資訊專欄INFORMATION COLUMN
點擊上方“IT那活兒”公眾號,關(guān)注后了解更多內(nèi)容,不管IT什么活兒,干就完了!!!
前 言
環(huán)境依賴
hadoop認(rèn)證配置
kadmin.local -q "addprinc -randkeyhadoop/bigdata-03@HADOOP.COM"
kadmin.local -q "addprinc -randkeyhadoop/bigdata-05@HADOOP.COM"kadmin.local -q "xst -k /root/keytabs/kerberos/hadoop.keytabhadoop/bigdata-03@HADOOP.COM"
kadmin.local -q "xst -k /root/keytabs/kerberos/hadoop.keytab hadoop/bigdata-05@HADOOP.COM"klist -kt /root/keytabs/kerberos/hadoop.keytab
klist -kt /home/gpadmin/hadoop.keytab<property>
<name>hadoop.security.authenticationname>
<value>kerberosvalue>
property>
<property>
<name>hadoop.security.authorizationname>
<value>truevalue>
property>
<property>
<name>dfs.block.access.token.enablename>
<value>truevalue>
property>
<property>
<name>dfs.permissions.enabledname>
<value>falsevalue>
property>
<property>
<name>dfs.namenode.kerberos.principalname>
<value>hadoop/_HOST@EXAMPLE.COMvalue>
property>
<property>
<name>dfs.namenode.keytab.filename>
<value>/home/gpadmin/hadoop.keytabvalue>
property>
<property>
<name>dfs.secondary.namenode.kerberos.principalname>
<value>hadoop/_HOST@EXAMPLE.COMvalue>
property>
<property>
<name>dfs.secondary.namenode.keytab.filename>
<value>/home/gpadmin/hadoop.keytabvalue>
property>
<property>
<name>dfs.web.authentication.kerberos.principalname>
<value>hadoop/_HOST@EXAMPLE.COMvalue>
property>
<property>
<name>dfs.web.authentication.kerberos.keytabname>
<value>/home/gpadmin/hadoop.keytabvalue>
property>
<property>
<name>dfs.datanode.kerberos.principalname>
<value>hadoop/_HOST@EXAMPLE.COMvalue>
property>
<property>
<name>dfs.datanode.keytab.filename>
<value>/home/gpadmin/hadoop.keytabvalue>
property>
<property>
<name>dfs.data.transfer.protectionname>
<value>authenticationvalue>
property>
<property>
<name>dfs.http.policyname>
<value>HTTPS_ONLYvalue>
<description>所有開啟的web頁面均使用https, 細(xì)節(jié)在ssl server 和client那個配置文件內(nèi)配置description>
property>
<property>
<name>yarn.resourcemanager.principalname>
<value>hadoop/_HOST@EXAMPLE.COMvalue>
property>
<property>
<name>yarn.resourcemanager.keytabname>
<value>/home/gpadmin/hadoop.keytabvalue>
property>
<property>
<name>yarn.nodemanager.principalname>
<value>hadoop/_HOST@EXAMPLE.COMvalue>
property>
<property>
<name>yarn.nodemanager.keytabname>
<value>/home/gpadmin/hadoop.keytabvalue>
property>
<property>
<name>mapreduce.jobhistory.principalname>
<value>hadoop/_HOST@EXAMPLE.COMvalue>
property>
<property>
<name>mapreduce.jobhistory.keytabname>
<value>/home/gpadmin/hadoop.keytabvalue>
property><property>
<name>ssl.server.truststore.locationname>
<value>/home/gpadmin/kerberos_https/keystorevalue>
<description>Truststore to be used by NN and DN. Must be specified.
description>
property>
<property>
<name>ssl.server.truststore.passwordname>
<value>passwordvalue>
<description>Optional. Default value is "".
description>
property>
<property>
<name>ssl.server.truststore.typename>
<value>jksvalue>
<description>Optional. The keystore file format, default value is "jks".
description>
property>
<property>
<name>ssl.server.truststore.reload.intervalname>
<value>10000value>
<description>Truststore reload check interval, in milliseconds.
Default value is 10000 (10 seconds).
description>
property>
<property>
<name>ssl.server.keystore.locationname>
<value>/home/gpadmin/kerberos_https/keystorevalue>
<description>Keystore to be used by NN and DN. Must be specified.
description>
property>
<property>
<name>ssl.server.keystore.passwordname>
<value>passwordvalue>
<description>Must be specified.
description>
property>
<property>
<name>ssl.server.keystore.keypasswordname>
<value>passwordvalue>
<description>Must be specified.
description>
property>
<property>
<name>ssl.server.keystore.typename>
<value>jksvalue>
<description>Optional. The keystore file format, default value is "jks".
description>
property>
<property>
<name>ssl.server.exclude.cipher.listname>
<value>TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_RSA_WITH_RC4_128_MD5value>
<description>Optional. The weak security cipher suites that you want excluded
from SSL communication.description>
property>keytool -keystore keystore -alias hadoop -validity 365000 -
keystore/home/gpadmin/kerberos_https/keystore/keystore -
genkey -keyalg RSA -keysize 2048 -dname "CN=hadoop,
OU=shsnc, O=snc, L=hunan, ST=changsha, C=CN"kinit -kt /home/gpadmin/hadoop.keytabhadoop/bigdata-05@HADOOP.COMflink認(rèn)證配置
<property>
<name>dfs.permissions.enabledname>
<value>truevalue>
property>klist -kt /root/keytabs/kerberos/hadoop.keytabsecurity.kerberos.login.use-ticket-cache: true
security.kerberos.login.keytab: /home/gpadmin/hadoop.keytab
security.kerberos.login.principal: gpadmin@HADOOP.COM
security.kerberos.login.contexts: Clientflink run -m yarn-cluster
-p 1
-yjm 1024
-ytm 1024
-ynm amp_zabbix
-c com.shsnc.fk.task.tokafka.ExtratMessage2KafkaTask
-yt /home/gpadmin/jar_repo/config/krb5.conf
-yD env.java.opts.jobmanager=-Djava.security.krb5.conf=krb5.conf
-yD env.java.opts.taskmanager=-Djava.security.krb5.conf=krb5.conf
-yD security.kerberos.login.keytab=/home/gpadmin/hadoop.keytab
-yD security.kerberos.login.principal=gpadmin@HADOOP.COM
$jarname文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://m.specialneedsforspecialkids.com/yun/129142.html
大數(shù)據(jù)開發(fā)系列五:kafka& zookeeper 配置kerberos認(rèn)證 img{ display:block; margin:0 auto !important; width:100%; } body{ ...
摘要:一大數(shù)據(jù)平臺介紹大數(shù)據(jù)平臺架構(gòu)演變?nèi)鐖D所示魅族大數(shù)據(jù)平臺架構(gòu)演變歷程年底,我們開始實踐大數(shù)據(jù),并部署了測試集群。因此,大數(shù)據(jù)運維的目標(biāo)是以解決運維復(fù)雜度的自動化為首要目標(biāo)。大數(shù)據(jù)運維存在的問題大數(shù)據(jù)運維存在的問題包括部署及運維復(fù)雜。 一、大數(shù)據(jù)平臺介紹 1.1大數(shù)據(jù)平臺架構(gòu)演變 ?showImg(https://segmentfault.com/img/bVWDPj?w=1024&h=...
閱讀 1353·2023-01-11 13:20
閱讀 1699·2023-01-11 13:20
閱讀 1211·2023-01-11 13:20
閱讀 1902·2023-01-11 13:20
閱讀 4161·2023-01-11 13:20
閱讀 2751·2023-01-11 13:20
閱讀 1397·2023-01-11 13:20
閱讀 3664·2023-01-11 13:20
