Apache 2 相互 TLS 身份验证仅适用于“SSLClientVerify optional_no_ca” Apache 日志Apache 日志

分类:编程问答

如何解决Apache 2 相互 TLS 身份验证仅适用于“SSLClientVerify optional_no_ca” Apache 日志Apache 日志

我正在尝试使用 Apache2 来提供具有相互 TLS 身份验证的 REST-API。

如果我将 SSLVerifyClient 选项设置为 require,由于看起来像服务器/客户端证书验证,SSL 连接未建立,我将无法获得客户端证书。我使用的是公司内部测试证书和相关的 CA 证书链。

如果我将 SSLVerifyClient 选项设置为 optional_no_ca,我可以从 Chrome/CURL(测试工具)获得连接,并获得证书信息。这仅允许 openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']) 检查 CN 值作为身份验证。

问题是:

  • 我设置 Apache 证书的方式是否有问题导致认证验证错误?还是证书有问题?

  • 有没有办法让我在 Apache2/curl 之外测试服务器/客户端证书集成?
  • 获取客户证书并检查 CN 值是否足以确保没有人伪装成客户?

注意: 在 Apache 日志文件中我可以看到端口 443,尽管我在端口 8447 上设置了 SSL(由于端口 443 被阻止)。跟这有关系吗?

使用 Chrome 进行测试

This site can’t provide a secure connection
machine.xyz.com didn’t accept your login certificate,or one may not have been provided.
Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT

Apache 日志

[Thu Mar 04 15:44:24.975602 2021] [ssl:info] [pid 24140:tid 140137567536896] [client 10.65.65.199:59523] AH01964: Connection to child 320 established (server machine.xyz.com:443)
[Thu Mar 04 15:44:24.976219 2021] [ssl:debug] [pid 24140:tid 140137567536896] ssl_engine_kernel.c(2353): [client 10.65.65.199:59523] AH02043: SSL virtual host for servername machine.xyz.com found
[Thu Mar 04 15:44:24.984844 2021] [ssl:debug] [pid 24140:tid 140137567536896] ssl_engine_kernel.c(2236): [client 10.65.65.199:59523] AH02041: Protocol: TLSv1.2,Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Thu Mar 04 15:44:24.985009 2021] [ssl:debug] [pid 24140:tid 140137567536896] ssl_engine_kernel.c(383): [client 10.65.65.199:59523] AH02034: Initial (No.1) HTTPS request received for child 320 (server machine.xyz.com:443)
[Thu Mar 04 15:44:24.985223 2021] [ssl:debug] [pid 24140:tid 140137567536896] ssl_engine_kernel.c(746): [client 10.65.65.199:59523] AH02255: Changed client verification type will force renegotiation
[Thu Mar 04 15:44:24.985257 2021] [ssl:info] [pid 24140:tid 140137567536896] [client 10.65.65.199:59523] AH02221: Requesting connection re-negotiation
[Thu Mar 04 15:44:24.985287 2021] [ssl:debug] [pid 24140:tid 140137567536896] ssl_engine_kernel.c(975): [client 10.65.65.199:59523] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[Thu Mar 04 15:44:24.985367 2021] [ssl:info] [pid 24140:tid 140137567536896] [client 10.65.65.199:59523] AH02226: Awaiting re-negotiation handshake
[Thu Mar 04 15:44:24.991206 2021] [ssl:error] [pid 24140:tid 140137567536896] [client 10.65.65.199:59523] AH02261: Re-negotiation handshake failed
[Thu Mar 04 15:44:24.991293 2021] [ssl:debug] [pid 24140:tid 140137567536896] ssl_engine_io.c(1370): (70014)End of file found: [client 10.65.65.199:59523] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Thu Mar 04 15:44:24.991321 2021] [ssl:info] [pid 24140:tid 140137567536896] [client 10.65.65.199:59523] AH01998: Connection closed to child 320 with abortive shutdown (server machine.xyz.com:443)
[Thu Mar 04 15:44:26.471743 2021] [ssl:info] [pid 24140:tid 140137559144192] [client 10.65.65.199:59526] AH01964: Connection to child 321 established (server machine.xyz.com:443)
[Thu Mar 04 15:44:26.471984 2021] [ssl:debug] [pid 24140:tid 140137559144192] ssl_engine_kernel.c(2353): [client 10.65.65.199:59526] AH02043: SSL virtual host for servername machine.xyz.com found
[Thu Mar 04 15:44:26.477354 2021] [ssl:debug] [pid 24140:tid 140137559144192] ssl_engine_kernel.c(2236): [client 10.65.65.199:59526] AH02041: Protocol: TLSv1.2,Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Thu Mar 04 15:44:26.478078 2021] [ssl:debug] [pid 24140:tid 140137559144192] ssl_engine_kernel.c(383): [client 10.65.65.199:59526] AH02034: Initial (No.1) HTTPS request received for child 321 (server machine.xyz.com:443)
[Thu Mar 04 15:44:26.478210 2021] [ssl:debug] [pid 24140:tid 140137559144192] ssl_engine_kernel.c(746): [client 10.65.65.199:59526] AH02255: Changed client verification type will force renegotiation
[Thu Mar 04 15:44:26.478245 2021] [ssl:info] [pid 24140:tid 140137559144192] [client 10.65.65.199:59526] AH02221: Requesting connection re-negotiation
[Thu Mar 04 15:44:26.478272 2021] [ssl:debug] [pid 24140:tid 140137559144192] ssl_engine_kernel.c(975): [client 10.65.65.199:59526] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[Thu Mar 04 15:44:26.478334 2021] [ssl:info] [pid 24140:tid 140137559144192] [client 10.65.65.199:59526] AH02226: Awaiting re-negotiation handshake
[Thu Mar 04 15:44:26.490828 2021] [ssl:debug] [pid 24140:tid 140137559144192] ssl_engine_kernel.c(1741): [client 10.65.65.199:59526] AH02275: Certificate Verification,depth 1,CRL checking mode: none (0) [subject: CN=XYZ Co Server TEST CA 13,OU=PKI,O=XYZ Co AG,C=DE / issuer: CN=XYZ Co Group Root TEST CA 13,C=DE / serial: 04 / notbefore: Mar 18 00:00:00 2018 GMT / notafter: Oct 18 00:00:00 2026 GMT]
[Thu Mar 04 15:44:26.490898 2021] [ssl:info] [pid 24140:tid 140137559144192] [client 10.65.65.199:59526] AH02276: Certificate Verification: Error (20): unable to get local issuer certificate [subject: CN=XYZ Co Server TEST CA 13,C=DE / serial: 04 / notbefore: Mar 18 00:00:00 2018 GMT / notafter: Oct 18 00:00:00 2026 GMT]
[Thu Mar 04 15:44:26.491006 2021] [ssl:error] [pid 24140:tid 140137559144192] [client 10.65.65.199:59526] AH02261: Re-negotiation handshake failed
[Thu Mar 04 15:44:26.491074 2021] [ssl:error] [pid 24140:tid 140137559144192] SSL Library Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
[Thu Mar 04 15:44:26.491140 2021] [ssl:info] [pid 24140:tid 140137559144192] [client 10.65.65.199:59526] AH02008: SSL library error 1 in handshake (server machine.xyz.com:443)
[Thu Mar 04 15:44:26.491164 2021] [ssl:info] [pid 24140:tid 140137559144192] SSL Library Error: error:140800FF:SSL routines:ssl3_accept:unknown state
[Thu Mar 04 15:44:26.491181 2021] [ssl:info] [pid 24140:tid 140137559144192] [client 10.65.65.199:59526] AH01998: Connection closed to child 321 with abortive shutdown (server machine.xyz.com:443)

使用 Curl 进行测试

$ curl -v --cacert 'XYZ Company TEST.crt' --cert client-machine.xyz.com_Testing-DoD-Application.crt --key client-machine.xyz.com_Testing-DoD-Application.key https://machine.xyz.com:8447/data-requests/secure/test.php
. .  .. 


. . . .
s://machine.xyz.com:8447/data-requests/secure/test.php
*   Trying 10.99.99.99...
* TCP_NODELAY set
* Connected to machine.xyz.com (10.99.99.99) port 8447 (#0)
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 183 bytes...
* schannel: sent initial handshake data: sent 183 bytes
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 2/3)
* schannel: encrypted data got 4096
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 3998
* schannel: encrypted data buffer: offset 3998 length 4096
* schannel: received incomplete message,need more data
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 2/3)
* schannel: encrypted data got 1024
* schannel: encrypted data buffer: offset 5022 length 5022
* schannel: received incomplete message,need more data
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 2/3)
* schannel: encrypted data got 1024
* schannel: encrypted data buffer: offset 6046 length 6046
* schannel: received incomplete message,need more data
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 2/3)
* schannel: encrypted data got 1024
* schannel: encrypted data buffer: offset 7070 length 7070
* schannel: received incomplete message,need more data
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 2/3)
* schannel: encrypted data got 639
* schannel: encrypted data buffer: offset 7709 length 8094
* schannel: sending next handshake data: sending 126 bytes...
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 2/3)
* schannel: encrypted data got 51
* schannel: encrypted data buffer: offset 51 length 8094
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 3/3)
* schannel: stored credential handle in session cache
> GET /data-requests/secure/test.php HTTP/1.1
> Host: machine.xyz.com:8447
> User-Agent: curl/7.55.1
> Accept: */*
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 33
* schannel: encrypted data buffer: offset 33 length 103424
* schannel: decrypted data length: 0
* schannel: decrypted data added: 0
* schannel: decrypted data cached: offset 0 length 102400
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection with gmcctu01.uk.db.com port 8447 (step 2/3)
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: sending next handshake data: sending 219 bytes...
* schannel: SSL/TLS connection with gmcctu01.uk.db.com port 8447 (step 2/3)
* schannel: encrypted data got 7969
* schannel: encrypted data buffer: offset 7969 length 103424
* schannel: sending next handshake data: sending 3601 bytes...
* schannel: SSL/TLS connection with machine.xyz.com port 8447 (step 2/3)
* schannel: encrypted data got 31
* schannel: encrypted data buffer: offset 31 length 103424
* schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
* schannel: renegotiation failed
* schannel: schannel_recv cleanup
* Closing connection 0
* schannel: shutting down SSL/TLS connection with machine.xyz.com port 8447
* schannel: clear security context handle
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

Apache 日志

[Thu Mar 04 15:50:05.194181 2021] [ssl:info] [pid 24140:tid 140137550751488] [client 10.65.65.199:59618] AH01964: Connection to child 322 established (server machine.xyz.com:443)
[Thu Mar 04 15:50:05.194424 2021] [ssl:debug] [pid 24140:tid 140137550751488] ssl_engine_kernel.c(2353): [client 10.65.65.199:59618] AH02043: SSL virtual host for servername machine.xyz.com found
[Thu Mar 04 15:50:05.334191 2021] [ssl:debug] [pid 24140:tid 140137550751488] ssl_engine_kernel.c(2236): [client 10.65.65.199:59618] AH02041: Protocol: TLSv1.2,Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Thu Mar 04 15:50:05.376284 2021] [ssl:debug] [pid 24140:tid 140137550751488] ssl_engine_kernel.c(383): [client 10.65.65.199:59618] AH02034: Initial (No.1) HTTPS request received for child 322 (server machine.xyz.com:443)
[Thu Mar 04 15:50:05.376441 2021] [ssl:debug] [pid 24140:tid 140137550751488] ssl_engine_kernel.c(746): [client 10.65.65.199:59618] AH02255: Changed client verification type will force renegotiation
[Thu Mar 04 15:50:05.376454 2021] [ssl:info] [pid 24140:tid 140137550751488] [client 10.65.65.199:59618] AH02221: Requesting connection re-negotiation
[Thu Mar 04 15:50:05.376517 2021] [ssl:debug] [pid 24140:tid 140137550751488] ssl_engine_kernel.c(975): [client 10.65.65.199:59618] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[Thu Mar 04 15:50:05.376617 2021] [ssl:info] [pid 24140:tid 140137550751488] [client 10.65.65.199:59618] AH02226: Awaiting re-negotiation handshake
[Thu Mar 04 15:50:05.498008 2021] [ssl:debug] [pid 24140:tid 140137550751488] ssl_engine_kernel.c(1741): [client 10.65.65.199:59618] AH02275: Certificate Verification,C=DE / serial: 04 / notbefore: Mar 18 00:00:00 2018 GMT / notafter: Oct 18 00:00:00 2026 GMT]
[Thu Mar 04 15:50:05.498078 2021] [ssl:info] [pid 24140:tid 140137550751488] [client 10.65.65.199:59618] AH02276: Certificate Verification: Error (20): unable to get local issuer certificate [subject: CN=XYZ Co Server TEST CA 13,C=DE / serial: 04 / notbefore: Mar 18 00:00:00 2018 GMT / notafter: Oct 18 00:00:00 2026 GMT]
[Thu Mar 04 15:50:05.498183 2021] [ssl:error] [pid 24140:tid 140137550751488] [client 10.65.65.199:59618] AH02261: Re-negotiation handshake failed
[Thu Mar 04 15:50:05.498223 2021] [ssl:error] [pid 24140:tid 140137550751488] SSL Library Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
[Thu Mar 04 15:50:05.498280 2021] [ssl:info] [pid 24140:tid 140137550751488] [client 10.65.65.199:59618] AH02008: SSL library error 1 in handshake (server machine.xyz.com:443)
[Thu Mar 04 15:50:05.498299 2021] [ssl:info] [pid 24140:tid 140137550751488] SSL Library Error: error:140800FF:SSL routines:ssl3_accept:unknown state
[Thu Mar 04 15:50:05.498314 2021] [ssl:info] [pid 24140:tid 140137550751488] [client 10.65.65.199:59618] AH01998: Connection closed to child 322 with abortive shutdown (server machine.xyz.com:443)

Apache 版本

$ httpd -l
Compiled in modules:
  core.c
  mod_so.c
  http_core.c
  event.c
$ httpd -v
Server version: Apache/2.4.46 (Unix)
Server built:   Dec 23 2020 08:36:14

Apache 配置

<VirtualHost _default_:8447>
    ServerAdmin some-support@xyz.com
    ServerName machine.xyz.com
    ServerAlias machine.xyz.com


    DocumentRoot /applications/apache2/htdocs_dev


    SSLEngine on
## Strengthen Ciphers
# Enable TLSv1.2,disable SSLv3.0,TLSv1.0 and TLSv1.1
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1


# Enable modern TLS cipher suites
SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256


# The order of cipher suites matters
SSLHonorCipherOrder     on


# Disable TLS compression
SSLCompression          on


# Necessary for Perfect Forward Secrecy (PFS)
SSLSessionTickets       off
        SSLCertificateFile /applications//pki/tls/certs/machine.xyz.com_8447.crt
        SSLCertificateKeyFile /applications/pki/tls/certs/machine.xyz.com_8447.key
        SSLCertificateChainFile /applications/pki/tls/certs/xyz-sslca-certificate.crt


<Location /data-requests/secure>
        SSLVerifyClient require
        #SSLVerifyClient optional_no_ca
        SSLVerifyDepth 10
        SSLOptions +StdEnvVars +ExportCertData
</Location>


</VirtualHost>

解决方法

您使用的证书可能对相互身份验证无效。您需要确保客户端证书具有 ClientAuth 扩展密钥用法。 https://en.wikipedia.org/wiki/X.509 讨论证书上的扩展密钥用法参数。同样,服务器必须具有 ServerAuth 扩展密钥用法。

在 Apache2/curl 之外,您可以使用 Verify a certificate chain using openssl verify

中讨论的 openssl verify 命令

在您当前使用 SSLVerifyClient optional_no_ca 的配置中,有人可以使用来自不同 CA 的匹配 CN 生成证书。 require 而不是 optional_no_ca 的要点是它检查证书是否来自受信任的 CA。在这种情况下,您需要确保在 SSLCACertificateFileSSLCACertificatePath 中引用了受信任的 CA。

1:https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatepath

,

嗨 Jojajak - 非常感谢您的及时回复。它让我解决了我的问题。

您的 ONE 帖子使我对这一领域的了解增加了十倍。

验证完整的证书

openssl verify -CAfile 'XYZ Company Root TEST CA 13.crt' -untrusted 'XYZ Company TEST CA 13.crt' client-machine.xyz.com_Testing-DoD-Application.crt
client-machine.xyz.com_Testing-DoD-Application.crt: OK

确认扩展密钥使用

openssl x509 -in client-machine.xyz.com_Testing-DoD-Application.crt -purpose -noout -text
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : No
SSL server CA : No
Netscape SSL server : No
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No
. . . .

问题是我没有在我的 Apache2 配置中使用 SSLCACertificateFile。我将 SSLCertificateChainFile 复制为 SSLCACertificateFile 并且它起作用了。

    SSLCertificateFile /applications/pki/tls/certs/machine.xyz.com_8447.crt
    SSLCertificateKeyFile /applications/pki/tls/certs/machine.xyz.com_8447.key
    SSLCertificateChainFile /applications/pki/tls/certs/xyz-sslca-certificate.crt
## Below was the missing parameter. Duh!
    SSLCACertificateFile  /applications/pki/tls/certs/xyz-sslca-certificate.crt

问题结束,成功。

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd import matplotlib.pyplot as plt # 设置字体 plt.rcParams[&#39;font.sans-serif&#39;] = [&#39;SimHei&#39;] # 能正确显示负号 p
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:controller层有一个接口,访问该接口时报错:Request method ‘DELETE‘ not supported 错误原因:没有接收到前端传入的参数,修改为如下 参考 错误2:cannot r
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen 解决方法:重启docker -&gt; systemctl r
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Altʾnter快捷键,选择第2项 参考:https://blog.csdn.net/shi_hong_fei_hei/article/details/88814070 错误2:启动时报错,不能找到主启动类 #
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirement already satisfied: pip in c:\users\ychen\appdata\local\programs\python\python310\lib\site-packages (22.0.4) Coll
maven常见错误
错误1:maven打包报错 错误还原:使用maven打包项目时报错如下 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:3.2.0:resources (default-resources)
cloud项目中常见错误
错误1:服务调用时报错 服务消费者模块assess通过openFeign调用服务提供者模块hires 如下为服务提供者模块hires的控制层接口 @RestController @RequestMapping(&quot;/hires&quot;) public class FeignControl
springboot常见错误
错误1:运行项目后报如下错误 解决方案 报错2:Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project sb 解决方案:在pom.
springmvc拦截器中使用redisTemplate报空指针异常
参考 错误原因 过滤器或拦截器在生效时,redisTemplate还没有注入 解决方案:在注入容器时就生效 @Component //项目运行时就注入Spring容器 public class RedisBean { @Resource private RedisTemplate&lt;String
vite报错:npm ERR! command C:WINDOWSsystem32cmd.exe /d /s /c C:UsersychenAppDataLocalTempnpx-dde1c848.cmd
使用vite构建项目报错 C:\Users\ychen\work&gt;npm init @vitejs/app @vitejs/create-app is deprecated, use npm init vite instead C:\Users\ychen\AppData\Local\npm-
VM VirtualBox中安装centos时报错:设置基础软件仓库时出错
参考1 参考2 解决方案 # 点击安装源 协议选择 http:// 路径填写 mirrors.aliyun.com/centos/8.3.2011/BaseOS/x86_64/os URL类型 软件库URL 其他路径 # 版本 7 mirrors.aliyun.com/centos/7/os/x86
kafka常见问题
报错1 [root@slave1 data_mocker]# kafka-console-consumer.sh --bootstrap-server slave1:9092 --topic topic_db [2023-12-19 18:31:12,770] WARN [Consumer clie
hive常见问题
错误1 # 重写数据 hive (edu)&gt; insert overwrite table dwd_trade_cart_add_inc &gt; select data.id, &gt; data.user_id, &gt; data.course_id, &gt; date_format(
装载数据时报错:Failed to execute spark task, with exception 'org.apache.hadoop.hive.ql.metadata.HiveException(Failed to create spark client.)'
错误1 hive (edu)&gt; insert into huanhuan values(1,&#39;haoge&#39;); Query ID = root_20240110071417_fe1517ad-3607-41f4-bdcf-d00b98ac443e Total jobs = 1
flume常见问题
报错1:执行到如下就不执行了,没有显示Successfully registered new MBean. [root@slave1 bin]# /usr/local/software/flume-1.9.0/bin/flume-ng agent -n a1 -c /usr/local/softwa
hadoop集群常见错误
虚拟及没有启动任何服务器查看jps会显示jps,如果没有显示任何东西 [root@slave2 ~]# jps 9647 Jps 解决方案 # 进入/tmp查看 [root@slave1 dfs]# cd /tmp [root@slave1 tmp]# ll 总用量 48 drwxr-xr-x. 2
hive常见错误
报错1 hive&gt; show databases; OK Failed with exception java.io.IOException:java.lang.RuntimeException: Error in configuring object Time taken: 0.474 se
Linux常见错误
报错1 [root@localhost ~]# vim -bash: vim: 未找到命令 安装vim yum -y install vim* # 查看是否安装成功 [root@hadoop01 hadoop]# rpm -qa |grep vim vim-X11-7.4.629-8.el7_9.x
使用sqoop一直卡在:mapreduce.Job: Running job: job_1703173956074_0001
修改hadoop配置 vi /usr/local/software/hadoop-2.9.2/etc/hadoop/yarn-site.xml # 添加如下 &lt;configuration&gt; &lt;property&gt; &lt;name&gt;yarn.nodemanager.res
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot