我正在尝试使用以下命令访问运行Cloudera的hadoop集群中的webhdfs
!curl -i --negotiate -u : "http://namenode_address:50070/webhdfs/v1/user/?op=LISTSTATUS"
我收到以下错误消息
HTTP/1.1 401 Authentication required
Cache-Control: must-revalidate,no-cache,no-store
Date: Wed, 19 Jun 2019 20:17:31 GMT
Pragma: no-cache
Date: Wed, 19 Jun 2019 20:17:31 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
X-FRAME-OPTIONS: SAMEORIGIN
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Path=/; HttpOnly
Content-Length: 1409
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 401 Authentication required</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /webhdfs/v1/user/. Reason:
<pre> Authentication required</pre></p><hr /><i><small>Powered by
Jetty://</small></i><br/>
<br/>
<br/>
如何解决此身份验证问题?
答案 0 :(得分:1)
创建用于签署身份验证令牌的密钥。这个 文件应包含随机数据,并应放置在 簇。它也应该由hdfs用户拥有,并由 hadoop组。权限应设置为440。例如:
dd if = / dev / urandom of = / etc / security / http_secret bs = 1024 count = 1
chown hdfs:hadoop / etc / security / http_secret
chmod 440 / etc / security / http_secret
在Ambari Web中,浏览至服务> HDFS>配置
将以下配置属性添加或修改为“高级” 核心站点:
hadoop.http.authentication.simple.anonymous.allowed: false
hadoop.http.authentication.signature.secret.file: / etc / security / http_secret
hadoop.http.authentication.type kerberos
hadoop.http.authentication.kerberos.keytab: /etc/security/keytabs/spnego.service.keytab
hadoop.http.authentication.kerberos.principal: HTTP/_HOST@EXAMPLE.COM
hadoop.http.filter.initializers: org.apache.hadoop.security.AuthenticationFilterInitializer
hadoop.http.authentication.cookie.domain: hortonworks.local
重要
hadoop.http.authentication.cookie.domain属性基于集群中服务器的标准域名。对于 例如,如果您的NameNode的FQDN为host1.hortonworks.local,则 hadoop.http.authentication.cookie.domain应该设置为 hortonworks.local。
答案 1 :(得分:0)
尝试一下,它应该可以工作:
curl -i "http://namenode_address:50070/webhdfs/v1/user/root/output/?op=LISTSTATUS"