sun created KUDU-3236:
-------------------------
Summary: erver
krbtgt/[email protected] not found in Kerberos
database
Key: KUDU-3236
URL: https://issues.apache.org/jira/browse/KUDU-3236
Project: Kudu
Issue Type: Task
Components: authz
Affects Versions: 1.10.0
Environment: Centos7.7 kudu-1.10.0-cdh6.3.0
Reporter: sun
hi everybody,
When I started Kerberos for kudu according to the official documents, I found
that the result was not satisfactory:(:(. The kudu is containerized and
installed on the big data platform. After I configured Kerberos according to
the official documents, I found that tserver could not be registered in the
master。What I expect is krbtgt/[email protected] ,but
got krbtgt/[email protected].:( . could anybody
give me some tips? thanks in advance.
The kudu master.gflagfile:
--log_dir=/opt/java/kudu/master/logs
--fs_wal_dir=/opt/java/kudu/master/wal
--fs_data_dirs=/opt/java/kudu/master/data/1,/opt/java/kudu/master/data/2,/opt/java/kudu/master/data/3
--raft_get_node_instance_timeout_ms=300000
--webserver_port=8051
--master_addresses=
service-kudu-xueliang-master-0:7051,service-kudu-xueliang-master-1:7051,service-kudu-xueliang-master-2:7051
--block_cache_capacity_mb=512
--memory_limit_hard_bytes=0
--rpc_service_queue_length=50
--max_clock_sync_error_usec=10000000
--maintenance_manager_num_threads=1
--webserver_doc_root=/opt/java/kudu/www
--rpc_encryption=required
--rpc_authentication=required
--trusted_subnets=0.0.0.0/0
--keytab_file=/opt/java/kudu/conf/kuduxueliang.keytab
The kudu tserver.gflagfile:
--log_dir=/opt/java/kudu/tserver/logs
--fs_wal_dir=/opt/java/kudu/tserver/wal
--fs_data_dirs=/opt/java/kudu/tserver/data/1
--webserver_port=8050
--tserver_master_addrs=
service-kudu-xueliang-master-0:7051,service-kudu-xueliang-master-1:7051,service-kudu-xueliang-master-2:7051
--block_cache_capacity_mb=512
--memory_limit_hard_bytes=26843545600
--rpc_service_queue_length=50
--max_clock_sync_error_usec=10000000
--maintenance_manager_num_threads=1
--webserver_doc_root=/opt/java/kudu/www
--rpc_encryption=required
--rpc_authentication=required
--trusted_subnets=0.0.0.0/0
--keytab_file=/opt/java/kudu-1.10.0-cdh6.3.0/conf/kuduxueliang.keytab
the krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BIGDATA.XUELIANG.COM
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = true
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
[realms]
BIGDATA.XUELIANG.COM = {
kdc = hdh136.bigdata.xueliang.com:88
master_kdc = hdh136.bigdata.xueliang.com:88
admin_server = hdh136.bigdata.xueliang.com:749
default_domain = bigdata.xueliang.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}
[domain_realm]
.bigdata.xueliang.com = BIGDATA.XUELIANG.COM
bigdata.xueliang.com = BIGDATA.XUELIANG.COM
hdh136.bigdata.xueliang.com = BIGDATA.XUELIANG.COM
[dbmodules]
BIGDATA.XUELIANG.COM = {
db_library = ipadb.so
}
the kudu tserver log:
heartbeater.cc:566] Failed to heartbeat to service-kudu-xueliang-master-1:7051
(7471 consecutive failures): Not authorized: Failed to ping master at
service-kudu-xueliang-master-1:7051: Client connection negotiation failed:
client connection to 10.103.68.4:7051: Server
krbtgt/[email protected] not found in Kerberos
database .
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
