FW: connections issues of presto to tableau using Terdata ODBC driver

Presto
Enthusiast

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

 I tried to install Presto from Teradata but I'm not able to connect to hive. I used server and copied new presto-cli jar file.

 

I tried to use different settings for hive.security=legacy|read-only|file and I'm not able to select from table or show tables. 

 

>> com.facebook.presto.spi.security.AccessDeniedException: Access Denied: Cannot select from table information_schema.tables

>> com.facebook.presto.spi.security.AccessDeniedException: Access Denied: Cannot select from table default.x

 

While everything was fine with vanilla build (I have two installation on a single host shared the same etc config).

And I did not find any difference in catalog/config/node configuration between vanilla build and Teradata build. 

Teradata Employee

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

Hi there,

 

Can you share your configuration files, such as hive.properties, jvm.config (and any other configuration files that you have added)? Do you see the "Access Denied" error from both, Presto CLI and the ODBC driver? It would also help to get the full stack trace (for ex., --debug on the CLI. Or refer to the documentation for turning on logging when using ODBC driver.)

By default, hive.security is set to "legacy", in which case, no authorization checks are enforced. So you should be able to query Hive tables.

 

 

 

 

 

 

Also, another thing to try would be to try connecting to Hive without LDAP authentication first, to check if that works.

 

Amruta

Teradata Employee

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

Correction: when hive.security=legacy, very few authorization checks are enforced (and they are for dropping a table, renaming a table/column, adding a colum). Reading from a table or showing tables is allowed in this mode. So the queries you are trying to run should go through.

Enthusiast

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

Hi amrutag,

 

I simplified setup as much as possible. Single node, no LDAP

 

here is hive.props:

connector.name=hive-hadoop2
hive.metastore.uri=thrift://<host>:9083
hive.config.resources=/etc/hadoop/2.5.0.0-1245/0/core-site.xml,/etc/hadoop/2.5.0.0-1245/0/hdfs-site.xml

hive.storage-format=ORC
hive.compression-codec=SNAPPY

hive.metastore.authentication.type=KERBEROS
hive.metastore.service.principal=hive/_HOST@< DOMAIN >
hive.metastore.client.principal=presto/_HOST@< DOMAIN >
hive.metastore.client.keytab=/etc/security/keytabs/presto.service.keytab

hive.hdfs.authentication.type=KERBEROS
hive.hdfs.presto.principal=presto/_HOST@< DOMAIN >
hive.hdfs.presto.keytab=/etc/security/keytabs/presto.service.keytab
#hive.hdfs.impersonation.enabled=true


hive.allow-rename-table=true
hive.allow-drop-table=true
hive.security=legacy

 

config.props:

coordinator=true
node-scheduler.include-coordinator=true

query.max-memory=20GB
query.max-memory-per-node=20GB

discovery-server.enabled=true
discovery.uri=http://<host>:8080
http-server.http.port=8080

 

stack trace from log file (I tried to run "show tables")

2017-04-19T09:27:05.374+0100 DEBUG query-execution-0 com.facebook.presto.execution.QueryStateMachine Query 20170419_082705_00002_awbhb is PLANNING
2017-04-19T09:27:05.376+0100 DEBUG query-execution-0 com.facebook.presto.execution.QueryStateMachine Query 20170419_082705_00002_awbhb is FAILED
2017-04-19T09:27:05.376+0100 DEBUG Query-20170419_082705_00002_awbhb-211 com.facebook.presto.execution.QueryStateMachine Query 20170419_082705_00002_awbhb failed
com.facebook.presto.spi.security.AccessDeniedException: Access Denied: Cannot show tables in default
at com.facebook.presto.spi.security.AccessDeniedException.denyShowTables(AccessDeniedException.java:129)
at com.facebook.presto.spi.security.AccessDeniedException.denyShowTables(AccessDeniedException.java:124)
at com.facebook.presto.spi.connector.ConnectorAccessControl.checkCanShowTables(ConnectorAccessControl.java:152)
at com.facebook.presto.security.AccessControlManager.lambda$checkCanShowTables$16(AccessControlManager.java:289)
at com.facebook.presto.security.AccessControlManager.authorizationCheck(AccessControlManager.java:718)
at com.facebook.presto.security.AccessControlManager.checkCanShowTables(AccessControlManager.java:289)
at com.facebook.presto.sql.rewrite.ShowQueriesRewrite$Visitor.visitShowTables(ShowQueriesRewrite.java:191)
at com.facebook.presto.sql.rewrite.ShowQueriesRewrite$Visitor.visitShowTables(ShowQueriesRewrite.java:154)
at com.facebook.presto.sql.tree.ShowTables.accept(ShowTables.java:64)
at com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)
at com.facebook.presto.sql.rewrite.ShowQueriesRewrite.rewrite(ShowQueriesRewrite.java:151)
at com.facebook.presto.sql.rewrite.StatementRewrite.rewrite(StatementRewrite.java:52)
at com.facebook.presto.sql.analyzer.Analyzer.analyze(Analyzer.java:68)
at com.facebook.presto.sql.analyzer.Analyzer.analyze(Analyzer.java:63)
at com.facebook.presto.execution.SqlQueryExecution.doAnalyzeQuery(SqlQueryExecution.java:296)
at com.facebook.presto.execution.SqlQueryExecution.analyzeQuery(SqlQueryExecution.java:282)
at com.facebook.presto.execution.SqlQueryExecution.start(SqlQueryExecution.java:238)
at com.facebook.presto.execution.QueuedExecution.lambda$start$1(QueuedExecution.java:63)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

 

thanks

 

PS. please not that vanilla Presto is fine.

Teradata Employee

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

Thanks for sharing the configuration files.  

 

Even though you turned off LDAP, looks like you have enabled properties related Kerberos authentication. Is this intentional? Are you using a kerberized Hadoop cluster for connection? Unless you are, connection won't succeed when you have Kerberos related properties. If you don't intend to authenticate via Kerberos, can you remove the following properties from hive.properties file, and try connecting again?

 

hive.metastore.authentication.type=KERBEROS
hive.metastore.service.principal=hive/_HOST@< DOMAIN >
hive.metastore.client.principal=presto/_HOST@< DOMAIN >
hive.metastore.client.keytab=/etc/security/keytabs/presto.service.keytab

hive.hdfs.authentication.type=KERBEROS
hive.hdfs.presto.principal=presto/_HOST@< DOMAIN >
hive.hdfs.presto.keytab=/etc/security/keytabs/presto.service.keytab
#hive.hdfs.impersonation.enabled=true

 

Amruta

Enthusiast

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

I'm running kerberized cluster.

 

Can I point again that with this settings I'm able to connect to Hive using vanilla Presto? So setting  itself is fine unless there should be some additional parameters.

Teradata Employee

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

Which user owns the keytab file /etc/security/keytabs/presto.service.keytab? What version of Presto are you using? Can you confirm if you tried using the presto-cli?

 

 

Enthusiast

Re: FW: connections issues of presto to tableau using Terdata ODBC driver

1) presto user owns keytab; presto server is running under presto user

2) vanilla - 167, teradata - latest

3) I did