5.2) 配置$HADOOP_HOME/etc/hadoop/ssl-server.xml文件
################################ ssl-server.xml #########################################
ssl.server.truststore.location
/etc/security/https/truststore.jks
Truststore to be used by NN and DN. Must be specified.
ssl.server.truststore.password
hadoop
Optional. Default value is "".
ssl.server.truststore.type
jks
Optional. The keystore file format, default value is "jks".
ssl.server.truststore.reload.interval
10000
Truststore reload check interval, in milliseconds.
Default value is 10000 (10 seconds).
ssl.server.keystore.location
/etc/security/https/keystore.jks
Keystore to be used by NN and DN. Must be specified.
ssl.server.keystore.password
hadoop
Must be specified.
ssl.server.keystore.keypassword
hadoop
Must be specified.
ssl.server.keystore.type
jks
Optional. The keystore file format, default value is "jks".
4.4.验证
首先分发各配置文件,
我们需要先使用第一步生成的/etc/security/keytab/hadoop.keytab 证书对hadoop用户的每个节点进行 kinit 票据初始化,票据初始化的命令如下所示:
kinit -kt /etc/security/keytab/hadoop.keytab $USER/$HOSTNAME (每个节点都执行)然后使用 klist 命令查看当前是否生成票据,出现有效及过期时间即表示生成票据成功
再次执行hadoop fs -ls / 命令查看hdfs资源正常
五、YARN配置kerberos认证
5.1 配置$HADOOP_HOME/etc/hadoop/yarn-site.xml文件,在原来文件基础上添加如下内容:
yarn.http.policy
HTTPS_ONLY
yarn.resourcemanager.webapp.address.rm1
ha01:23188
