1诸老、問題描述
當(dāng)在HDP中配置了Oozie的SSO后隆夯,會發(fā)現(xiàn)在Hue中提交oozie workflow失敗異常。在解決問題的過程中别伏,共出現(xiàn)了兩個異常蹄衷。第二個異常是在解決第一個異常的基礎(chǔ)上出現(xiàn)的。
2厘肮、異常一
2.1異常信息
[13/Sep/2018 18:50:15 +0800] editor2 ERROR Error submitting coordinator
Traceback (most recent call last):
File "/home/hue/hue-4.2.0/apps/oozie/src/oozie/views/editor2.py", line 700, in _submit_coordinator
wf_dir = Submission(request.user, wf, request.fs, request.jt, mapping, local_tz=coordinator.data['properties']['timezone']).deploy()
File "/home/hue/hue-4.2.0/desktop/libs/liboozie/src/liboozie/submission2.py", line 194, in deploy
self._update_properties(jt_address) # Needed for coordinator deploying workflows with credentials
File "/home/hue/hue-4.2.0/desktop/libs/liboozie/src/liboozie/submission2.py", line 351, in _update_properties
credentials.fetch(self.api)
File "/home/hue/hue-4.2.0/desktop/libs/liboozie/src/liboozie/credentials.py", line 40, in fetch
configuration = oozie_api.get_configuration()
File "/home/hue/hue-4.2.0/desktop/libs/liboozie/src/liboozie/oozie_api.py", line 319, in get_configuration
resp = self._root.get('admin/configuration', params)
File "/home/hue/hue-4.2.0/desktop/core/src/desktop/lib/rest/resource.py", line 122, in get
return self.invoke("GET", relpath, params, headers=headers, allow_redirects=True, clear_cookies=clear_cookies)
File "/home/hue/hue-4.2.0/desktop/core/src/desktop/lib/rest/resource.py", line 78, in invoke
log_response=log_response)
File "/home/hue/hue-4.2.0/desktop/core/src/desktop/lib/rest/resource.py", line 97, in _invoke
clear_cookies=clear_cookies)
File "/home/hue/hue-4.2.0/desktop/core/src/desktop/lib/rest/http_client.py", line 211, in execute
raise self._exc_class(ex)
RestException: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
2.2解決方法
由于是報Hue證書問題愧口,故在Hue的hue.ini配置文件中增加ssl_cacerts屬性。
3类茂、異常二
3.1異常信息
[18/Sep/2018 09:35:40 +0800] middleware INFO Processing exception: 'str' object has no attribute 'get': Traceback (most recent call last):
File "/home/hue/hue-4.2.0/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/core/handlers/base.py", line 112, in get_response
response = wrapped_callback(request, *callback_args, *callback_kwargs)
File "/home/hue/hue-4.2.0/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/db/transaction.py", line 371, in inner
return func(args, **kwargs)
File "/home/hue/hue-4.2.0/apps/oozie/src/oozie/decorators.py", line 113, in decorate
return view_func(request, *args, **kwargs)
File "/home/hue/hue-4.2.0/apps/oozie/src/oozie/decorators.py", line 75, in decorate
return view_func(request, *args, **kwargs)
File "/home/hue/hue-4.2.0/apps/oozie/src/oozie/views/editor2.py", line 367, in submit_workflow
return _submit_workflow_helper(request, workflow, submit_action=reverse('oozie:editor_submit_workflow', kwargs={'doc_id': workflow.id}))
File "/home/hue/hue-4.2.0/apps/oozie/src/oozie/views/editor2.py", line 426, in _submit_workflow_helper
'is_oozie_mail_enabled': _is_oozie_mail_enabled(request.user),
File "/home/hue/hue-4.2.0/apps/oozie/src/oozie/views/editor2.py", line 435, in _is_oozie_mail_enabled
return oozie_conf.get('oozie.email.smtp.host') != 'localhost'
AttributeError: 'str' object has no attribute 'get'
3.2問題定位
在不加SSO的情況下耍属,hue并不會出現(xiàn)該異常。通過在出現(xiàn)異常代碼行前新加輸出oozie_conf的打印日志巩检,發(fā)現(xiàn)輸出的是登錄頁面厚骗。由于是Hue的后端調(diào)用oozie的Rest API,所以并不需要輸出登錄頁面兢哭,解決此問題大致有了一個固定方向就是禁止執(zhí)行SSO流程领舰。
根據(jù)查看官方文檔,發(fā)現(xiàn)SSO使用的類org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler大致實(shí)現(xiàn)方式為如下圖標(biāo)紅所示。
因此查看了AltKerberosAuthenticationHandler.java中關(guān)鍵方法是根據(jù)請求中是否帶有User-Agent頭來判斷是否是瀏覽器訪問冲秽。
通過抓包請求舍咖,確實(shí)也發(fā)現(xiàn)hue的請求傳遞了User-Agent請求頭。
3.3解決方法
在hue-4.2.0/desktop/core/src/desktop/lib/rest/http_client.py中锉桑,通過增加如下標(biāo)紅代碼行移除User-Agent請求頭排霉。
