cdh版本:Cloudera Express 6.1.0
报错现象:If the ‘renew until’ date is the same as the ‘valid starting’ date, the ticket cannot be renewed. Please check your KDC configuration, and the ticket renewal policy (maxrenewlife) for the ‘xxx/xxx@xxx.COM’ and `krbtgt’ principals.
第一次尝试:
按照官网尝试一遍(https://docs.cloudera.com/documentation/manager/5-1-x/Configuring-Hadoop-Security-with-Cloudera-Manager/cm5chs_enable_hue_sec_s10.html):
验证有效期如下图所示:
第二次尝试:
手动生成hue.keytab。然后认证用户hue/xxx
第一步:kadmin.local -q “xst -k /tmp/hue.keytab hue/xxx@xxx.COM“
第二步:kinit -kt /tmp/hue.keytab hue/xxx
第三次尝试:
将日志中提到的文件(/var/run/cloudera-scm-agent/process/164-hue-KT_RENEWER/hue.keytab)拷贝到/tmp/目录下。执行脚本认证(事前已清除原认证):
kinit -kt /tmp/hue.keytab hue/xxx
[TencentCloudSDKException] code:FailedOperation.ServiceIsolate message:service is stopped due to arrears, please recharge your account in Tencent Cloud requestId:d94575d5-e101-4cb4-a9d3-e667267bc542
[En]
[TencentCloudSDKException] code:FailedOperation.ServiceIsolate message:service is stopped due to arrears, please recharge your account in Tencent Cloud requestId:6423b73d-82f6-40c2-9c6b-0aa04e467206
第四次尝试:
参考github解决方案(https://github.com/cloudera/hue/issues/2695),校验自己的hue缓存,返回的信息果然有问题。
于是尝试将kerberos交给cdh管理。KTR顺利启动,并能够稳定运行。
第五次尝试:
然而交给cdh管理后,并没有结束。现在尝试复现之前的问题,先停用了kerberos,再重新启用kerberos(不交给cdh管理),之前的问题无法复现。缓存信息如下:
总结
[TencentCloudSDKException] code:FailedOperation.ServiceIsolate message:service is stopped due to arrears, please recharge your account in Tencent Cloud requestId:9c5a2f62-4fd9-4852-b0ac-79d4775f1d5f
[En]
[TencentCloudSDKException] code:FailedOperation.ServiceIsolate message:service is stopped due to arrears, please recharge your account in Tencent Cloud requestId:3a58624c-a5d7-4471-9359-9c815144538e
Original: https://www.cnblogs.com/tangshanqun/p/16715750.html
Author: 踩坑臭皮匠
Title: cdh环境:hue集成kerberos无法启动ktr问题处理过程
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/562042/
转载文章受原作者版权保护。转载请注明原作者出处!