CDH配置kerberos后无法重启

配置kerberos后，在web界面重启服务ok。
但有一个警告：Cloudera recommends at least Level 1 TLS when Kerberos is enabled for CDH clusters.

设置了上面的这个后，然后vim /etc/cloudera-scm-agent/config.ini
配置了：

[Security] # Use TLS and certificate validation when connecting to the CM server. use_tls=1

然后service cloudera-scm-server restart  重启服务，但一直起不来，报错如下：
2016-05-24 15:31:54,843 INFO MainThread:org.mortbay.log: jetty-6.1.26.cloudera.4
2016-05-24 15:31:54,888 WARN MainThread:org.mortbay.log: failed SslSelectChannelConnector@0.0.0.0:7182: java.io.FileNotFoundException: /var/lib/cloudera-scm-server/.keystore (没有那个文件或目录)
2016-05-24 15:31:54,888 WARN MainThread:org.mortbay.log: failed Server@17a7ad7b: java.io.FileNotFoundException: /var/lib/cloudera-scm-server/.keystore (没有那个文件或目录)
2016-05-24 15:31:54,889 ERROR MainThread:com.cloudera.server.cmf.Main: Failed to start Agent listener.
2016-05-24 15:31:54,889 ERROR MainThread:com.cloudera.server.cmf.Main: Server failed.
org.apache.avro.AvroRuntimeException: java.io.FileNotFoundException: /var/lib/cloudera-scm-server/.keystore (没有那个文件或目录)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:89)
        at com.cloudera.server.cmf.Main.startAgentServer(Main.java:571)
        at com.cloudera.server.cmf.Main.startAvro(Main.java:483)
        at com.cloudera.server.cmf.Main.run(Main.java:620)
        at com.cloudera.server.cmf.Main.main(Main.java:217)
Caused by: java.io.FileNotFoundException: /var/lib/cloudera-scm-server/.keystore (没有那个文件或目录)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.mortbay.resource.FileResource.getInputStream(FileResource.java:275)
        at org.mortbay.jetty.security.SslSelectChannelConnector.createSSLContext(SslSelectChannelConnector.java:639)
        at org.mortbay.jetty.security.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:613)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at org.mortbay.jetty.Server.doStart(Server.java:235)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:87)
        ... 4 more

额，我看了下 /var/lib/cloudera-scm-server/.keystore 这个文件的确不存在的，要如何解决这个问题呢？

配置kerberos后，需生成客户端和服务端key.跟ssh一样的。






了解Hadoop Kerberos安全机制
http://www.aboutyun.com/forum.php?mod=viewthread&tid=9943


如何产生，楼主可以参考官网：
http://www.cloudera.com/documentation/enterprise/5-2-x/topics/cm_sg_create_key_trust.html

启用kerberos，没有配置过TLS~~

hahaxixi 发表于 2016-5-24 21:09
启用kerberos，没有配置过TLS~~

恩 的确没配置TSL，看到那个提示直接就去处理，结果它还有前置要求……

@grinsky，楼主，我现在，也是遇到你这个问题了，求帮助！