action failed, error message[${wf:errorMessage(wf:lastErrorNode())}] </message> </kill> <end name="end"/> </workflow-app> Jiří Kaplan Software Developer Dell | R&D Database Management, EMEA [dell_software]