解决Ambari启用Kerberos认证后NameNode UI 等页面无法打开问题

 

Ambari启用Kerberos认证后NameNode UI, RESOURCEMANAGER ,Spark2 history server ui提示要登录, 如果Windows 和KDC是集成同一个Windows AD,那么可以通过AD账号登录打开页面,否则将提示:401: Authorization required。
这种情况可以配置页面匿名访问解决:

--namenode ui
在HDFS -> Advanced core-site
set hadoop.http.authentication.simple.anonymous.allowed to true
在HDFS -> Custom core-site
set hadoop.http.authentication.type  to simple
set hadoop.proxyuser.HTTP.groups to *
set hadoop.proxyuser.knox.groups to *
set hadoop.proxyuser.knox.hosts to *
set hadoop.proxyuser.yarn.hosts to *

--spark history ui, 在export 前面加#注释掉
在Spark2 -> Advanced spark2-env -> content
{% if security_enabled %}
#export SPARK_HISTORY_OPTS='-Dspark.ui.filters=org.apache.hadoop.security.authentication.server.AuthenticationFilter -Dspark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal={{spnego_principal}},kerberos.keytab={{spnego_keytab}}"'
{% endif %}

--ResourceManager UI
在yarn -> Advanced ranger-yarn-security
set Add YARN Authorization to false
在yarn -> Custom yarn-site
set yarn.resourcemanager.proxy-user-privileges.enabled to false
上一篇:大数据系列-CDH环境中SOLR入数据


下一篇:centos7 ambari 2.6.2.0+hdp 2.6.5.0大数据集群安装部署(企业级)