http://blog.javachen.com/2014/08/25/install-azkaban.html
azkaban 的hdfs 插件配置azkaban的官方文檔 http://azkaban.github.io/azkaban/docs/2.5/#plugins 描述的很簡單,網上也有很多教程,但是配置到最后去瀏覽器上查看都是如下這個毫無提示信息的錯誤
沒有辦法,只能去下載了azkaban與azkaban-plugin的源碼來一點點排查.
azkaban 源碼地址: github.com/azkaban/azkaban
azkaban-plugin 源碼地址: github.com/azkaban/azkaban-plugins
前面的安裝步驟就不說了,請參考上面的地址.
第一個出錯的問題點排查
在azkaban-web 啟動的時候,我們會看到如下這部分信息
1 2015/07/30 14:21:39.730 +0800 INFO [HdfsBrowserServlet] [Azkaban] Initializing hadoop security manager azkaban.security.HadoopSecurityManager_H_2_0 2 2015/07/30 14:21:39.737 +0800 INFO [HadoopSecurityManager] [Azkaban] getting new instance 3 2015/07/30 14:21:39.738 +0800 INFO [HadoopSecurityManager] [Azkaban] Using hadoop config found in file:/usr/local/hadoop/etc/hadoop/ 4 2015/07/30 14:21:39.756 +0800 INFO [HadoopSecurityManager] [Azkaban] Setting fs.hdfs.impl.disable.cache to true 5 2015/07/30 14:21:39.807 +0800 INFO [HadoopSecurityManager] [Azkaban] hadoop.security.authentication set to null 6 2015/07/30 14:21:39.808 +0800 INFO [HadoopSecurityManager] [Azkaban] hadoop.security.authorization set to null 7 2015/07/30 14:21:39.808 +0800 INFO [deprecation] [Azkaban] fs.default.name is deprecated. Instead, use fs.defaultFS 8 2015/07/30 14:21:39.813 +0800 INFO [HadoopSecurityManager] [Azkaban] DFS name hdfs://namenode:9000
先看第一行,看使用的HadoopSecurityManager版本與你的hadoop版本是否一致.如果不一致修改 plugins/viewer/hdfs/conf/plugin.properties 配置,將其改為跟你hadoop版本一致的
1.x 使用 azkaban.security.HadoopSecurityManager_H_1_0
2.x 使用 azkaban.security.HadoopSecurityManager_H_2_0
hadoop.security.manager.class=azkaban.security.HadoopSecurityManager_H_2_0
再看第8行,看看打印的dfs地址與你真實的是否一致. 如果不一致在 /etc/profile 中配置好 HADOOP_HOME 與HADOOP_CONF_DIR.因為在azkaban的代碼中會直接來獲取系統中這2個環境變量
如果沒有設置,會自動給你設置一個默認值,當然無法使用了.
1 export HADOOP_HOME=/usr/local/hadoop/ 2 export HADOOP_CONF_DIR=$HADOOP_HOME/etc/hadoop/
第二個錯誤點排查
我改完上面問題之后重啟,滿懷希望的點開瀏覽器,還是無法訪問.繼續看代碼
具體調用的方法是
HadoopSecurityManager_H_2_0 類的 getFSAsUser方法,方法如下
這個類是azkaban-plugin 項目里的
1 @Override 2 public FileSystem getFSAsUser(String user) throws HadoopSecurityManagerException { 3 FileSystem fs; 4 try { 5 logger.info("Getting file system as " + user); 6 UserGroupInformation ugi = getProxiedUser(user); 7 8 if (ugi != null) { 9 fs = ugi.doAs(new PrivilegedAction<FileSystem>(){ 10 11 @Override 12 public FileSystem run() { 13 try { 14 return FileSystem.get(conf); 15 } catch (IOException e) { 16 e.printStackTrace(); 17 throw new RuntimeException(e); 18 } 19 } 20 }); 21 } 22 else { 23 fs = FileSystem.get(conf); 24 } 25 } 26 catch (Exception e) 27 { 28 e.printStackTrace(); 29 throw new HadoopSecurityManagerException("Failed to get FileSystem. ", e); 30 } 31 return fs; 32 }
加上錯誤輸出后替換部署里相應的包,再次啟動,終於可以看到錯誤了:
java.io.IOException: No FileSystem for scheme: hdfs at org.apache.hadoop.fs.FileSystem.getFileSystemClass(FileSystem.java:2385) at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2392) at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:365) at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:167) at azkaban.security.HadoopSecurityManager_H_2_0$1.run(HadoopSecurityManager_H_2_0.java:270) at azkaban.security.HadoopSecurityManager_H_2_0$1.run(HadoopSecurityManager_H_2_0.java:265) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1534) at azkaban.security.HadoopSecurityManager_H_2_0.getFSAsUser(HadoopSecurityManager_H_2_0.java:265) at azkaban.viewer.hdfs.HdfsBrowserServlet.getFileSystem(HdfsBrowserServlet.java:150) at azkaban.viewer.hdfs.HdfsBrowserServlet.handleFsDisplay(HdfsBrowserServlet.java:274) at azkaban.viewer.hdfs.HdfsBrowserServlet.handleGet(HdfsBrowserServlet.java:198) at azkaban.webapp.servlet.LoginAbstractAzkabanServlet.doGet(LoginAbstractAzkabanServlet.java:106) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:713) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
這個錯誤是因為缺少包,我們導入必要的幾個包,版本根據自己的hadoop版本一直
[hadoop@datanode1 azkaban-web-2.5.0]$ ll extlib/ total 10108 -rwxr-xr-x. 1 hadoop hdfs 41123 Jul 30 14:59 commons-cli-1.2.jar -rwxr-xr-x. 1 hadoop hdfs 57043 Jul 30 14:59 hadoop-auth-2.3.0-cdh5.1.0.jar -rwxr-xr-x. 1 hadoop hdfs 2844022 Jul 30 14:59 hadoop-common-2.3.0-cdh5.1.0.jar -rwxr-xr-x. 1 hadoop hdfs 6861199 Jul 30 14:59 hadoop-hdfs-2.3.0-cdh5.1.0.jar -rwxr-xr-x. 1 hadoop hdfs 533455 Jul 30 14:59 protobuf-java-2.5.0.jar
把這些包拷貝到 $AZKABAN_WEB_HOME/extlib 下,再次重啟.點開瀏覽器
我們看到成功了
二 設置了HadoopSecurity的集群,hdfs 插件配置
修改plugins/viewer/hdfs/conf/plugin.properties
azkaban.should.proxy=true
proxy.user=hadoop
proxy.keytab.location=/etc/hadoop.keytab
修改這3個配置
azkaban.should.proxy 改為 true
proxy.user 為hadoop kerberos的使用的用戶
proxy.keytab.location 為 keytab的位置
修改之后,重啟看頁面
HTTP ERROR 500 Problem accessing /hdfs. Reason: Error processing request: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS] Caused by: java.lang.IllegalStateException: Error processing request: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS] at azkaban.viewer.hdfs.HdfsBrowserServlet.handleGet(HdfsBrowserServlet.java:203) at azkaban.webapp.servlet.LoginAbstractAzkabanServlet.doGet(LoginAbstractAzkabanServlet.java:106) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:713) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
報錯竟然說, authentication simple 沒有開啟.我們明明已經是配置了kerberos認證了,為什么程序還認定authentication是simple的呢.
在看下 HadoopSecurityManager_H_2_0 類的構造方法
private HadoopSecurityManager_H_2_0(Props props) throws HadoopSecurityManagerException, IOException { ...省略 logger.info("hadoop.security.authentication set to " + conf.get("hadoop.security.authentication")); logger.info("hadoop.security.authorization set to " + conf.get("hadoop.security.authorization")); logger.info("DFS name " + conf.get("fs.default.name")); UserGroupInformation.setConfiguration(conf); securityEnabled = UserGroupInformation.isSecurityEnabled(); if(securityEnabled) { logger.info("The Hadoop cluster has enabled security"); shouldProxy = true; try { ...省略
截取一部分來看,顯然 securityEnabled 現在是false,所以進入到下面那個判斷中,那我們hadoop已經配置了 Security啊.
繼續看 UserGroupInformation.isSecurityEnabled() 方法
1 private static synchronized void initialize(Configuration conf) { 2 String value = conf.get("hadoop.security.authentication"); 3 if(value != null && !"simple".equals(value)) { 4 if(!"kerberos".equals(value)) { 5 throw new IllegalArgumentException("Invalid attribute value for hadoop.security.authentication of " + value); 6 } 7 8 useKerberos = true; 9 } else { 10 useKerberos = false; 11 } 12 13 if(!(groups instanceof UserGroupInformation.TestingGroups)) { 14 groups = Groups.getUserToGroupsMappingService(conf); 15 } 16 17 try { 18 KerberosName.setConfiguration(conf); 19 } catch (IOException var3) { 20 throw new RuntimeException("Problem with Kerberos auth_to_local name configuration", var3); 21 } 22 23 isInitialized = true; 24 conf = conf; 25 metrics = UgiInstrumentation.create(conf); 26 }
看第一行,是通過讀取 hadoop.security.authentication 來獲取這個值.
繼續看代碼知道azkaban讀取這些配置是從我們加入到extlib中的hadoop-common-2.3.0-cdh5.1.0.jar里的core-site.xml里獲取的,我們修改的hadoop的core-site.xml配置文件,azkaban是肯定是不會知道的.所以我們用hadoop配置目錄的里core-site.xml替換掉hadoop-common-2.3.0-cdh5.1.0.jar 中的 core-site.xml.
再次重啟,查看頁面
HTTP ERROR 500 Problem accessing /hdfs. Reason: Error processing request: User: hadoop/datanode1@HADOOP is not allowed to impersonate hadoop Caused by: java.lang.IllegalStateException: Error processing request: User: hadoop/datanode1@HADOOP is not allowed to impersonate hadoop at azkaban.viewer.hdfs.HdfsBrowserServlet.handleGet(HdfsBrowserServlet.java:203) at azkaban.webapp.servlet.LoginAbstractAzkabanServlet.doGet(LoginAbstractAzkabanServlet.java:106) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:713) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
看到剛才那個錯誤已經沒了,變成現這個.
解決方案:
修改hadoop core-site.xml 配置,增加如下內容.
extlib中的hadoop-common-2.3.0-cdh5.1.0.jar里的core-site.xml也做同樣修改.
<property> <name>hadoop.proxyuser.hadoop.hosts</name> <value>*</value> <description>The superuser can connect only from host1 and host2 to impersonate a user</description> </property> <property> <name>hadoop.proxyuser.hadoop.groups</name> <value>*</value> <description>Allow the superuser oozie to impersonate any members of the group group1 and group2</description> </property>
這個標紅的hadoop,是你啟動azkaban的用戶.
再次重啟
完成.
