集群说明:
【SSD集群1】
10.129.168.80
10.129.168.156
10.129.165.105
10.129.69.251
【SSD集群2】
10.129.160.24
10.129.160.13
10.129.160.46
开启认证CM的认证配置截屏,KDC server保持一致
可以在kerberos服务器查询所有的认证内容,筛选选其他hdfs相关的认证信息看到2个集群机器都在
[bx-16:06:13root@a2-test-kerberos-8-33 /root]
#kadmin.local -q "list_principals" | grep hdfs | grep data
hdfs/a2-test-datanode-16-20.sh@hadoop.com
hdfs/a2-test-datanode-16-21.sh@hadoop.com
hdfs/a2-test-datanode-16-22.sh@hadoop.com
hdfs/a2-test-datanode-20-14.sh@hadoop.com
hdfs/a2-test-datanode-20-17.sh@hadoop.com
hdfs/a2-test-datanode-32-34.sh@hadoop.com
hdfs/a2-test-datanode-64-154.sh@hadoop.com
hdfs/a2-test-datanode-vm-66-156.sh@hadoop.com
hdfs/b2-cm-datanode-22-220.sh@hadoop.com
hdfs/b2-test-datanode-18-244.sh@hadoop.com
hdfs/b2-test-datanode-22-151.sh@hadoop.com
hdfs/b2-test-datanode-22-63.sh@hadoop.com
(1)分别在2个集群服务器上查看认证kerberos和查询用户正常使用
SSD1集群
#id risk_user1
uid=90002(risk_user1) gid=30002(pt_group) groups=30002(pt_group)
[bx-11:02:41root@a2-prod-buffer-165-105 /home/admin]
#/usr/bin/kinit -k -t /home/admin/hadoop.keytab hadoop/admin
[bx-11:03:28root@a2-prod-buffer-165-105 /home/admin]
#klist
Ticket cache: FILE:/home/admin/cache_file/krb5cc_0
Default principal: hadoop/admin@hadoop.com
Valid starting Expires Service principal
03/22/2024 11:03:28 03/23/2024 11:03:28 krbtgt/hadoop.com@hadoop.com
renew until 03/29/2024 11:03:28
[bx-11:03:30root@a2-prod-buffer-165-105 /home/admin]
#hadoop fs -ls /
Found 3 items
drwxr-xr-x - hadoop supergroup 0 2024-03-19 16:30 /system
drwxrwxrwt - hdfs supergroup 0 2024-03-14 10:07 /tmp
drwxr-xr-x - hdfs supergroup 0 2024-03-14 15:40 /user
[bx-11:03:37root@a2-prod-buffer-165-105 /home/admin]
#hive
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=512M; support was removed in 8.0
2024-03-22 11:04:55,315 WARN [main] mapreduce.TableMapReduceUtil: The hbase-prefix-tree module jar containing PrefixTreeCodec is not present. Continuing without it.
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize