堆栈内存溢出
  简体   繁体   English

从HDFS加载密钥表

[英]Load a keytab from HDFS

 原文  2016-02-17 14:40:12       java/ hdfs/ kerberos/ keytab

问题描述

I want to use Oozie with a Java Action which needs to use Kerberos. 我想将Oozie与需要使用Kerberos的Java Action一起使用。 I have my keytab in HDFS. 我在HDFS中有密钥表。 How could I say that the file is in HDFS? 我怎么能说该文件在HDFS中? 

 Configuration conf = new Configuration();
 conf.set("hadoop.security.authentication", "Kerberos");     
 UserGroupInformation.setConfiguration(conf);
 UserGroupInformation.loginUserFromKeytab(kerberosPrincipal, kerberosKeytab);

I have tried with a path like hdfs://xxxx:8020/tmp/myKeytab.keytab and I set conf.set("fs.defaultFS", "hdfs://server:8020"); 我已经尝试过使用类似hdfs://xxxx:8020/tmp/myKeytab.keytab并设置conf.set("fs.defaultFS", "hdfs://server:8020"); as well but it doesn't work. 同样,但是它不起作用。

1 个解决方案

解决方案1
 1  2016-02-17 20:05:50

Hadoop delegation tokens work only for YARN and HDFS, and they expire after 7 days. Hadoop委派令牌仅适用于YARN和HDFS,它们将在7天后过期。 For all other services -- especially HBase (via ZooKeeper), HiveServer2 (directly or via ZooKeeper), Hive Metastore (inside Hive CLI) -- you need to authenticate directly. 对于所有其他服务-特别是HBase(通过ZooKeeper),HiveServer2(直接或通过ZooKeeper),Hive Metastore(在Hive CLI内部),您需要直接进行身份验证。 For long-running services, you need to re-authenticate periodically to renew the delegation token (if you rely on Slider, it does that automatically for you) 对于长期运行的服务,您需要定期重新进行身份验证以续订委托令牌(如果您依靠Slider,它将自动为您执行此操作)

Option 1 : ask Oozie to generate the appropriate <credential> for your Action. 选项1 :请Oozie为您的操作生成适当的<credential> I wish it really worked out-of-the-box and/or that it was better documented -- Hive works like a charm; 我希望它确实可以开箱即用,并且/或者希望它能被更好地记录下来。 not so with HBase; HBase并非如此; never tried Hive2 so I can't be sure. 从未尝试过Hive2,所以我不确定。

Option 2 : ask Oozie to download your custom keytab file from HDFS (you took care of restricting access to that keytab, didn't you???) to the CWD of your Launcher container with a <file> option, then generate your credentials all by yourself. 选项2 :请Oozie使用<file>选项从HDFS下载自定义密钥表文件(您要限制对那个密钥表的访问,对吗?),将其下载到Launcher容器的CWD,然后生成您的凭据靠你自己。

With a Java action it will be option 2. 通过Java操作,它将成为选项2。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Windows中的Java和Kerberos Keytab在Cloudera上访问HDFS - Accessing HDFS on Cloudera with Java and Kerberos Keytab from Windows 如何从 hdfs 上的文件加载类型安全的 configFactory? - How to load typesafe configFactory from file on hdfs? HBase:从HDFS加载主协处理器 - HBase: load master coprocessor from HDFS hdfs中的Java加载序列文件为JavaRDD <Vector> - Java Load sequence file from hdfs as JavaRDD<Vector> Java 程序从 HDFS 加载多个 csv 文件,读取列值并加载到 HBASE? - Java Program to load the multiple csv files from HDFS, read column values and load into HBASE? 是否可以从jaas.conf中的类路径引用keytab? - Is it possible to reference a keytab from the classpath in jaas.conf? HDFS - 加载大量文件 - HDFS - load mass amount of files 加载hdfs分区文件列表 - Load hdfs partitions files list 来自HDFS集群的ListFiles - ListFiles from HDFS Cluster 如何根据字段将数据从 CSV 加载到单独的 Hadoop HDFS 目录中 - How to Load data from CSV into separate Hadoop HDFS directories based on fields
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM