impala添加kerberos认证下

jzy3711
356 阅读1分钟

持续创作,加速成长!这是我参与「掘金日新计划 · 10 月更文挑战」的第2天,点击查看活动详情

书接上文

kerberos操作

5.(可选)测试合并的 keytab 文件中的凭据是否有效,以及 “续订截止日期”是否在将来。例如:

$ klist -e -k -t impala-http.keytab

image.png 6.将impala-http.keytab文件复制到 Impala 配置目录。将权限更改为仅供文件所有者读取,并将文件所有者更改为impala用户。默认情况下,Impala 用户和组都命名为impala. 例如:

$ cp impala-http.keytab /etc/impala/conf
$ cd /etc/impala/conf
$ chmod 400 impala-http.keytab
$ chown impala:impala impala-http.keytab

实际执行

$ cp impala-http.keytab /etc/impala/conf
$ cd /etc/impala/conf
#400这个我没执行也没问题
$ chmod 400 impala-http.keytab
$ chown impala:impala impala-http.keytab

7.将 Kerberos 选项添加到 Impala 默认文件 /etc/default/impala。使用和 变量为impalad和statestored守护进程 添加选项 。例如,您可以添加:

IMPALA_SERVER_ARGS IMPALA_STATE_STORE_ARGS
-kerberos_reinit_interval=60
-principal=impala_1/impala_host.example.com@TEST.EXAMPLE.COM
-keytab_file=/path/to/impala.keytab

实际完整配置文件/etc/default/impala

IMPALA_CATALOG_ARGS=" -log_dir=${IMPALA_LOG_DIR}  -state_store_host=${IMPALA_STATE_STORE_HOST}  -kerberos_reinit_interval=60 -principal=impala/master.am.com@AM.COM -keytab_file=/etc/impala/conf/impala-http.keytab"
IMPALA_STATE_STORE_ARGS=" -log_dir=${IMPALA_LOG_DIR} -state_store_port=${IMPALA_STATE_STORE_PORT} -kerberos_reinit_interval=60 -principal=impala/master.am.com@AM.COM -keytab_file=/etc/impala/conf/impala-http.keytab"
IMPALA_SERVER_ARGS=" \
    -log_dir=${IMPALA_LOG_DIR} \
    -catalog_service_host=${IMPALA_CATALOG_SERVICE_HOST} \
    -state_store_port=${IMPALA_STATE_STORE_PORT} \
    -use_statestore=true \
    -state_store_host=${IMPALA_STATE_STORE_HOST} \
    -be_port=${IMPALA_BACKEND_PORT} \
    -kudu_master_hosts=10.1.251.124:7051 \
    -kerberos_reinit_interval=60 \
    -principal=impala/master.am.com@AM.COM \
    -keytab_file=/etc/impala/conf/impala-http.keytab"

ENABLE_CORE_DUMPS=false

# LIBHDFS_OPTS=-Djava.library.path=/usr/lib/impala/lib
# MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
# IMPALA_BIN=/usr/lib/impala/sbin
# IMPALA_HOME=/usr/lib/impala
# HIVE_HOME=/usr/lib/hive
# HBASE_HOME=/usr/lib/hbase
# IMPALA_CONF_DIR=/etc/impala/conf
# HADOOP_CONF_DIR=/etc/impala/conf
# HIVE_CONF_DIR=/etc/impala/conf
# HBASE_CONF_DIR=/etc/impala/conf

有关更改 /etc/default/impala中指定的 Impala 默认值的更多信息,请参阅 修改 Impala 启动选项。

注意: 重新启动impalad和statestored以使这些配置更改生效。

8.重启impala服务

service impala-state-store restart
service impala-catalog restart
service impala-server restart

9启动impala-shell -k验证一下

[root@master ~]# impala-shell -k
Starting Impala Shell using Kerberos authentication
Using service name 'impala'
Connected to master.am.com:21000
Server version: impalad version 2.7.0-IMPALA_KUDU-cdh5 RELEASE (build 10d4ebec3c23961218e972e74e9d342ffc417af1)
***********************************************************************************
Welcome to the Impala shell. Copyright (c) 2015 Cloudera, Inc. All rights reserved.
(Impala Shell v2.6.0-cdh5.8.0 (8d8652f) built on Tue Jul 12 15:43:17 PDT 2016)

You can change the Impala daemon that you're connected to by using the CONNECT
command.To see how Impala will plan to run your query without actually executing
it, use the EXPLAIN command. You can change the level of detail in the EXPLAIN
output by setting the EXPLAIN_LEVEL query option.
***********************************************************************************
[master.am.com:21000] > create table jzy (id int);
avatar
文章
阅读
粉丝