问题描述
zeppelin 0.9.0 不适用于 Kerberos
我在 zeppelin-site.xml 中添加了“zeppelin.server.kerberos.keytab”和“zeppelin.server.kerberos.principal”
但我总是收到错误“客户端无法通过以下方式进行身份验证:[TOKEN,KERBEROS];主机详细信息:本地主机是:“bigdser5/10.3.87.27”;目标主机是:“bigdser1”:8020;"
并在spark解释器中添加“spark.yarn.keytab”、“spark.yarn.principal”,目前还不行。
在我的可与 Kerberos 一起使用的 spark-shell 中
我的 kerberos 步骤
1.admin.local -q "addprinc jzyc/hadoop"
-
kadmin.local -q "xst -k jzyc.keytab jzyc/hadoop@JJKK.COM"
-
复制 jzyc.keytab 到其他服务器
-
kinit -kt jzyc.keytab jzyc/hadoop@JJKK.COM
在我的 livy 中,我收到错误“javax.servlet.servletexception: org.apache.hadoop.security.authentication.client.AuthenticationException: javax.security.auth.login.LoginException: No key to store"
解决方法
INFO [2021-04-15 16:44:46,522] ({dispatcher-event-loop-1} Logging.scala[logInfo]:57) - Got an error when resolving hostNames. Falling back to /default-rack for all
INFO [2021-04-15 16:44:46,561] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Attempting to login to KDC using principal: jzyc/bigdser4@JOIN.COM
INFO [2021-04-15 16:44:46,574] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Successfully logged into KDC.
INFO [2021-04-15 16:44:47,124] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - getting token for: DFS[DFSClient[clientName=DFSClient_NONMAPREDUCE_1346508100_40,ugi=jzyc/bigdser4@JOIN.COM (auth:KERBEROS)]] with renewer yarn/bigdser1@JOIN.COM
INFO [2021-04-15 16:44:47,265] ({FIFOScheduler-interpreter_1099886208-Worker-1} DFSClient.java[getDelegationToken]:700) - Created token for jzyc: HDFS_DELEGATION_TOKEN owner=jzyc/bigdser4@JOIN.COM,renewer=yarn,realUser=,issueDate=1618476287222,maxDate=1619081087222,sequenceNumber=171,masterKeyId=21 on ha-hdfs:nameservice1
INFO [2021-04-15 16:44:47,273] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - getting token for: DFS[DFSClient[clientName=DFSClient_NONMAPREDUCE_1346508100_40,ugi=jzyc/bigdser4@JOIN.COM (auth:KERBEROS)]] with renewer jzyc/bigdser4@JOIN.COM
INFO [2021-04-15 16:44:47,278] ({FIFOScheduler-interpreter_1099886208-Worker-1} DFSClient.java[getDelegationToken]:700) - Created token for jzyc: HDFS_DELEGATION_TOKEN owner=jzyc/bigdser4@JOIN.COM,renewer=jzyc,issueDate=1618476287276,maxDate=1619081087276,sequenceNumber=172,331] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Renewal interval is 86400051 for token HDFS_DELEGATION_TOKEN
INFO [2021-04-15 16:44:47,492] ({dispatcher-event-loop-0} Logging.scala[logInfo]:57) - Got an error when resolving hostNames. Falling back to /default-rack for all
INFO [2021-04-15 16:44:47,493] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Scheduling renewal in 18.0 h.
INFO [2021-04-15 16:44:47,494] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Updating delegation tokens.
INFO [2021-04-15 16:44:47,521] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Updating delegation tokens for current user.
INFO [2021-04-23 11:49:29,658] ({qtp1640639994-103} ManagedInterpreterGroup.java[getOrCreateSession]:180) - 在 InterpreterGroup 中创建会话:shared_session:md-shared_process 用户:匿名 INFO [2021-04-23 11:49:29,659] ({qtp1640639994-103} InterpreterSetting.java[getOrCreateInterpreterGroup]:453) - 使用 groupId 创建 InterpreterGroup: spark-shared_process for ExecutionContext{user note='anonymous',UV ',interpreterGroupId='null',defaultInterpreterGroup='spark',inIsolatedMode=false,startTime=} 信息 [2021-04-23 11:49:29,659] ({qtp1640639994-103} InterpreterSetting.java[createInterpreters]:823) - 解释器 org.apache.zeppelin.spark.SparkInterpreter 为用户创建:匿名会话:shared_session >
但我启用了 shiro.ini
,在 spark.jars 中
你需要 hdfs://bigdser1:8020/sparklib/tispark-assembly-2.3.14.jar
不是
hdfs://bigdser1:8020/sparklib/*