kerberos认证的hadoopdatanode起不来

cdh5.2.0的rpm安装的集群,使用kerberos认证,格式化namenode后正常起来了,但是启动datanode的时候报错.
************************************************************/
2014-12-18 12:45:47,069 INFO org.apache.hadoop.hdfs.server.datanode.DataNode: registered UNIX signal handlers for [TERM, HUP, INT]
2014-12-18 12:45:47,418 WARN org.apache.hadoop.hdfs.server.common.Util: Path /hadoopdata/hadoop/data should be specified as a URI in configuration files. Please update hdfs configuration.
2014-12-18 12:45:48,565 INFO org.apache.hadoop.security.UserGroupInformation: Login successful for user hdfs/hadoop6@EXAMPLE.COM using keytab file /etc/hadoop/conf/hdfs.keytab
2014-12-18 12:45:48,869 INFO org.apache.hadoop.metrics2.impl.MetricsConfig: loaded properties from hadoop-metrics2.properties
2014-12-18 12:45:49,028 INFO org.apache.hadoop.metrics2.impl.MetricsSystemImpl: Scheduled snapshot period at 10 second(s).
2014-12-18 12:45:49,028 INFO org.apache.hadoop.metrics2.impl.MetricsSystemImpl: DataNode metrics system started
2014-12-18 12:45:49,035 INFO org.apache.hadoop.hdfs.server.datanode.DataNode: File descriptor passing is enabled.
2014-12-18 12:45:49,038 INFO org.apache.hadoop.hdfs.server.datanode.DataNode: Configured hostname is hadoop6
2014-12-18 12:45:49,039 FATAL org.apache.hadoop.hdfs.server.datanode.DataNode: Exception in secureMain
java.lang.RuntimeException: Cannot start secure DataNode without configuring either privileged resources or SASL RPC data transfer protection and SSL for HTTP.  Using privileged resources in combination with SASL RPC data transfer protection is not supported.
      at org.apache.hadoop.hdfs.server.datanode.DataNode.checkSecureConfig(DataNode.java:926)
      at org.apache.hadoop.hdfs.server.datanode.DataNode.startDataNode(DataNode.java:825)
      at org.apache.hadoop.hdfs.server.datanode.DataNode.<init>(DataNode.java:382)
      at org.apache.hadoop.hdfs.server.datanode.DataNode.makeInstance(DataNode.java:2055)
      at org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:1942)
      at org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:1989)
      at org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:2165)
      at org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:2189)
2014-12-18 12:45:49,046 INFO org.apache.hadoop.util.ExitUtil: Exiting with status 1
2014-12-18 12:45:49,054 INFO org.apache.hadoop.hdfs.server.datanode.DataNode: SHUTDOWN_MSG:
/************************************************************
SHUTDOWN_MSG: Shutting down DataNode at hadoop6/10.80.14.26
************************************************************/

谁能帮忙看下 ,谢谢

ckaiwj1314 · 发表于 2014-12-18 15:55:22

自己顶,好像是和特权资源有关,但是不太懂,求教了.

gefieder · 发表于 2014-12-18 16:44:37

这里有关于hadoop的配置，可以参考，二者的配置应该是一样的。

配置如下：

<!-- General HDFS security config -->
<property>
  <name>dfs.block.access.token.enable</name>
  <value>true</value>
</property>
 
<!-- NameNode security config -->
<property>
  <name>dfs.https.address</name>
  <value><fully qualified domain name of NN>:50470</value>
</property>
<property>
  <name>dfs.https.port</name>
  <value>50470</value>
</property>
<property>
  <name>dfs.namenode.keytab.file</name>
  <value>/usr/local/hadoop/conf/hdfs.keytab</value> <!-- path to the HDFS keytab -->
</property>
<property>
  <name>dfs.namenode.kerberos.principal</name>
  <value>hdfs/_HOST@YOUR-REALM.COM</value>
</property>
<property>
  <name>dfs.namenode.kerberos.https.principal</name>
  <value>host/_HOST@YOUR-REALM.COM</value>
</property>
 
<!-- Secondary NameNode security config -->
<property>
  <name>dfs.secondary.https.address</name>
  <value><fully qualified domain name of 2NN>:50495</value>
</property>
<property>
  <name>dfs.secondary.https.port</name>
  <value>50495</value>
</property>
<property>
  <name>dfs.secondary.namenode.keytab.file</name>
  <value>/usr/local/hadoop/conf/hdfs.keytab</value> <!-- path to the HDFS keytab -->
</property>
<property>
  <name>dfs.secondary.namenode.kerberos.principal</name>
  <value>hdfs/_HOST@YOUR-REALM.COM</value>
</property>
<property>
  <name>dfs.secondary.namenode.kerberos.https.principal</name>
  <value>host/_HOST@YOUR-REALM.COM</value>
</property>
 
<!-- DataNode security config -->
<property>
  <name>dfs.datanode.data.dir.perm</name>
  <value>700</value>
</property>
<property>
  <name>dfs.datanode.address</name>
  <value>0.0.0.0:1004</value>
</property>
<property>
  <name>dfs.datanode.http.address</name>
  <value>0.0.0.0:1006</value>
</property>
<property>
  <name>dfs.datanode.keytab.file</name>
  <value>/usr/local/hadoop/conf/hdfs.keytab</value> <!-- path to the HDFS keytab -->
</property>
<property>
  <name>dfs.datanode.kerberos.principal</name>
  <value>hdfs/_HOST@YOUR-REALM.COM</value>
</property>
<property>
  <name>dfs.datanode.kerberos.https.principal</name>
  <value>host/_HOST@YOUR-REALM.COM</value>
</property>
复制代码