StormUI 无法获取数据

名词解决

SPNEGO(SPNEGO: Simple and Protected GSS-API Negotiation)是微软提供的一种使用GSS-API认证机制的安全协议,用于使Webserver共享Windows Credentials,它扩展了Kerberos(一种网络认证协议)。

原因

当使用Kerberos进行认证时,通过Ambari-server访问某一个集群应用的HTTP协议API的时候,需要把Ambari WEB端已经通过GSS-API认证的Kerberos principal的Token,共享给集群应用的HTTP协议的API;如果Ambari未配置开启、配置SPNEGO安全协议,Ambari请求集群HTTP协议API获取数据时,将认证失败,无法获取数据。Ambari-server提示“SPNego authentication failed, can not get hadoop.auth cookie”错误信息

解决方法

1. 停止Ambari-server进程
    [root@server bin]$ systemctl stop ambari-server
2. 开启并配置安全协议
    [root@server bin]$ ambari-server setup-security
    Using python  /usr/bin/python
    Security setup options...
===========================================================================
Choose one of the following options: 
        [1] Enable HTTPS for Ambari server.
        [2] Encrypt passwords stored in ambari.properties file.
        [3] Setup Ambari kerberos JAAS configuration.
        [4] Setup truststore.
        [5] Import certificate to truststore.
===========================================================================
Enter choice, (1-5): 3
Setting up Ambari kerberos JAAS configuration to access secured Hadoop daemons...
Enter ambari server's kerberos principal name (ambari@EXAMPLE.COM): ambari-server-test@TEST.COM
Enter keytab path for ambari server's kerberos principal: /etc/security/keytabs/ambari.server.keytab
Ambari Server 'setup-security' completed successfully.
3. 重启Ambari-server进程使之生效
    [root@server bin]$ systemctl start ambari-server
上一篇:Java 数据以追加方式保存HDFS ,含kerberos 认证配置


下一篇:Mark : Kerberos