美文网首页
yarn基础Kerberos

yarn基础Kerberos

作者: xuefly | 来源:发表于2018-05-14 16:59 被阅读68次

    隶属于文章系列:大数据安全实战 https://www.jianshu.com/p/76627fd8399c

    YARN配置Kerberos认证 - CSDN博客

    #!/bin/bash

kadmin.local -q "addprinc -randkey yarn/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "addprinc -randkey yarn/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey yarn/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey yarn/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey yarn/v-hadoop5-kbds.sz.kingdee.net "

kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  yarn/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  yarn/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  yarn/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  yarn/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  yarn/v-hadoop5-kbds.sz.kingdee.net "


kadmin.local -q "addprinc -randkey mapred/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "addprinc -randkey mapred/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey mapred/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey mapred/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey mapred/v-hadoop5-kbds.sz.kingdee.net "

kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  mapred/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  mapred/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  mapred/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  mapred/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/yarn-service.keytab  mapred/v-hadoop5-kbds.sz.kingdee.net "

    yarn-site.xml

    <property>
  <name>yarn.resourcemanager.keytab</name>
  <value>/etc/hadoop/conf/yarn-service.keytab</value>
</property>
<property>
  <name>yarn.resourcemanager.principal</name>
  <value>yarn/_HOST@TT.COM</value>
</property>

<property>
  <name>yarn.nodemanager.keytab</name>
  <value>/etc/hadoop/conf/yarn-service.keytab</value>
</property>
<property>
  <name>yarn.nodemanager.principal</name>
  <value>yarn/_HOST@TT.COM</value>
</property>
<property>
  <name>yarn.nodemanager.container-executor.class</name>
  <value>org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor</value>
</property>
<property>
  <name>yarn.nodemanager.linux-container-executor.group</name>
  <value>yarn</value>
</property>

    修改 mapred-site.xml,添加如下配置:

    <property>
  <name>mapreduce.jobhistory.keytab</name>
  <value>/etc/hadoop/conf/yarn-service.keytab</value>
</property>
<property>
  <name>mapreduce.jobhistory.principal</name>
  <value>mapred/_HOST@TT.COM</value>
</property>

    chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg
chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg
chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop
chown root:kduser /var/opt/hadoop-2.7.4/etc
chown root:kduser /var/opt/hadoop-2.7.4
chown root:kduser /var/opt
chown root:kduser /var/opt/hadoop-2.7.4/bin/container-executor
chmod 6050 /var/opt/hadoop-2.7.4/bin/container-executor



chown root:kdsuer /var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg ; chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg ; chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop ; chown root:kduser /var/opt/hadoop-2.7.4/etc ; chown root:kduser /var/opt/hadoop-2.7.4 ; chown root:kduser /var/opt ; chown root:kduser /var/opt/hadoop-2.7.4/bin/container-executor ; chmod 6050 /var/opt/hadoop-2.7.4/bin/container-executor ;



ansible hadoop --become  -m shell -a "chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg ; chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg ; chown root:kduser /var/opt/hadoop-2.7.4/etc/hadoop ; chown root:kduser /var/opt/hadoop-2.7.4/etc ; chown root:kduser /var/opt/hadoop-2.7.4 ; chown root:kduser /var/opt ; chown root:kduser /var/opt/hadoop-2.7.4/bin/container-executor ; chmod 6050 /var/opt/hadoop-2.7.4/bin/container-executor ;"

ansible hadoop --become -m copy -a "src=/etc/hadoop/conf/yarn-service.keytab  dest=/etc/hadoop/conf/yarn-service.keytab "

ansible hadoop --become -m copy -a "src=/var/opt/hadoop-2.7.4/etc/hadoop/yarn-site.xml dest=/var/opt/hadoop-2.7.4/etc/hadoop/yarn-site.xml"


ansible hadoop --become -m copy -a "src=/var/opt/hadoop-2.7.4/etc/hadoop/mapred-site.xml dest=/var/opt/hadoop-2.7.4/etc/hadoop/mapred-site.xml"

ansible hadoop --become -m copy -a "src=/var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg dest=/var/opt/hadoop-2.7.4/etc/hadoop/container-executor.cfg"

    测试

    # 用hdfs用户执行
kinit hdfs
hdfs dfs -mkdir -p /user/kduser
hdfs dfs -mkdir /user/kduser/input
hdfs dfs -mkdir /user/kduser/output
hdfs dfs -chown -r  kduser:kduser  /user/kduser
hdfs dfs -chown -R   kduser:kduser  /user/kduser

#mapreduce执行过程中需要在tmp中创建临时文件
hdfs dfs -mkdir /tmp
hdfs dfs -chmod 777  /tmp



# 用kduser用户执行
kinit kduser
klist -e
hdfs dfs -put word.txt  ./input/

hadoop jar /var/opt/hadoop-2.7.4/share/hadoop/mapreduce/hadoop-mapreduce-examples-2.7.4.jar   wordcount  /user/kduser/input /user/kduser/output/0321

    相关文章

      网友评论

          本文标题:yarn基础Kerberos

          本文链接:https://www.haomeiwen.com/subject/rqejdftx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|yarn基础Kerberos|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!