hdfs开启kerberos之后,namenode报错,连不上journalnode
2019-03-15 18:54:46,504 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:hdfs/server-03.bj@TEST.COM (auth:KERBEROS) cause:org.apache.hadoop.ipc.RemoteException(javax.securi
ty.sasl.SaslException): GSS initiate failed
2019-03-15 18:54:46,505 WARN org.apache.hadoop.ipc.Client: Couldn't setup connection for hdfs/server-03.bj@TEST.COM to server-02.bj/192.168.0.1:8485
org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed
at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:378)
at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:594)
at org.apache.hadoop.ipc.Client$Connection.access$2000(Client.java:396)
at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:761)
at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:757)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1924)
at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:756)
at org.apache.hadoop.ipc.Client$Connection.access$3000(Client.java:396)
at org.apache.hadoop.ipc.Client.getConnection(Client.java:1557)
at org.apache.hadoop.ipc.Client.call(Client.java:1480)
at org.apache.hadoop.ipc.Client.call(Client.java:1441)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:231)
at com.sun.proxy.$Proxy19.getEditLogManifest(Unknown Source)
at org.apache.hadoop.hdfs.qjournal.protocolPB.QJournalProtocolTranslatorPB.getEditLogManifest(QJournalProtocolTranslatorPB.java:245)
at org.apache.hadoop.hdfs.qjournal.client.IPCLoggerChannel$13.call(IPCLoggerChannel.java:556)
at org.apache.hadoop.hdfs.qjournal.client.IPCLoggerChannel$13.call(IPCLoggerChannel.java:553)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
journalnode也有报错:
2019-03-15 20:21:01,014 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 8485: readAndProcess from client 192.168.0.56 threw exception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]
这个是因为jce的问题,下载地址
https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
下载之后解压得到
# ls -l UnlimitedJCEPolicyJDK8/
total 16
-rw-rw-r-- 1 root root 3035 Dec 21 2013 local_policy.jar
-rw-r--r-- 1 root root 7323 Dec 21 2013 README.txt
-rw-rw-r-- 1 root root 3023 Dec 21 2013 US_export_policy.jar
拷贝至jre对应目录
# cp UnlimitedJCEPolicyJDK8/*.jar $JAVA_HOME/jre/lib/security
然后重启hdfs即可