我如何在 CDH 6.3.2 中使用 kerberos 运行 zeppelin

Question

zeppelin 0.9.0 不适用于 Kerberos

我在飞艇中添加了“zeppelin.server.kerberos.keytab”和“zeppelin.server.kerberos.principal”-site.xml

但我也收到错误消息“客户端无法通过以下方式进行身份验证：[TOKEN, KERBEROS]；主机详细信息：本地主机为：“bigdser5/10.3.87.27”；目标主机为： "bigdser1":8020;"

并在 spark 解释器中添加“spark.yarn.keytab”，“spark.yarn.principal”，它不起作用还没有。

在我的 spark-shell 中可以与 Kerberos 一起工作

我的 kerberos 步骤

1.admin.local -q "addprinc jzyc/hadoop"

2. kadmin.local -q "xst -k jzyc.keytab jzyc/hadoop@JJKK.COM"

3. 复制jzyc.keytab到其他服务器

4. kinit -kt jzyc.keytab jzyc/hadoop@JJKK.COM

在我的生活中，我得到错误“javax.servlet.ServletException：org.apache.hadoop.security.authentication.client.AuthenticationException：javax.security.auth.login.LoginException：没有要存储的密钥”

Answer 1

INFO [2021-04-15 16:44:46,522] ({dispatcher-event-loop-1} Logging.scala[logInfo]:57) - Got an error when resolving hostNames. Falling back to /default-rack for all
 INFO [2021-04-15 16:44:46,561] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Attempting to login to KDC using principal: jzyc/bigdser4@JOIN.COM
 INFO [2021-04-15 16:44:46,574] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Successfully logged into KDC.
 INFO [2021-04-15 16:44:47,124] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - getting token for: DFS[DFSClient[clientName=DFSClient_NONMAPREDUCE_1346508100_40, ugi=jzyc/bigdser4@JOIN.COM (auth:KERBEROS)]] with renewer yarn/bigdser1@JOIN.COM
 INFO [2021-04-15 16:44:47,265] ({FIFOScheduler-interpreter_1099886208-Worker-1} DFSClient.java[getDelegationToken]:700) - Created token for jzyc: HDFS_DELEGATION_TOKEN owner=jzyc/bigdser4@JOIN.COM, renewer=yarn, realUser=, issueDate=1618476287222, maxDate=1619081087222, sequenceNumber=171, masterKeyId=21 on ha-hdfs:nameservice1
 INFO [2021-04-15 16:44:47,273] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - getting token for: DFS[DFSClient[clientName=DFSClient_NONMAPREDUCE_1346508100_40, ugi=jzyc/bigdser4@JOIN.COM (auth:KERBEROS)]] with renewer jzyc/bigdser4@JOIN.COM
 INFO [2021-04-15 16:44:47,278] ({FIFOScheduler-interpreter_1099886208-Worker-1} DFSClient.java[getDelegationToken]:700) - Created token for jzyc: HDFS_DELEGATION_TOKEN owner=jzyc/bigdser4@JOIN.COM, renewer=jzyc, realUser=, issueDate=1618476287276, maxDate=1619081087276, sequenceNumber=172, masterKeyId=21 on ha-hdfs:nameservice1
 INFO [2021-04-15 16:44:47,331] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Renewal interval is 86400051 for token HDFS_DELEGATION_TOKEN
 INFO [2021-04-15 16:44:47,492] ({dispatcher-event-loop-0} Logging.scala[logInfo]:57) - Got an error when resolving hostNames. Falling back to /default-rack for all
 INFO [2021-04-15 16:44:47,493] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Scheduling renewal in 18.0 h.
 INFO [2021-04-15 16:44:47,494] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Updating delegation tokens.
 INFO [2021-04-15 16:44:47,521] ({FIFOScheduler-interpreter_1099886208-Worker-1} Logging.scala[logInfo]:57) - Updating delegation tokens for current user.

Answer 2

INFO [2021-04-23 11:49:29,658] ({qtp1640639994-103} ManagedInterpreterGroup.java[getOrCreateSession]:180) - 在 InterpreterGroup 中创建会话：shared_session：md-shared_process 用户：匿名 INFO [2021-04-23 11:49:29,659] ({qtp1640639994-103} InterpreterSetting.java[getOrCreateInterpreterGroup]:453) - 创建 InterpreterGroup with groupId: spark-shared_process for ExecutionContext{user='anonymous', noteId='2EYUV26VR', interpreterGroupId='null', defaultInterpreterGroup='spark', inIsolatedMode=false, startTime=} INFO [2021-04-23 11:49:29,659] ({qtp1640639994-103} InterpreterSetting.java[createInterpreters]:823) - 为用户创建的解释器 org.apache.zeppelin.spark.SparkInterpreter：匿名，sessionId：shared_session

但是我启用了shiro.ini

Answer 3

在spark.jars

你需要 hdfs://bigdser1:8020/sparklib/tispark-assembly-2.3.14.jar

没有

hdfs://bigdser1:8020/sparklib/*