如何解决当 Oozie 客户端使用 Kerberos 在 CDH 集群中提交 Spark 作业时出现 AccessControlException
我写了一个Java程序,通过oozie客户端访问CDH集群,远程启动spark Job,oozie生成调度任务application_1608628864933_0644没有权限。
日志是:
Job ID : 0000016-201228112729008-oozie-oozi-W
------------------------------------------------------------------------------------------------------------------------------------
Workflow Name : etl(A30)
App Path : hdfs://gac-bd-pro-nn02.bd.gac.com:8020/user/x4n/project/20201102170800000
Status : KILLED
Run : 0
User : x4n
Group : -
Created : 2020-12-28 11:01 GMT
Started : 2020-12-28 11:01 GMT
Last Modified : 2020-12-28 11:01 GMT
Ended : 2020-12-28 11:01 GMT
CoordAction ID: -
Actions
------------------------------------------------------------------------------------------------------------------------------------
ID Status Ext ID Ext Status Err Code
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@:start: OK - OK -
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@analysis-task-action ERROR application_1608628864933_0644Failed/KILLEDJA018
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@fail OK - OK E0729
------------------------------------------------------------------------------------------------------------------------------------
Launcher exception: DestHost:destPort gac-bd-pro-nn01.bd.gac.com:8020,LocalHost:localPort gac-bd-pro-dn18.bd.gac.com/10.88.20.18:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN,KERBEROS]
Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN,KERBEROS]
at org.apache.hadoop.security.SaslRpcclient.selectSaslClient(SaslRpcclient.java:173)
at org.apache.hadoop.security.SaslRpcclient.saslConnect(SaslRpcclient.java:390)
at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:622)
at org.apache.hadoop.ipc.Client$Connection.access$2300(Client.java:413)
at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:822)
at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:818)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupinformation.doAs(UserGroupinformation.java:1898)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。