具有安全Kafka抛出的Spark Structured Streaming:未授权访问组异常

时间:2018-01-31 15:01:37

标签: hadoop apache-spark apache-kafka kerberos kafka-consumer-api

为了在我的项目中使用结构化流媒体,我在我的hortonworks 2.6.3环境中测试spark 2.2.0和Kafka 0.10.1与Kerberos的集成,我在下面运行示例代码来检查集成。我可以在spark本地模式下运行以下程序,没有任何问题,但是当在Hadoop集群上移动到纱线集群/客户端模式时,相同的程序会抛出异常。

我知道我可以为group-id配置kafka acl,但是spark结构化流为每个查询生成新的group-id,因此我无法在kafka acl中配置group-id以摆脱授权异常。我很善良现在被困住了。

14:19:59 org.apache.spark.sql.streaming.StreamingQueryException: Not authorized to access group: spark-kafka-source-632450e3-a111-4d09-8704-85320c572aeb--1213729126-driver-2

例外:

18/01/31 14:46:34 INFO AbstractLogin: Successfully logged in.
18/01/31 14:46:34 INFO KerberosLogin: TGT refresh thread started.
18/01/31 14:46:34 INFO KerberosLogin: TGT valid starting at: Wed Jan 31 13:51:11 UTC 2018
18/01/31 14:46:34 INFO KerberosLogin: TGT expires: Wed Jan 31 23:51:14 UTC 2018
18/01/31 14:46:34 INFO KerberosLogin: TGT refresh sleeping until: Wed Jan 31 21:58:11 UTC 2018
Exception in thread "main" 18/01/31 14:46:34 INFO AppInfoParser: Kafka version : 0.10.1.2.6.3.0-235
18/01/31 14:46:34 INFO AppInfoParser: Kafka commitId : ba0af6800a08d2f8
org.apache.spark.sql.streaming.StreamingQueryException: Not authorized to access group: spark-kafka-source-632450e3-a111-4d09-8704-85320c572aeb--1213729126-driver-2
=== Streaming Query ===
Identifier: [id = 64a8dbd2-c674-43f7-947d-9aac1667b2b0, runId = 70ce5ee9-ead6-44eb-a7cd-93619b10b811]
Current Committed Offsets: {}
Current Available Offsets: {}

Current State: ACTIVE
Thread State: RUNNABLE

Logical Plan:
Project [value#16]
+- Project [cast(key#0 as string) AS key#15, cast(value#1 as string) AS value#16]
   +- StreamingExecutionRelation KafkaSource[Subscribe[test_topic]], [key#0, value#1, topic#2, partition#3, offset#4L, timestamp#5, timestampType#6]

        at org.apache.spark.sql.execution.streaming.StreamExecution.org$apache$spark$sql$execution$streaming$StreamExecution$$runBatches(StreamExecution.scala:343)
        at org.apache.spark.sql.execution.streaming.StreamExecution$$anon$1.run(StreamExecution.scala:206)
Caused by: org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to access group: spark-kafka-source-632450e3-a111-4d09-8704-85320c572aeb--1213729126-driver-2
18/01/31 14:46:34 ERROR StreamExecution: Query [id = 01bd97ea-6d2c-446c-a366-491d252925aa, runId = cc8dc932-9297-47c5-b30b-007624c03163] terminated with error
org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to access group: spark-kafka-source-d690d270-7092-4aed-82c2-97fdfd80d0ed--604732661-driver-2
18/01/31 14:46:34 WARN KerberosLogin: TGT renewal thread has been interrupted and will exit.
18/01/31 14:46:34 INFO SparkContext: Invoking stop() from shutdown hook
18/01/31 14:46:34 INFO AbstractConnector: Stopped Spark@37524c9b{HTTP/1.1,[http/1.1]}{0.0.0.0:4040}
18/01/31 14:46:34 INFO SparkUI: Stopped Spark web UI at http://192.168.0.19:4040
18/01/31 14:46:34 INFO YarnClientSchedulerBackend: Interrupting monitor thread
18/01/31 14:46:34 INFO YarnClientSchedulerBackend: Shutting down all executors
18/01/31 14:46:34 INFO YarnSchedulerBackend$YarnDriverEndpoint: Asking each executor to shut down

1 个答案:

答案 0 :(得分:0)

有一种使用通配符解决方案的方法。

bin/kafka-acls --authorizer kafka.security.auth.SimpleAclAuthorizer 
               --authorizer-properties zookeeper.connect=zk:2181 
               --add --allow-principal User:'Bon' --operation READ 
               --topic topicName --group='spark-kafka-source-' 
               --resource-pattern-type prefixed

希望有帮助!