hdfs开启kerberos之后,namenode报错,连不上journalnode
2019-03-15 18:54:46,504 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:hdfs/server-03.bj@TEST.COM (auth:KERBEROS) cause:org.apache.hadoop.ipc.RemoteException(javax.securi ty.sasl.SaslException): GSS initiate failed 2019-03-15 18:54:46,505 WARN org.apache.hadoop.ipc.Client: Couldn't setup connection for hdfs/server-03.bj@TEST.COM to server-02.bj/192.168.0.1:8485 org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:378) at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:594) at org.apache.hadoop.ipc.Client$Connection.access$2000(Client.java:396) at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:761) at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:757) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1924) at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:756) at org.apache.hadoop.ipc.Client$Connection.access$3000(Client.java:396) at org.apache.hadoop.ipc.Client.getConnection(Client.java:1557) at org.apache.hadoop.ipc.Client.call(Client.java:1480) at org.apache.hadoop.ipc.Client.call(Client.java:1441) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:231) at com.sun.proxy.$Proxy19.getEditLogManifest(Unknown Source) at org.apache.hadoop.hdfs.qjournal.protocolPB.QJournalProtocolTranslatorPB.getEditLogManifest(QJournalProtocolTranslatorPB.java:245) at org.apache.hadoop.hdfs.qjournal.client.IPCLoggerChannel$13.call(IPCLoggerChannel.java:556) at org.apache.hadoop.hdfs.qjournal.client.IPCLoggerChannel$13.call(IPCLoggerChannel.java:553) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
journalnode也有报错:
2019-03-15 20:21:01,014 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 8485: readAndProcess from client 192.168.0.56 threw exception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]
这个是因为jce的问题,下载地址
https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
下载之后解压得到
# ls -l UnlimitedJCEPolicyJDK8/ total 16 -rw-rw-r-- 1 root root 3035 Dec 21 2013 local_policy.jar -rw-r--r-- 1 root root 7323 Dec 21 2013 README.txt -rw-rw-r-- 1 root root 3023 Dec 21 2013 US_export_policy.jar
拷贝至jre对应目录
# cp UnlimitedJCEPolicyJDK8/*.jar $JAVA_HOME/jre/lib/security
然后重启hdfs即可