无法在启用 kerberos 的 3 节点集群上启动 NIFI
Posted
技术标签:
【中文标题】无法在启用 kerberos 的 3 节点集群上启动 NIFI【英文标题】:Can not start NIFI on kerberos enabled 3 node cluster 【发布时间】:2018-10-28 06:29:18 【问题描述】:我正在尝试在我的三节点集群(master、node1、node2)上启动 Nifi 服务,主 Nifi 节点已安装在 master 上,而节点 1 具有 Nifi 证书授权。
我只是无法启动 nifi,下面是来自我的主节点上 ambari-agent 的日志
[main:ZooKeeper@438] - Initiating client connection, connectString=node1.bazargani.com:2181 sessionTimeout=30000 watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@6438a396\n2018-10-28 17:23:03,228 - INFO [main-SendThread(node1.bazargani.com:2181):Login@294] - successfully logged in.\n2018-10-28 17:23:03,236 - INFO [Thread-0:Login$1@127] - TGT refresh thread started.\n2018-10-28 17:23:03,302 - INFO [main-SendThread(node1.bazargani.com:2181):ZooKeeperSaslClient$1@289] - Client will use GSSAPI as SASL mechanism.\n2018-10-28 17:23:03,348 - INFO [Thread-0:Login@302] - TGT valid starting at: Sun Oct 28 17:22:57 AEDT 2018\n2018-10-28 17:23:03,361 - INFO [Thread-0:Login@303] - TGT expires: Mon Oct 29 17:22:57 AEDT 2018\n2018-10-28 17:23:03,373 - INFO [Thread-0:Login$1@181] - TGT refresh sleeping until: Mon Oct 29 13:31:38 AEDT 2018\n2018-10-28 17:23:03,757 - INFO [main-SendThread(node1.bazargani.com:2181):ClientCnxn$SendThread@1019] - Opening socket connection to server node1.bazargani.com/192.168.24.130:2181. Will attempt to SASL-authenticate using Login Context section 'Client'\n2018-10-28 17:23:04,171 - INFO [main-SendThread(node1.bazargani.com:2181):ClientCnxn$SendThread@864] - Socket connection established, initiating session, client: /192.168.24.129:56423, server: node1.bazargani.com/192.168.24.130:2181\n2018-10-28 17:23:04,255 - INFO [main-SendThread(node1.bazargani.com:2181):ClientCnxn$SendThread@1279] - Session establishment complete on server node1.bazargani.com/192.168.24.130:2181, sessionid = 0x266b909e303003d, negotiated timeout = 30000\n\nWATCHER::\n\nWatchedEvent state:SyncConnected type:None path:null\n\nWATCHER::\n\nWatchedEvent state:SaslAuthenticated type:None path:null\nNode does not exist: /nifi")
2018-10-28 17:23:06,000 - Nifi ZNode does not exist, so no pre-existing cluster.: /nifi
2018-10-28 17:23:06,002 - Generating NiFi Keystore and Truststore
2018-10-28 17:23:06,177 - File['/var/lib/ambari-agent/tmp/nifi-toolkit-1.5.0.3.1.1.0-35/bin/tls-toolkit.sh'] 'mode': 0755
2018-10-28 17:23:36,853 - call[['chown', 'nifi:nifi', u'/usr/hdf/current/nifi/conf/keystore.jks']] 'sudo': True
2018-10-28 17:23:36,941 - call returned (0, '')
2018-10-28 17:23:36,942 - call[['chown', 'nifi:nifi', u'/usr/hdf/current/nifi/conf/truststore.jks']] 'sudo': True
2018-10-28 17:23:36,979 - call returned (0, '')
2018-10-28 17:23:36,984 - File['/usr/hdf/current/nifi/conf/config_version'] 'content': '"ssl": "version1540705185883"', 'owner': 'nifi', 'group': 'nifi', 'mode': 0600
2018-10-28 17:23:36,985 - Writing File['/usr/hdf/current/nifi/conf/config_version'] because it doesn't exist
2018-10-28 17:23:36,986 - Changing owner for /usr/hdf/current/nifi/conf/config_version from 0 to nifi
2018-10-28 17:23:36,989 - Changing group for /usr/hdf/current/nifi/conf/config_version from 0 to nifi
2018-10-28 17:23:36,989 - Changing permission for /usr/hdf/current/nifi/conf/config_version from 644 to 600
2018-10-28 17:23:37,009 - PropertiesFile['/usr/hdf/current/nifi/conf/nifi.properties'] 'owner': 'nifi', 'group': 'nifi', 'mode': 0600, 'properties': ...
2018-10-28 17:23:37,076 - Generating properties file: /usr/hdf/current/nifi/conf/nifi.properties
2018-10-28 17:23:37,079 - File['/usr/hdf/current/nifi/conf/nifi.properties'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0600
2018-10-28 17:23:37,618 - Writing File['/usr/hdf/current/nifi/conf/nifi.properties'] because contents don't match
2018-10-28 17:23:37,638 - File['/usr/hdf/current/nifi/conf/bootstrap.conf'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0600
2018-10-28 17:23:37,653 - File['/usr/hdf/current/nifi/conf/logback.xml'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0400
2018-10-28 17:23:37,665 - File['/usr/hdf/current/nifi/conf/state-management.xml'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0400
2018-10-28 17:23:37,776 - File['/usr/hdf/current/nifi/conf/authorizers.xml'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0600
2018-10-28 17:23:37,780 - Writing File['/usr/hdf/current/nifi/conf/authorizers.xml'] because contents don't match
2018-10-28 17:23:37,806 - File['/usr/hdf/current/nifi/conf/login-identity-providers.xml'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0600
2018-10-28 17:23:37,834 - File['/usr/hdf/current/nifi/bin/nifi-env.sh'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0755
2018-10-28 17:23:37,843 - File['/usr/hdf/current/nifi/conf/bootstrap-notification-services.xml'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0400
2018-10-28 17:23:37,852 - File['/usr/hdf/current/nifi/conf/nifi_jaas.conf'] 'owner': 'nifi', 'content': InlineTemplate(...), 'group': 'nifi', 'mode': 0400
2018-10-28 17:23:37,872 - Encrypting NiFi sensitive configuration properties
2018-10-28 17:23:37,874 - File['/var/lib/ambari-agent/tmp/nifi-toolkit-1.5.0.3.1.1.0-35/bin/encrypt-config.sh'] 'mode': 0755
2018-10-28 17:23:38,010 - Execute[('/var/lib/ambari-agent/tmp/nifi-toolkit-1.5.0.3.1.1.0-35/bin/encrypt-config.sh', '-v', '-b', '/usr/hdf/current/nifi/conf/bootstrap.conf', '-n', '/usr/hdf/current/nifi/conf/nifi.properties', '-l', '/usr/hdf/current/nifi/conf/login-identity-providers.xml', '-a', '/usr/hdf/current/nifi/conf/authorizers.xml', '-p', [PROTECTED])] 'environment': 'JAVA_OPTS': '-Xms128m -Xmx256m', 'JAVA_HOME': '/usr/java/jdk1.8.0_181', 'logoutput': False, 'user': 'nifi'
2018-10-28 17:24:01,909 - Skipping stack-select on NIFI because it does not exist in the stack-select package structure.
Command failed after 1 tries
谁能建议我的配置有什么问题?
【问题讨论】:
【参考方案1】:您可能想在供应商论坛中提问或寻求他们的支持。
【讨论】:
以上是关于无法在启用 kerberos 的 3 节点集群上启动 NIFI的主要内容,如果未能解决你的问题,请参考以下文章
如何在CDH 6.3.2 启用Kerberos 中 使用sentry限制 用户读写