我正在通过Kerberos身份验证连接到Hive Metastore。我尝试了几种配置,但目前的例外是这样。
java.lang.IllegalArgumentException: java.net.UnknownHostException: <principal_host>-ns
at org.apache.hadoop.security.SecurityUtil.buildTokenService(SecurityUtil.java:406)
at org.apache.hadoop.hdfs.NameNodeProxies.createNonHAProxy(NameNodeProxies.java:310)
at org.apache.hadoop.hdfs.NameNodeProxies.createProxy(NameNodeProxies.java:176)
at org.apache.hadoop.hdfs.DFSClient.<init>(DFSClient.java:735)
at org.apache.hadoop.hdfs.DFSClient.<init>(DFSClient.java:678)
at org.apache.hadoop.hdfs.DistributedFileSystem.initialize(DistributedFileSystem.java:158)
at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2816)
at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:98)
at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2853)
我正在设置以下所有属性
hive.metastore.use.SSL=true
hive.metastore.truststore.path=<path>
hive.metastore.truststore.password=<ssl_pass>
hive.metastore.kerberos.principal=<service_principal>
hive.support.concurrency=true
hive.enforce.bucketing=true
hive.exec.dynamic.partition.mode=nonstrict
hive.txn.manager=org.apache.hadoop.hive.ql.lockmgr.DbTxnManager
hive.compactor.initiator.on=true
hive.compactor.worker.threads=10
hive.txn.timeout=300
对于Kerberos客户端身份验证,我正在使用以下代码。
conf.set(HadoopConfig.SECURITY_AUTHENTICATION, HadoopConfig.SECURITY_AUTHENTICATION_KERBEROS);
conf.set(HadoopConfig.RPC_PROTECTION, HadoopConfig.RPC_PROTECTION_PRIVACY);
UserGroupInformation.setConfiguration(conf);
this.ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytabPath);
尝试了几种参数配置,但均未成功。我的服务器已启动并正常运行。常规JDBC连接使用相同的SSL参数和Kerberos主体运行。