cloudera CDH 禁用 kerberos
環(huán)境信息
- 操作系統(tǒng)系統(tǒng):Centos7
- JDK:1.7
- CDH 版本:5.8.4
1,停止集群
2,修改參數(shù)
Zookeeper:
enableSecurity (Enable Kerberos Authentication)->FALSE
HDFS:
hadoop.security.authentication->Simple
hadoop.security.authorization->FALSE
dfs.datanode.address from 1004 (for Kerberos) to 50010 (default)
dfs.datanode.http.address from 1006 (for Kerberos) to 50075 (default)
Data Directory Permissions from 700 to 755
HBASE:
hbase.security.authentication->Simple
hbase.security.authorization->FALSE
Hue:
Kerberos Ticket Renewer->Delete role or stop role
3,刪除hbase znode,RsouceManager znode,zkfc znode(出現(xiàn)問(wèn)題再執(zhí)行)
- Zookeeper->Configration->java Configuration Options for Zookeeper Server 添加
-Dzookeeper.skipACL=yes(關(guān)閉zk的權(quán)限檢查) - 重啟zookeeper服務(wù)
- 登錄zkcli:
hbase zkcli - 刪除hbase znode:
rmr /hbase - 刪除RM znode:
rmr /rmstore/ZKRMStateRoot - 刪除zkfc znode:
rmr /hadoop-ha/nameservice-test1 - Zookeeper->Configration->java Configuration Options for Zookeeper Server 刪除
-Dzookeeper.skipACL=yes - 重啟zookeeper及相應(yīng)服務(wù)
問(wèn)題排查:
問(wèn)題描述:
Diagnostics: Not able to initialize app directories in any of the configured local directories for app application_1497933181227_0003
解決方案:在nodemanager節(jié)點(diǎn)執(zhí)行:sudo rm -rf /hdfs/yarn/nm/usercache/(未啟用kerberos前目錄權(quán)限為yarn:yarn衣迷,啟用后變成dengsc:yarn荷并,導(dǎo)致權(quán)限不兼容)
問(wèn)題描述:
hmaster啟動(dòng)失旕巍:Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /jpush-hbase/backup-masters/nfjd-hadoop-test01.jpushoa.com,60000,1497931699986
參考鏈接:https://www.zybuluo.com/xtccc/note/181910
http://community.cloudera.com/t5/Cloudera-Manager-Installation/Disabling-Kerberos-on-Cloudera-EXpress-5-5-1-HBase-issue/m-p/42482/highlight/true#M7622
解決方案:(1)Zookeeper添加參數(shù)(跳過(guò)zk目錄權(quán)限檢查): java Configuration Options for Zookeeper Server :
-Dzookeeper.skipACL=yes(2)刪除zk元數(shù)據(jù)目錄:hbase zkcli;rmr /hbase
問(wèn)題描述:
Resource Manager 啟動(dòng)失敗:RMStateStore has been fenced,ResourceManager all standby.
解決方案:(1)Zookeeper: java Configuration Options for Zookeeper Server :
-Dzookeeper.skipACL=yes(2)rmr /rmstore/ZKRMStateRoot
注:會(huì)丟失yarn應(yīng)用執(zhí)行信息诽表。
問(wèn)題描述:
Failover Controller啟動(dòng)失敗:Unable to start failover controller. Parent znode does not exist.
Run with -formatZK flag to initialize ZooKeeper.
解決方案:(1)Zookeeper: java Configuration Options for Zookeeper Server :
-Dzookeeper.skipACL=yes(2)rmr /hadoop-ha/nameservice-test1(3)重新deploy客戶端文件,確保nn主機(jī)core-site.xml中參數(shù)為simple方式訪問(wèn)集群 (4)登錄namenode節(jié)點(diǎn),執(zhí)行:hdfs zkfc -formatZK 重新格式化zkfc
