我有 hadoop-2.7 集群,oozie-4.0.1 以安全模式运行(使用 kerberos)。
一切都很好。我可以使用 cli 命令提交作业,如下所示:
- 基尼特我的用户
- oozie工作-ooziehttps://10.1.130.10:21003/oozie https://10.1.130.10:21003/oozie-config job.properties -run
但是我使用oozie java api提交作业,发生kerberos异常。
线程“main”中出现异常 AUTHENTICATION:无法进行身份验证,GSSException:未提供有效凭据(机制级别:无法找到任何 Kerberos tgt)
在 org.apache.oozie.client.AuthOozieClient.createConnection(AuthOozieClient.java:150)
在 org.apache.oozie.client.OozieClient.getSupportedProtocolVersions(OozieClient.java:577)
在 org.apache.oozie.client.OozieClient.validateWSVersion(OozieClient.java:538)
在 org.apache.oozie.client.OozieClient.createURL(OozieClient.java:651)
在 org.apache.oozie.client.OozieClient.access$100(OozieClient.java:103)
在 org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:803)
在 org.apache.oozie.client.OozieClient.run(OozieClient.java:999)
在 com.huawei.oozie.OozieMain.main(OozieMain.java:47)
造成原因:org.apache.hadoop.security.authentication.client.AuthenticationException:GSSException:未提供有效凭据(机制级别:无法找到任何 Kerberos tgt)
在org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:334)
在 org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:206)
在 org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:215)
在 org.apache.oozie.client.AuthOozieClient.createConnection(AuthOozieClient.java:144)
... 7 更多
造成的:GSSException:未提供有效凭据(机制级别:无法找到任何 Kerberos tgt)
在sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
在 sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
在sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
在sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
在sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
在sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
在 org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:313)
在 org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:288)
在 java.security.AccessController.doPrivileged(本机方法)
在 javax.security.auth.Subject.doAs(Subject.java:422)
在org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:288)
... 10 更多
我的java代码如下:
System.setProperty("java.security.auth.login.config", System.getProperty("user.dir") + File.separator + "conf"
+ File.separator + "jaas.conf ");
System.setProperty("java.security.krb5.conf", System.getProperty("user.dir") + File.separator + "conf"
+ File.separator + "krb5.conf ");
String url = "https://10.137.60.60:21003/oozie";
AuthOozieClient wc = new AuthOozieClient(url);
wc.setDebugMode(1);
Properties conf = wc.createConfiguration();
FileReader fr = new FileReader("conf/job.properties");
conf.load(fr);
System.out.println(conf.toString());
String jobId = wc.run(conf);
System.out.println("Workflow job submitted");
while (wc.getJobInfo(jobId).getStatus() == WorkflowJob.Status.RUNNING)
{
System.out.println("Workflow job running ...");
Thread.sleep(3 * 1000);
}
System.out.println("Workflow job completed ...");
System.out.println(wc.getJobInfo(jobId));
我的conf/jaas.conf如下:
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="D:/workspace/4.4-billing/Oozie/conf/oozie.keytab"
principal="oozi[email protected] /cdn-cgi/l/email-protection"
useTicketCache=false
storeKey=true
debug=true;
};
谁能帮我 ?我知道 oozie 使用 hadoop-auth jar。但如何设置密钥表,编写验证代码,我不能。