当 Oozie 客户端使用 Kerberos 在 CDH 集群中提交 Spark 作业时出现 AccessControlException

如何解决当 Oozie 客户端使用 Kerberos 在 CDH 集群中提交 Spark 作业时出现 AccessControlException

我写了一个Java程序，通过oozie客户端访问CDH集群，远程启动spark Job，oozie生成调度任务application_1608628864933_0644没有权限。

日志是：

Job ID : 0000016-201228112729008-oozie-oozi-W
------------------------------------------------------------------------------------------------------------------------------------
Workflow Name : etl(A30)
App Path      : hdfs://gac-bd-pro-nn02.bd.gac.com:8020/user/x4n/project/20201102170800000
Status        : KILLED
Run           : 0
User          : x4n
Group         : -
Created       : 2020-12-28 11:01 GMT
Started       : 2020-12-28 11:01 GMT
Last Modified : 2020-12-28 11:01 GMT
Ended         : 2020-12-28 11:01 GMT
CoordAction ID: -

Actions
------------------------------------------------------------------------------------------------------------------------------------
ID                                                                            Status    Ext ID                 Ext Status Err Code  
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@:start:                                  OK        -                      OK         -         
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@analysis-task-action                     ERROR     application_1608628864933_0644Failed/KILLEDJA018     
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@fail                                     OK        -                      OK         E0729     
------------------------------------------------------------------------------------------------------------------------------------

Launcher exception: DestHost:destPort gac-bd-pro-nn01.bd.gac.com:8020,LocalHost:localPort gac-bd-pro-dn18.bd.gac.com/10.88.20.18:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN,KERBEROS]
Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN,KERBEROS]
        at org.apache.hadoop.security.SaslRpcclient.selectSaslClient(SaslRpcclient.java:173)
        at org.apache.hadoop.security.SaslRpcclient.saslConnect(SaslRpcclient.java:390)
        at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:622)
        at org.apache.hadoop.ipc.Client$Connection.access$2300(Client.java:413)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:822)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:818)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at org.apache.hadoop.security.UserGroupinformation.doAs(UserGroupinformation.java:1898)

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。