kerberos hbase zookeeper失败

bvjveswy  于 2021-05-29  发布在  Hadoop
关注(0)|答案(1)|浏览(615)

我正在尝试kerberise我的hbase集群,而zookeeper出现了一些问题。启动hbase时,主日志中出现以下错误:

ERROR [main-SendThread(X.X.X.X:2181)] client.ZooKeeperSaslClient: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. Zookeeper Client will go to AUTH_FAILED state.

ERROR [main-SendThread(X.X.X.X:2181)] zookeeper.ClientCnxn: SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. Zookeeper Client will go to AUTH_FAILED state.

DEBUG [main-EventThread] zookeeper.ZKWatcher: master:16000-0x16c236187be0000, quorum=Y.Y.Y.Y:2181,X.X.X.X:2181, baseZNode=/hbase Received ZooKeeper Event, type=None, state=AuthFailed, path=null
DEBUG [main] zookeeper.ZooKeeper: Close called on already closed client

在Zookeeper日志上,我得到:

WARN  [QuorumPeer[myid=0]/0:0:0:0:0:0:0:0:2181] quorum.Learner: Unexpected exception, tries=0, connecting to /X.X.X.X:2888
java.net.ConnectException: Connection refused (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)
        at org.apache.zookeeper.server.quorum.Learner.connectToLeader(Learner.java:229)
        at org.apache.zookeeper.server.quorum.Follower.followLeader(Follower.java:71)
        at org.apache.zookeeper.server.quorum.QuorumPeer.run(QuorumPeer.java:937)

我验证了我的防火墙,端口是打开的
对于配置,我遵循了hbase参考指南:
http://hbase.apache.org/book.html#zk.sasl.auth
一开始我认为我的keytab有问题,但是hadoop可以很好地使用它。
我运行hbase 2.0.5和hadoop3.1.2,zookeeper是hbase提供的。

dhxwm5r4

dhxwm5r41#

在@samsonscharfrichter的评论之后,我尝试了一些方法:
我已经在/etc/hosts中创建并指定了服务器的fqdn,并修改了配置以反映此更改。
已更改fqdn的服务器主机名
尝试查找我的主机名,但无法运行,因为它们是在/etc/hosts中指定的
它什么都没做,我还是会出错。我猜kerberos试图在我的公共nic上搜索dns,而不是在我的私有nic上。我不知道为什么很难找到我的服务器,因为hadoop绝对没有问题。
编辑-我在我的网络上设置了一个私有dns。dns工作得很好,仍然得到错误。我要放弃了
编辑2-我在有错误的节点上安装了tshark。很明显,我得到了一个带有消息的帧:error:krb5kdc\u err\u c\u principal\u unknown这很奇怪,我验证了我的keytab和kadmin中列出的主体。也许有我不用的默认原则?

相关问题