我有一个小的spring服务,它提供基本功能,例如从hbase表中进行put / delete / get.一切似乎都正常,但是有一个问题.启动tomcat服务器10小时后,我的kerberos票证到期了,因此我应该对其进行续订.我试图将Java api用于hbase,并且在每种方法的代码中都使用它,它连接到hbase,我添加了以下代码:
UserGroup@R_765_404[email protected]().checkTGTAndReloginFromKeytab();
我也尝试过:
UserGroup@R_765_404[email protected]().reloginFromKeytab()
和:
SecurityUtil.login(configuration, keytabFilePath, kerberosUser)
但这无济于事,服务器重启十小时后出现此异常:
javax.security.sasl.SaslException: GSS initiate Failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(UnkNown Source)
at org.apache.hadoop.hbase.security.HBaseSaslRpcclient.saslConnect(HBaseSaslRpcclient.java:179)
at org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection.setupSaslConnection(RpcclientImpl.java:617)
at org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection.access$700(RpcclientImpl.java:162)
at org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection$2.run(RpcclientImpl.java:743)
at org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection$2.run(RpcclientImpl.java:740)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(UnkNown Source)
at org.apache.hadoop.security.UserGroup@R_765_404[email protected](UserGroup@R_765_404[email protected]:1614)
at org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection.setupIOstreams(RpcclientImpl.java:740)
at org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection.writeRequest(RpcclientImpl.java:906)
at org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection.tracedWriteRequest(RpcclientImpl.java:873)
at org.apache.hadoop.hbase.ipc.RpcclientImpl.call(RpcclientImpl.java:1241)
at org.apache.hadoop.hbase.ipc.AbstractRpcclient.callBlockingMethod(AbstractRpcclient.java:227)
at org.apache.hadoop.hbase.ipc.AbstractRpcclient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcclient.java:336)
at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.multi(ClientProtos.java:34142)
at org.apache.hadoop.hbase.client.MultiServerCallable.call(MultiServerCallable.java:128)
at org.apache.hadoop.hbase.client.MultiServerCallable.call(MultiServerCallable.java:53)
at org.apache.hadoop.hbase.client.RpcretryingCaller.callWithoutRetries(RpcretryingCaller.java:210)
at org.apache.hadoop.hbase.client.AsyncProcess$AsyncRequestFutureImpl$SingleServerRequestRunnable.run(AsyncProcess.java:733)
at java.util.concurrent.Executors$RunnableAdapter.call(UnkNown Source)
at java.util.concurrent.FutureTask.run(UnkNown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(UnkNown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(UnkNown Source)
at java.lang.Thread.run(UnkNown Source)
我还在日志中发现了以下几行:
2017-01-03 19:09:16 DEBUG UserGroup@R_765_4045@ion:1638 - PrivilegedAction as:[email protected] (auth:KERBEROS) from:org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection.setupIOstreams(RpcclientImpl.java:740)
2017-01-03 19:09:16 DEBUG UserGroup@R_765_4045@ion:1618 - PrivilegedActionException as:[email protected] (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate Failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
2017-01-03 19:09:16 DEBUG UserGroup@R_765_4045@ion:1638 - PrivilegedAction as:[email protected] (auth:KERBEROS) from:org.apache.hadoop.hbase.ipc.RpcclientImpl$Connection.handleSaslConnectionFailure(RpcclientImpl.java:643)
2017-01-03 19:09:16 WARN UserGroup@R_765_4045@ion:1113 - Not attempting to re-login since the last re-login was attempted less than 600 seconds before.
任何点击或提示我做错了什么?
编辑:
我使用以下代码使用kerberos进行身份验证:
Configuration configuration = HBaseConfiguration.create();
configuration.addResource("some config file");
UserGroup@R_765_404[email protected]figuration(configuration);
UserGroup@R_765_404[email protected](kerberosUser, keytabFilePath);
我在项目中将hadoop依赖项的版本更改为2.6.5.
解决方法:
最终的解决方案,似乎可行:
1.将Hadoop依赖项升级到2.6.5版本(hadoop-auth,hadoop-mapreduce-client-core,hadoop-common).
2.创建一个简单的调度程序,该调度程序每5-6分钟执行一次下面的代码.
3.在对HBase数据库执行任何操作之前,请先执行以下代码.
UserGroup@R_765_404[email protected]().checkTGTAndReloginFromKeytab();
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
