• troubleshooting-Kerberos 鉴权异常


    ERROR transport.TSaslTransport: SASL negotiation failure
    javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

    解决办法

    添加 keberos鉴权。
    1)生成 keytab 密码文件(只能使用 kerberos admin 用户
    kadmin.local
    xst -norandkey -k chen.keytab chenweidong@HADOOP.COM
    2)Shell脚本增加这行命令
    kinit -kt chen.keytab chenweidong@HADOOP.COM
    3)Hue WebUI添加keytab密码文件
    <workflow-app name="user_bank" xmlns="uri:oozie:workflow:0.5">
    <start to="shell-bcd1"/>
    <kill name="Kill">
    <message>Action failed, error message[${wf:errorMessage(wf:lastErrorNode())}]</message>
    </kill>
    <action name="shell-bcd1">
    <shell xmlns="uri:oozie:shell-action:0.1">
    <job-tracker>${jobTracker}</job-tracker>
    <name-node>${nameNode}</name-node>
    <exec>/user/chenweidong/s_base.sh</exec>
    <argument>user_bank</argument>
    <file>/user/chenweidong/s_base.sh#s_base.sh</file>
    <file>/user/chenweidong/chen.keytab#chen.keytab</file>
    <capture-output/>
    </shell>
    <ok to="End"/>
    <error to="Kill"/>
    </action>
    <end name="End"/>
    </workflow-app>

    注:Kerberos 常用命令   

    异常日志

    18/09/12 16:28:17 INFO hive.metastore: Trying to connect to metastore with URI thrift://master.prodcdh.com:9083
    18/09/12 16:28:17 ERROR transport.TSaslTransport: SASL negotiation failure
    javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
    at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
    at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
    at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
    at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
    at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1685)
    at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
    at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:532)
    at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:297)
    at org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient.<init>(SessionHiveMetaStoreClient.java:70)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at org.apache.hadoop.hive.metastore.MetaStoreUtils.newInstance(MetaStoreUtils.java:1700)
    at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.<init>(RetryingMetaStoreClient.java:80)
    at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:130)
    at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:101)
    at org.apache.hadoop.hive.ql.metadata.Hive.createMetaStoreClient(Hive.java:3554)
    at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:3606)
    at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:3586)
    at org.apache.hadoop.hive.ql.metadata.Hive.getAllFunctions(Hive.java:3840)
    at org.apache.hadoop.hive.ql.metadata.Hive.reloadFunctions(Hive.java:246)
    at org.apache.hadoop.hive.ql.metadata.Hive.registerAllFunctionsOnce(Hive.java:229)
    at org.apache.hadoop.hive.ql.metadata.Hive.<init>(Hive.java:386)
    at org.apache.hadoop.hive.ql.metadata.Hive.create(Hive.java:330)
    at org.apache.hadoop.hive.ql.metadata.Hive.getInternal(Hive.java:310)
    at org.apache.hadoop.hive.ql.metadata.Hive.get(Hive.java:286)
    at org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer.createHiveDB(BaseSemanticAnalyzer.java:228)
    at org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer.<init>(BaseSemanticAnalyzer.java:207)
    at org.apache.hadoop.hive.ql.parse.SemanticAnalyzer.<init>(SemanticAnalyzer.java:359)
    at org.apache.hadoop.hive.ql.parse.SemanticAnalyzerFactory.get(SemanticAnalyzerFactory.java:304)
    at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:537)
    at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1347)
    at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1480)
    at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1267)
    at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1257)
    at org.apache.hadoop.hive.cli.CliDriver.processLocalCmd(CliDriver.java:239)
    at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:187)
    at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:409)
    at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:342)
    at org.apache.hadoop.hive.cli.CliDriver.processReader(CliDriver.java:489)
    at org.apache.hadoop.hive.cli.CliDriver.processFile(CliDriver.java:505)
    at org.apache.hadoop.hive.cli.CliDriver.executeDriver(CliDriver.java:808)
    at org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:774)
    at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:701)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.sqoop.hive.HiveImport.executeScript(HiveImport.java:341)
    at org.apache.sqoop.hive.HiveImport.importTable(HiveImport.java:246)
    at org.apache.sqoop.tool.ImportTool.importTable(ImportTool.java:543)
    at org.apache.sqoop.tool.ImportTool.run(ImportTool.java:634)
    at org.apache.sqoop.Sqoop.run(Sqoop.java:145)
    at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76)
    at org.apache.sqoop.Sqoop.runSqoop(Sqoop.java:181)
    at org.apache.sqoop.Sqoop.runTool(Sqoop.java:232)
    at org.apache.sqoop.Sqoop.runTool(Sqoop.java:241)
    at org.apache.sqoop.Sqoop.main(Sqoop.java:250)
    Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
    at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
    at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
    at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
    at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
    at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
    ... 62 more
    18/09/12 16:28:17 WARN hive.metastore: Failed to connect to the MetaStore Server...
    18/09/12 16:28:17 INFO hive.metastore: Waiting 1 seconds before next connection attempt.
    18/09/12 16:28:18 INFO hive.metastore: Trying to connect to metastore with URI thrift://master.prodcdh.com:9083
    18/09/12 16:28:18 ERROR transport.TSaslTransport: SASL negotiation failure
    javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
    at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
    at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)

  • 相关阅读:
    手误【删库】 == 跑路,不存在的 Linux回收站
    大规模集群全网数据备份解决方案
    宝塔Nginx配置防盗链
    Markdown语法
    QFtp编程模型(二)
    Ubuntu驱动程序开发6-Linux内核启动与程序烧写
    Ubuntu下TFTP、NFS和SSH服务搭建
    ubuntu环境变量的三种设置方式
    QByteArray详解
    mysql的索引下推理解和实践
  • 原文地址:https://www.cnblogs.com/chwilliam85/p/9693224.html
Copyright © 2020-2023  润新知