Hive 迁移到HDP2.2后,Hue Beeswax/HCat不再工作(kerberos默认用户)
我几乎已经完成了我的安全HDP2.1到HDP2.2 hadoop集群的迁移。 一切似乎都正常(包括命令行中的蜂巢),但色调不同。 如果文件浏览器、作业浏览器、pig接口和oozie接口正在工作,则beeswax&webhcat接口的情况并非如此。 (注意:它们在迁移之前工作,使用相同的hue.ini文件) 我得到的错误是:Hive 迁移到HDP2.2后,Hue Beeswax/HCat不再工作(kerberos默认用户),hive,kerberos,hortonworks-data-platform,hue,Hive,Kerberos,Hortonworks Data Platform,Hue,我几乎已经完成了我的安全HDP2.1到HDP2.2 hadoop集群的迁移。 一切似乎都正常(包括命令行中的蜂巢),但色调不同。 如果文件浏览器、作业浏览器、pig接口和oozie接口正在工作,则beeswax&webhcat接口的情况并非如此。 (注意:它们在迁移之前工作,使用相同的hue.ini文件) 我得到的错误是: 无法启动SASL:SASL_客户端_启动中出错(-1)SASL(-1):一般故障:GSSAPI错误:未指定的GSS故障。次要代码可能提供更多信息(服务器krbtgt/LOCA
无法启动SASL:SASL_客户端_启动中出错(-1)SASL(-1):一般故障:GSSAPI错误:未指定的GSS故障。次要代码可能提供更多信息(服务器krbtgt/LOCALDOMAIN@HADOOP.DEV未在Kerberos数据库中找到)
thrift似乎正在尝试验证默认用户krbtgt/LOCALDOMAIN
,而不是配置的用户
我试图记录python文件中发生的事情,但没有看到它从何处获得默认用户:kerberos主体短名称是hive,启用了非音素化。色调和配置单元代理在hdfs conf文件中配置
完整的堆栈跟踪是:
[11/May/2015 06:10:40 +0000] access INFO 172.20.43.39 alinz - "GET /beeswax/ HTTP/1.0"
[11/May/2015 06:10:40 +0000] hive_server2_lib INFO use_sasl=True, mechanism=GSSAPI, kerberos_principal_short_name=hive, impersonation_enabled=True
[11/May/2015 06:10:40 +0000] thrift_util INFO Thrift exception; retrying: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database)
[11/May/2015 06:10:40 +0000] thrift_util INFO Thrift exception; retrying: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database)
[11/May/2015 06:10:40 +0000] thrift_util WARNING Out of retries for thrift call: OpenSession
[11/May/2015 06:10:40 +0000] thrift_util INFO Thrift saw a transport exception: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database)
[11/May/2015 06:10:40 +0000] middleware INFO Processing exception: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database) (code THRIFTTRANSPORT): TTransportException('Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database)',): Traceback (most recent call last):
File "/usr/lib/hue/build/env/lib/python2.6/site-packages/Django-1.2.3-py2.6.egg/django/core/handlers/base.py", line 100, in get_response
response = callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 69, in index
return execute_query(request)
File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 526, in execute_query
databases = _get_db_choices(request)
File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 1849, in _get_db_choices
dbs = _get_databases(request)
File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 1844, in _get_databases
dbs = db.get_databases()
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/dbms.py", line 110, in get_databases
return self.client.get_databases()
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 746, in get_databases
return [table[col] for table in self._client.get_databases()]
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 445, in get_databases
res = self.call(self._client.GetSchemas, req)
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 408, in call
session = self.open_session(self.user)
File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 382, in open_session
res = self._client.OpenSession(req)
File "/usr/lib/hue/desktop/core/src/desktop/lib/thrift_util.py", line 329, in wrapper
raise StructuredThriftTransportException(e, error_code=502)
StructuredThriftTransportException: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database) (code THRIFTTRANSPORT): TTransportException('Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database)',)
我有一个krbtgt/HADOOP。DEV@HADOOP.DEV
ticket但没有krbtgt/LOCALDOMAIN@HADOOP.DEV
;也许这就是问题的原因
Kerberos日志文件为:
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database
5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于配置单元/本地主机。localdomain@HADOOP.DEV,在Kerberos数据库中找不到服务器
5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于krbtgt/LOCALDOMAIN@HADOOP.DEV,在Kerberos数据库中找不到服务器
5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于配置单元/本地主机。localdomain@HADOOP.DEV,在Kerberos数据库中找不到服务器
5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于krbtgt/LOCALDOMAIN@HADOOP.DEV,在Kerberos数据库中找不到服务器
5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于配置单元/本地主机。localdomain@HADOOP.DEV,在Kerberos数据库中找不到服务器
5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于krbtgt/LOCALDOMAIN@HADOOP.DEV,在Kerberos数据库中找不到服务器
在我看来,我在conf的某个地方遗漏了一个默认主机名,但找不到它的文档条目。好的,找到了(必须调试完整的python堆栈才能理解)。
它不是真正的广告,但一些hue.ini
参数名称已更改:
-->蜂蜡服务器主机
蜂巢服务器主机
-->蜂蜡服务器端口
蜂巢服务器端口
它将
hive\u server\u host
默认为localhost
,这在安全群集上是不正确的。您的配置中有没有使用过单词LOCALDOMAIN?hadoop conf文件中没有。但是,我的etc/host127.0.0.1 localhost.localdomain localhost
,这是限定localhost的标准方法。
Ticket cache: FILE:/tmp/hue_krb5_ccache
Default principal: hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV
Valid starting Expires Service principal
05/11/15 15:10:34 05/12/15 15:10:34 krbtgt/HADOOP.DEV@HADOOP.DEV
renew until 05/11/15 15:10:34, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
05/11/15 15:49:52 05/12/15 15:10:34 HTTP/bt1svlmy.bpa.bouyguestelecom.fr@
renew until 05/11/15 15:10:34, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
05/11/15 15:49:52 05/12/15 15:10:34 HTTP/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV
renew until 05/11/15 15:10:34, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database
May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database