当oozie客户端使用kerberos在cdh集群中提交spark作业时发生accesscontrolexception

webghufk 于 2021-07-15 发布在 Hadoop

关注(0)|答案(0)|浏览(294)

我试图编写一个java程序来访问cdh集群，并通过oozie客户端远程启动spark作业，oozie生成了没有权限的调度任务应用程序1608628864933 0644。
日志为：

Job ID : 0000016-201228112729008-oozie-oozi-W
------------------------------------------------------------------------------------------------------------------------------------
Workflow Name : etl(A30)
App Path      : hdfs://gac-bd-pro-nn02.bd.gac.com:8020/user/x4n/project/20201102170800000
Status        : KILLED
Run           : 0
User          : x4n
Group         : -
Created       : 2020-12-28 11:01 GMT
Started       : 2020-12-28 11:01 GMT
Last Modified : 2020-12-28 11:01 GMT
Ended         : 2020-12-28 11:01 GMT
CoordAction ID: -

Actions
------------------------------------------------------------------------------------------------------------------------------------
ID                                                                            Status    Ext ID                 Ext Status Err Code  
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@:start:                                  OK        -                      OK         -         
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@analysis-task-action                     ERROR     application_1608628864933_0644FAILED/KILLEDJA018     
------------------------------------------------------------------------------------------------------------------------------------
0000016-201228112729008-oozie-oozi-W@fail                                     OK        -                      OK         E0729     
------------------------------------------------------------------------------------------------------------------------------------

Launcher exception: DestHost:destPort gac-bd-pro-nn01.bd.gac.com:8020 , LocalHost:localPort gac-bd-pro-dn18.bd.gac.com/10.88.20.18:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
        at org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:173)
        at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:390)
        at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:622)
        at org.apache.hadoop.ipc.Client$Connection.access$2300(Client.java:413)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:822)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:818)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1898)

hadoop apache-spark kerberos oozie-workflow

来源：https://stackoverflow.com/questions/65501765/accesscontrolexception-when-oozie-client-submit-spark-job-in-cdh-cluster-with-ke