Fatal编程技术网
  • hive/
  • Hive 迁移到HDP2.2后,Hue Beeswax/HCat不再工作(kerberos默认用户)

Hive 迁移到HDP2.2后,Hue Beeswax/HCat不再工作(kerberos默认用户)

hive

Hive 迁移到HDP2.2后,Hue Beeswax/HCat不再工作(kerberos默认用户),hive,kerberos,hortonworks-data-platform,hue,Hive,Kerberos,Hortonworks Data Platform,Hue,我几乎已经完成了我的安全HDP2.1到HDP2.2 hadoop集群的迁移。 一切似乎都正常(包括命令行中的蜂巢),但色调不同。 如果文件浏览器、作业浏览器、pig接口和oozie接口正在工作,则beeswax&webhcat接口的情况并非如此。 (注意:它们在迁移之前工作,使用相同的hue.ini文件) 我得到的错误是: 无法启动SASL:SASL_客户端_启动中出错(-1)SASL(-1):一般故障:GSSAPI错误:未指定的GSS故障。次要代码可能提供更多信息(服务器krbtgt/LOCA

我几乎已经完成了我的安全HDP2.1到HDP2.2 hadoop集群的迁移。 一切似乎都正常(包括命令行中的蜂巢),但色调不同。 如果文件浏览器、作业浏览器、pig接口和oozie接口正在工作,则beeswax&webhcat接口的情况并非如此。 (注意:它们在迁移之前工作,使用相同的hue.ini文件)

我得到的错误是: 
无法启动SASL:SASL_客户端_启动中出错(-1)SASL(-1):一般故障:GSSAPI错误:未指定的GSS故障。次要代码可能提供更多信息(服务器krbtgt/LOCALDOMAIN@HADOOP.DEV未在Kerberos数据库中找到)

thrift似乎正在尝试验证默认用户
krbtgt/LOCALDOMAIN
,而不是配置的用户

我试图记录python文件中发生的事情,但没有看到它从何处获得默认用户:kerberos主体短名称是hive,启用了非音素化。色调和配置单元代理在hdfs conf文件中配置

完整的堆栈跟踪是:

[11/May/2015 06:10:40 +0000] access INFO 172.20.43.39 alinz - "GET /beeswax/ HTTP/1.0" [11/May/2015 06:10:40 +0000] hive_server2_lib INFO use_sasl=True, mechanism=GSSAPI, kerberos_principal_short_name=hive, impersonation_enabled=True [11/May/2015 06:10:40 +0000] thrift_util INFO Thrift exception; retrying: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database) [11/May/2015 06:10:40 +0000] thrift_util INFO Thrift exception; retrying: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database) [11/May/2015 06:10:40 +0000] thrift_util WARNING Out of retries for thrift call: OpenSession [11/May/2015 06:10:40 +0000] thrift_util INFO Thrift saw a transport exception: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database) [11/May/2015 06:10:40 +0000] middleware INFO Processing exception: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database) (code THRIFTTRANSPORT): TTransportException('Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database)',): Traceback (most recent call last): File "/usr/lib/hue/build/env/lib/python2.6/site-packages/Django-1.2.3-py2.6.egg/django/core/handlers/base.py", line 100, in get_response response = callback(request, *callback_args, **callback_kwargs) File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 69, in index return execute_query(request) File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 526, in execute_query databases = _get_db_choices(request) File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 1849, in _get_db_choices dbs = _get_databases(request) File "/usr/lib/hue/apps/beeswax/src/beeswax/views.py", line 1844, in _get_databases dbs = db.get_databases() File "/usr/lib/hue/apps/beeswax/src/beeswax/server/dbms.py", line 110, in get_databases return self.client.get_databases() File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 746, in get_databases return [table[col] for table in self._client.get_databases()] File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 445, in get_databases res = self.call(self._client.GetSchemas, req) File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 408, in call session = self.open_session(self.user) File "/usr/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 382, in open_session res = self._client.OpenSession(req) File "/usr/lib/hue/desktop/core/src/desktop/lib/thrift_util.py", line 329, in wrapper raise StructuredThriftTransportException(e, error_code=502) StructuredThriftTransportException: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database) (code THRIFTTRANSPORT): TTransportException('Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/LOCALDOMAIN@HADOOP.DEV not found in Kerberos database)',) 我有一个
krbtgt/HADOOP。DEV@HADOOP.DEV
ticket但没有
krbtgt/LOCALDOMAIN@HADOOP.DEV
;也许这就是问题的原因

Kerberos日志文件为:

May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database 5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于配置单元/本地主机。localdomain@HADOOP.DEV,在Kerberos数据库中找不到服务器 5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于krbtgt/LOCALDOMAIN@HADOOP.DEV,在Kerberos数据库中找不到服务器 5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于配置单元/本地主机。localdomain@HADOOP.DEV,在Kerberos数据库中找不到服务器 5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于krbtgt/LOCALDOMAIN@HADOOP.DEV,在Kerberos数据库中找不到服务器 5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于配置单元/本地主机。localdomain@HADOOP.DEV,在Kerberos数据库中找不到服务器 5月11日16:12:35 bt1svlmy krb5kdc[12636](信息):TGS_REQ(4个etypes{18 17 16 23})172.19.115.50:未知的_服务器:authtime 0,hue/bt1svlmy.bpa.bouyguestelecom。fr@HADOOP.DEV对于krbtgt/LOCALDOMAIN@HADOOP.DEV,在Kerberos数据库中找不到服务器 在我看来,我在conf的某个地方遗漏了一个默认主机名,但找不到它的文档条目。

好的,找到了(必须调试完整的python堆栈才能理解)。 它不是真正的广告,但一些
hue.ini
参数名称已更改:

  • 蜂蜡服务器主机
    -->
    蜂巢服务器主机
  • 蜂蜡服务器端口
    -->
    蜂巢服务器端口
它将
hive\u server\u host
默认为
localhost
,这在安全群集上是不正确的。

您的配置中有没有使用过单词LOCALDOMAIN?hadoop conf文件中没有。但是,我的etc/host
127.0.0.1 localhost.localdomain localhost
,这是限定localhost的标准方法。 Ticket cache: FILE:/tmp/hue_krb5_ccache Default principal: hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV Valid starting Expires Service principal 05/11/15 15:10:34 05/12/15 15:10:34 krbtgt/HADOOP.DEV@HADOOP.DEV renew until 05/11/15 15:10:34, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 05/11/15 15:49:52 05/12/15 15:10:34 HTTP/bt1svlmy.bpa.bouyguestelecom.fr@ renew until 05/11/15 15:10:34, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 05/11/15 15:49:52 05/12/15 15:10:34 HTTP/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV renew until 05/11/15 15:10:34, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for hive/localhost.localdomain@HADOOP.DEV, Server not found in Kerberos database May 11 16:12:35 bt1svlmy krb5kdc[12636](info): TGS_REQ (4 etypes {18 17 16 23}) 172.19.115.50: UNKNOWN_SERVER: authtime 0, hue/bt1svlmy.bpa.bouyguestelecom.fr@HADOOP.DEV for krbtgt/LOCALDOMAIN@HADOOP.DEV, Server not found in Kerberos database