我正在使用nodejs和npm jdbc包连接到hortonworks上的kerberized Apache phoenix,我能够使用nodejs和jdbc包连接到非kerberized phoenix,但是面对kerberized phoenix的Kerberos身份验证错误.如果有人做了类似的事情,请给出一些指示.
Klist命令:
klist -k -t -e /etc/security/keytabs/kafka.headless.keytab
Keytab name: FILE:/etc/security/keytabs/kafka.headless.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
1 09/30/16 10:10:27 kafka@REALM.LAN (aes256-cts-hmac-sha1-96)
码:
var express = require('express');
var app = express();
var server = require('http').Server(app);
var https =require('http');
var io = require('socket.io')(server);
var kafka = require('kafka-node');
var cassandra = require('cassandra-driver');
var JDBC = require('jdbc');
var jinst = require('jdbc/lib/jinst');
var asyncjs = require('async');
//var Pool = require('jdbc/lib/pool');
//var nodeunit = require('nodeunit');
//var _ = require('lodash');
var _ = require('underscore');
//ar cors = require("cors");
app.use(express.static(__dirname + '/view'));
server.listen(3000);
app.use('/bower_components', express.static(__dirname + '/bower_components'));
app.get('/', function (req, res, next) { res.sendFile(__dirname + '/index.html');});
if (!jinst.isJvmCreated()) {
jinst.addOption("-Xrs");
jinst.setupClasspath(['/etc/krb5.conf',
'/usr/hdp/2.4.2.0-258/hadoop/conf',
'/etc/hbase/conf/core-site.xml',
'/etc/hbase/conf/hbase-site.xml',
'/etc/hbase/conf/hbase-policy.xml',
'/etc/hbase/conf/hbase_client_jaas.conf',
'/etc/hbase/conf/hbase_regionserver_jaas.conf',
'/etc/hbase/conf/hdfs-site.xml',
'/usr/hdp/2.4.2.0-258/hbase/lib/hbase-client-1.1.2.2.4.2.0-258.jar',
'/usr/hdp/2.4.2.0-258/hbase/lib/hbase-server-1.1.2.2.4.2.0-258.jar',
'/usr/hdp/2.4.2.0-258/hbase/lib/hbase-common-1.1.2.2.4.2.0-258.jar',
'/usr/hdp/2.4.2.0-258/hbase/lib/hbase-server-1.1.2.2.4.2.0-258.jar',
'/usr/hdp/2.4.2.0-258/phoenix/phoenix-4.4.0.2.4.2.0-258-thin-client.jar',
'/usr/hdp/2.4.2.0-258/phoenix/phoenix-server-4.4.0.2.4.2.0-258-runnable.jar',
'/usr/hdp/2.4.2.0-258/phoenix/phoenix-4.4.0.2.4.2.0-258-client.jar']);
var config = {
url: 'jdbc:phoenix:piv-prd-os-646.forsys.lan:2181:/hbase-secure:kafka@FORSYS.LAN:/etc/security/keytabs/kafka.headless.keytab',
drivername: 'org.apache.phoenix.jdbc.PhoenixDriver',
//user : 'root',
//password: 'root',
//properties: {}
minpoolsize: 2,
maxpoolsize: 3
};
var hsqldb = new JDBC(config);
hsqldb.initialize(function(err) {
if (err) {
console.log(err);
}
else
{
console.log("---- initialize successfully ----")
}
});
例外:
error: Error: Error running static method
java.sql.SQLException: ERROR 103 (08004): Unable to establish connection.
at org.apache.phoenix.exception.SQLExceptionCode$Factory$1.newException(SQLExceptionCode.java:395)
at org.apache.phoenix.exception.SQLExceptionInfo.buildException(SQLExceptionInfo.java:145)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:287)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.access$300(ConnectionQueryServicesImpl.java:170)
at org.apache.phoenix.query.ConnectionQueryServicesImpl$12.call(ConnectionQueryServicesImpl.java:1840)
at org.apache.phoenix.query.ConnectionQueryServicesImpl$12.call(ConnectionQueryServicesImpl.java:1819)
at org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1819)
at org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:180)
at org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:132)
at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:151)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
Caused by: java.io.IOException: Login failure for kafka@FORSYS.LAN from keytab /etc/security/keytabs/kafka.headless.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:976)
at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:280)
at org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386)
at org.apache.hadoop.hbase.security.User.login(User.java:253)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:282)
... 14 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:967)
... 18 more
最佳答案 我能够通过以下变化来解决这个问题:
解:
if (!jinst.isJvmCreated()) {
jinst.addOption("-Xrs");
jinst.addOption("-Djava.security.auth.login.config=/home/user/jar/hbase_client_jaas.conf");
jinst.addOption("-Djava.security.krb5.conf=/etc/krb5.conf");
jinst.addOption("-Dkerberos.client.reference.name=Client");
jinst.setupClasspath([
'/etc/hbase/2.4.2.0-258/0/',
'/etc/hadoop/2.4.2.0-258/0/',
'/home/user/jar/phoenix-4.4.0-HBase-1.1-client.jar'
]);
}
var config = {
url: 'jdbc:phoenix:ZK1,ZK2,ZK3:2181:/hbase-secure:user@REAL.LAN:/home/user/user.headless.keytab',
drivername: 'org.apache.phoenix.jdbc.PhoenixDriver',
user : 'hbase',
password: 'hbase'
};