dolphinscheduler配置kerberos時,出錯,bug如下:

[INFO] 2023-06-21 16:51:43.887 org.apache.dolphinscheduler.api.aspect.AccessLogAspect:[90] - REQUEST TRACE_ID:0077e32a-ee36-42d4-a7d8-de379a20cd00, LOGIN_USER:admin, URI:/dolphinscheduler/queues/list, METHOD:GET, HANDLER:org.apache.dolphinscheduler.api.controller.QueueController.queryList, ARGS:{}
[INFO] 2023-06-21 16:51:48.372 org.apache.dolphinscheduler.api.aspect.AccessLogAspect:[90] - REQUEST TRACE_ID:36c8e6f9-6abf-4fc4-870d-a22d650113c2, LOGIN_USER:admin, URI:/dolphinscheduler/tenants/verify-code, METHOD:GET, HANDLER:org.apache.dolphinscheduler.api.controller.TenantController.verifyTenantCode, ARGS:{tenantCode=hdfs}
[INFO] 2023-06-21 16:51:48.409 org.apache.dolphinscheduler.api.aspect.AccessLogAspect:[90] - REQUEST TRACE_ID:9a580ebf-d728-4690-bfab-19d9f94795dd, LOGIN_USER:admin, URI:/dolphinscheduler/tenants, METHOD:POST, HANDLER:org.apache.dolphinscheduler.api.controller.TenantController.createTenant, ARGS:{queueId=1, description=, tenantCode=hdfs}
[WARN] 2023-06-21 16:51:48.542 org.apache.hadoop.util.NativeCodeLoader:[62] - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
[ERROR] 2023-06-21 16:51:48.589 org.apache.dolphinscheduler.common.utils.HadoopUtils:[174] - Login failure for hdfs/hadoop@EXAMPLE.COM from keytab /etc/security/keytab/hdfs.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user

java.io.IOException: Login failure for hdfs/hadoop@EXAMPLE.COM from keytab /etc/security/keytab/hdfs.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user

	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:963)
	at org.apache.dolphinscheduler.common.utils.CommonUtils.loadKerberosConf(CommonUtils.java:132)
	at org.apache.dolphinscheduler.common.utils.CommonUtils.loadKerberosConf(CommonUtils.java:100)
	at org.apache.dolphinscheduler.common.utils.HadoopUtils.init(HadoopUtils.java:131)
	at org.apache.dolphinscheduler.common.utils.HadoopUtils.<init>(HadoopUtils.java:95)
	at org.apache.dolphinscheduler.common.utils.HadoopUtils.<init>(HadoopUtils.java:67)
	at org.apache.dolphinscheduler.common.utils.HadoopUtils$1.load(HadoopUtils.java:85)
	at org.apache.dolphinscheduler.common.utils.HadoopUtils$1.load(HadoopUtils.java:82)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2273)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2156)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2046)
	at com.google.common.cache.LocalCache.get(LocalCache.java:3943)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3967)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4952)
	at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4958)
	at org.apache.dolphinscheduler.common.utils.HadoopUtils.getInstance(HadoopUtils.java:101)
	at org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl.createTenantDirIfNotExists(BaseServiceImpl.java:135)
	at org.apache.dolphinscheduler.api.service.impl.TenantServiceImpl.createTenant(TenantServiceImpl.java:116)
	at org.apache.dolphinscheduler.api.service.impl.TenantServiceImpl$$FastClassBySpringCGLIB$$fcc8d845.invoke(<generated>)
	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
	at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
	at org.apache.dolphinscheduler.api.service.impl.TenantServiceImpl$$EnhancerBySpringCGLIB$$6ca00761.createTenant(<generated>)
	at org.apache.dolphinscheduler.api.controller.TenantController.createTenant(TenantController.java:91)
	at org.apache.dolphinscheduler.api.controller.TenantController$$FastClassBySpringCGLIB$$24aaa089.invoke(<generated>)
	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
	at org.apache.dolphinscheduler.api.aspect.AccessLogAspect.doAround(AccessLogAspect.java:101)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
	at org.apache.dolphinscheduler.api.controller.TenantController$$EnhancerBySpringCGLIB$$b8f7531f.createTenant(<generated>)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:517)
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:584)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
	at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1631)
	at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
	at com.github.xiaoymin.swaggerbootstrapui.filter.SecurityBasicAuthFilter.doFilter(SecurityBasicAuthFilter.java:84)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
	at com.github.xiaoymin.swaggerbootstrapui.filter.ProductionSecurityFilter.doFilter(ProductionSecurityFilter.java:53)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:763)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:400)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:645)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:392)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

這個說明是kerberos認證失敗,意味著是權限的問題
去查看了秘鑰的權限:

[root@hadoop102 security]# cd keytab/
[root@hadoop102 keytab]# ll
total 48
-rw-rw---- 1 root hadoop 1682 Jun 16 10:15 dn.service.keytab
-rw------- 1 root hadoop  554 Jun 19 11:59 hdfs.keytab
-rw-rw---- 1 root hadoop 1154 Jun 21 09:26 hive.service.keytab
-rw-rw---- 1 root hadoop 1706 Jun 16 10:15 jhs.service.keytab
-rw-rw---- 1 root hadoop 3426 Jun 16 10:15 jn.service.keytab
-rw-rw---- 1 root hadoop 2246 Jun 17 14:14 keystore
-rw-rw---- 1 root hadoop 1682 Jun 16 10:15 nm.service.keytab
-rw-rw---- 1 root hadoop 2242 Jun 16 10:15 nn.service.keytab
-rw-rw---- 1 root hadoop 1122 Jun 16 10:15 rm.service.keytab
-rw-r--r-- 1 root hadoop 1834 Jun 17 11:04 rsa_private.key
-rw-rw---- 1 root hadoop 1730 Jun 16 10:15 spnego.service.keytab
-rw-rw---- 1 root hadoop 1234 Jun 16 10:02 zookeeper.keytab

看到這裡就知道問題在哪裡了,我的 hdfs.keytab權限是rw,是因為我之前刪掉了這個文件,再重新創建了,忘記去更改權限了
解決方案:
加個權限就可以了

[root@hadoop102 keytab]# chown -R root:hadoop /etc/security/keytab/
[root@hadoop102 keytab]# chmod 660 /etc/security/keytab/*
[root@hadoop102 keytab]# ll
total 48
-rw-rw---- 1 root hadoop 1682 Jun 16 10:15 dn.service.keytab
-rw-rw---- 1 root hadoop  554 Jun 19 11:59 hdfs.keytab
-rw-rw---- 1 root hadoop 1154 Jun 21 09:26 hive.service.keytab
-rw-rw---- 1 root hadoop 1706 Jun 16 10:15 jhs.service.keytab
-rw-rw---- 1 root hadoop 3426 Jun 16 10:15 jn.service.keytab
-rw-rw---- 1 root hadoop 2246 Jun 17 14:14 keystore
-rw-rw---- 1 root hadoop 1682 Jun 16 10:15 nm.service.keytab
-rw-rw---- 1 root hadoop 2242 Jun 16 10:15 nn.service.keytab
-rw-rw---- 1 root hadoop 1122 Jun 16 10:15 rm.service.keytab
-rw-rw---- 1 root hadoop 1834 Jun 17 11:04 rsa_private.key
-rw-rw---- 1 root hadoop 1730 Jun 16 10:15 spnego.service.keytab
-rw-rw---- 1 root hadoop 1234 Jun 16 10:02 zookeeper.keytab

在重啟dolphinscheduler,成功,拿了兩個例子進行測試
在这里插入图片描述

Logo

开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!

更多推荐