Cloudera Hadoop 禁用Kerberos認證

cloudera CDH 禁用 kerberos

環(huán)境信息

  • 操作系統(tǒng)系統(tǒng):Centos7
  • JDK:1.7
  • CDH 版本:5.8.4
1,停止集群
2,修改參數(shù)
Zookeeper:
enableSecurity (Enable Kerberos Authentication)->FALSE

HDFS:
hadoop.security.authentication->Simple
hadoop.security.authorization->FALSE
dfs.datanode.address from 1004 (for Kerberos) to 50010 (default)
dfs.datanode.http.address from 1006 (for Kerberos) to 50075 (default)
Data Directory Permissions from 700 to 755

HBASE:
hbase.security.authentication->Simple
hbase.security.authorization->FALSE

Hue:
Kerberos Ticket Renewer->Delete role or stop role
3,刪除hbase znode,RsouceManager znode,zkfc znode(出現(xiàn)問題再執(zhí)行)
  1. Zookeeper->Configration->java Configuration Options for Zookeeper Server 添加-Dzookeeper.skipACL=yes(關(guān)閉zk的權(quán)限檢查)
  2. 重啟zookeeper服務
  3. 登錄zkcli:hbase zkcli
  4. 刪除hbase znode:rmr /hbase
  5. 刪除RM znode:rmr /rmstore/ZKRMStateRoot
  6. 刪除zkfc znode:rmr /hadoop-ha/nameservice-test1
  7. Zookeeper->Configration->java Configuration Options for Zookeeper Server 刪除-Dzookeeper.skipACL=yes
  8. 重啟zookeeper及相應服務

問題排查:

問題描述:

Diagnostics: Not able to initialize app directories in any of the configured local directories for app application_1497933181227_0003

解決方案:在nodemanager節(jié)點執(zhí)行:sudo rm -rf /hdfs/yarn/nm/usercache/(未啟用kerberos前目錄權(quán)限為yarn:yarn,啟用后變成dengsc:yarn,導致權(quán)限不兼容)

問題描述:

hmaster啟動失?。篊aused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /jpush-hbase/backup-masters/nfjd-hadoop-test01.jpushoa.com,60000,1497931699986

參考鏈接:https://www.zybuluo.com/xtccc/note/181910
http://community.cloudera.com/t5/Cloudera-Manager-Installation/Disabling-Kerberos-on-Cloudera-EXpress-5-5-1-HBase-issue/m-p/42482/highlight/true#M7622

解決方案:(1)Zookeeper添加參數(shù)(跳過zk目錄權(quán)限檢查): java Configuration Options for Zookeeper Server : -Dzookeeper.skipACL=yes (2)刪除zk元數(shù)據(jù)目錄:hbase zkcli;rmr /hbase

問題描述:

Resource Manager 啟動失?。篟MStateStore has been fenced,ResourceManager all standby.

解決方案:(1)Zookeeper: java Configuration Options for Zookeeper Server : -Dzookeeper.skipACL=yes (2)rmr /rmstore/ZKRMStateRoot
注:會丟失yarn應用執(zhí)行信息。

問題描述:

Failover Controller啟動失?。篣nable to start failover controller. Parent znode does not exist.
Run with -formatZK flag to initialize ZooKeeper.

解決方案:(1)Zookeeper: java Configuration Options for Zookeeper Server : -Dzookeeper.skipACL=yes (2)rmr /hadoop-ha/nameservice-test1 (3)重新deploy客戶端文件,確保nn主機core-site.xml中參數(shù)為simple方式訪問集群 (4)登錄namenode節(jié)點,執(zhí)行:hdfs zkfc -formatZK 重新格式化zkfc

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容