[英]Load a keytab from HDFS
I want to use Oozie with a Java Action which needs to use Kerberos. 我想将Oozie与需要使用Kerberos的Java Action一起使用。 I have my keytab in HDFS.
我在HDFS中有密钥表。 How could I say that the file is in HDFS?
我怎么能说该文件在HDFS中?
Configuration conf = new Configuration();
conf.set("hadoop.security.authentication", "Kerberos");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(kerberosPrincipal, kerberosKeytab);
I have tried with a path like hdfs://xxxx:8020/tmp/myKeytab.keytab
and I set conf.set("fs.defaultFS", "hdfs://server:8020");
我已经尝试过使用类似
hdfs://xxxx:8020/tmp/myKeytab.keytab
并设置conf.set("fs.defaultFS", "hdfs://server:8020");
as well but it doesn't work. 同样,但是它不起作用。
Hadoop delegation tokens work only for YARN and HDFS, and they expire after 7 days. Hadoop委派令牌仅适用于YARN和HDFS,它们将在7天后过期。 For all other services -- especially HBase (via ZooKeeper), HiveServer2 (directly or via ZooKeeper), Hive Metastore (inside Hive CLI) -- you need to authenticate directly.
对于所有其他服务-特别是HBase(通过ZooKeeper),HiveServer2(直接或通过ZooKeeper),Hive Metastore(在Hive CLI内部),您需要直接进行身份验证。 For long-running services, you need to re-authenticate periodically to renew the delegation token (if you rely on Slider, it does that automatically for you)
对于长期运行的服务,您需要定期重新进行身份验证以续订委托令牌(如果您依靠Slider,它将自动为您执行此操作)
Option 1 : ask Oozie to generate the appropriate <credential>
for your Action. 选项1 :请Oozie为您的操作生成适当的
<credential>
。 I wish it really worked out-of-the-box and/or that it was better documented -- Hive works like a charm; 我希望它确实可以开箱即用,并且/或者希望它能被更好地记录下来。 not so with HBase;
HBase并非如此; never tried Hive2 so I can't be sure.
从未尝试过Hive2,所以我不确定。
Option 2 : ask Oozie to download your custom keytab file from HDFS (you took care of restricting access to that keytab, didn't you???) to the CWD of your Launcher container with a <file>
option, then generate your credentials all by yourself. 选项2 :请Oozie使用
<file>
选项从HDFS下载自定义密钥表文件(您要限制对那个密钥表的访问,对吗?),将其下载到Launcher容器的CWD,然后生成您的凭据靠你自己。
With a Java action it will be option 2. 通过Java操作,它将成为选项2。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.