我们有一个已启用kerberos的本地ambari HDP集群2.6.0.0,还安装了Ranger,Kafka作为组件。
我们使用此本地Ambari Infra SolrCloud作为范围审核。
一开始,Ranger Audit日志正确显示,但过了一会儿,我们收到如下错误:
运行solr查询时出错,请检查solr配置。找不到健康的节点来处理请求。
现在,根据Google的建议,我知道需要删除集合“ ranger_audits”并重新启动Ranger。
自从我们在此Ambari群集中启用了kerberos之后,现在请点击以下链接尝试删除该集合:
但在Kinit成功后,运行以下CURL尝试删除集合:
curl -i -v --negotiate -u : "http://<My_Host_FQDN>:8886/solr/admin/collections?action=DELETE&name=ranger_audits"
我遇到以下异常:
<response>
<lst name="responseHeader"><int name="status">500</int><int name="QTime">0</int></lst><lst name="error"><str name="msg">KeeperErrorCode = AuthFailed for /overseer/collection-queue-work/qnr-</str><str name="trace">org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /overseer/collection-queue-work/qnr-
at org.apache.zookeeper.KeeperException.create(KeeperException.java:123)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783)
at org.apache.solr.common.cloud.SolrZkClient$9.execute(SolrZkClient.java:380)
at org.apache.solr.common.cloud.SolrZkClient$9.execute(SolrZkClient.java:377)
at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:60)
at org.apache.solr.common.cloud.SolrZkClient.create(SolrZkClient.java:377)
at org.apache.solr.cloud.OverseerTaskQueue.createData(OverseerTaskQueue.java:168)
at org.apache.solr.cloud.OverseerTaskQueue.offer(OverseerTaskQueue.java:189)
at org.apache.solr.handler.admin.CollectionsHandler.handleResponse(CollectionsHandler.java:255)
at org.apache.solr.handler.admin.CollectionsHandler.handleRequestBody(CollectionsHandler.java:195)
at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:155)
at org.apache.solr.servlet.HttpSolrCall.handleAdminRequest(HttpSolrCall.java:660)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:441)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:257)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:208)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
</str><int name="code">500</int></lst>
</response>
似乎Zookeeper授权失败?
这就是我得到的:
[zk: <ZK_HOST>:2181(CONNECTED) 5] getAcl /infra-solr/overseer
'sasl,'infra-solr
: cdrwa
'world,'anyone
: r
但是我想似乎我们不能同时通过/etc/security/keytabs/ambari-infra-solr.service.keytab和Zookeeper密钥标签获得授权?
然后我如何获得删除此收藏集的授权?
谢谢。