zookeeper集成Kerberos
2018-03-30 本文已影响89人
xuefly
隶属于文章系列:大数据安全实战 https://www.jianshu.com/p/76627fd8399c
步骤:
- 创建principle
- 修改jaas.conf java.env
- 分发配置文件
- 创建principle
#!/bin/bash
kadmin.local -q "addprinc -randkey zookeeper/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "addprinc -randkey zookeeper/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey zookeeper/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey zookeeper/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey zookeeper/v-hadoop5-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/zookeeper-service.keytab zookeeper/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "ktadd -k /etc/hadoop/conf/zookeeper-service.keytab zookeeper/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/zookeeper-service.keytab zookeeper/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/zookeeper-service.keytab zookeeper/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/zookeeper-service.keytab zookeeper/v-hadoop5-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey zkcli"
kadmin.local -q "ktadd -k /etc/hadoop/conf/zkcli.keytab zkcli"
ansible hadoop -m copy --become -a "src=/etc/hadoop/conf/zkcli.keytab dest=/etc/hadoop/conf/zkcli.keytab"
- 在conf下没有就创建jaas.conf
在conf文件中,_HOST可能不会转换为主机名,所以用每个主机的主机名。
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/hadoop/conf/zookeeper.keytab"
storeKey=true
useTicketCache=false
principal="zookeeper/v-hadoop-kbds.sz.kingdee.net@TT.COM";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/plat/zookeeper/conf/zkcli.keytab"
storeKey=true
useTicketCache=false
principal="zkcli@TT.COM";
};
ansible hadoop -m copy -a "src=/var/opt/zookeeper-3.4.6/conf/jaas.conf dest=/var/opt/zookeeper-3.4.6/conf/jaas.conf "
- 修改java.env (没有就创建)
export JVMFLAGS="-Djava.security.auth.login.config=/var/opt/zookeeper-3.4.6/conf/jaas.conf"
ansible hadoop -m copy -a "src=/var/opt/zookeeper-3.4.6/conf/java.env dest=/var/opt/zookeeper-3.4.6/conf/java.env"
- 启动
[kduser@v-hadoop-kbds zookeeper-3.4.6]$ ansible rss -m shell -a "/var/opt/zookeeper-3.4.6/bin/zkServer.sh start" v-hadoop4-kbds.sz.kingdee.net | SUCCESS | rc=0 >>
Starting zookeeper ... STARTEDJMX enabled by default
Using config: /var/opt/zookeeper-3.4.6/bin/../conf/zoo.cfg
v-hadoop3-kbds.sz.kingdee.net | SUCCESS | rc=0 >>
Starting zookeeper ... STARTEDJMX enabled by default
Using config: /var/opt/zookeeper-3.4.6/bin/../conf/zoo.cfg
v-hadoop5-kbds.sz.kingdee.net | SUCCESS | rc=0 >>
Starting zookeeper ... STARTEDJMX enabled by default
Using config: /var/opt/zookeeper-3.4.6/bin/../conf/zoo.cfg
[kduser@v-hadoop-kbds zookeeper-3.4.6]$ ansible rss -m shell -a "/var/opt/zookeeper-3.4.6/bin/zkServer.sh status"
v-hadoop5-kbds.sz.kingdee.net | SUCCESS | rc=0 >>
Mode: followerJMX enabled by default
Using config: /var/opt/zookeeper-3.4.6/bin/../conf/zoo.cfg
v-hadoop3-kbds.sz.kingdee.net | SUCCESS | rc=0 >>
Mode: followerJMX enabled by default
Using config: /var/opt/zookeeper-3.4.6/bin/../conf/zoo.cfg
v-hadoop4-kbds.sz.kingdee.net | SUCCESS | rc=0 >>
Mode: leaderJMX enabled by default
Using config: /var/opt/zookeeper-3.4.6/bin/../conf/zoo.cfg
ansible hadoop -m copy -a "src=/var/opt/hadoop-2.7.4/sbin dest=/var/opt/hadoop-2.7.4/ "
- 验证
[kduser@v-hadoop4-kbds ~]$ pwd
/home/kduser
[kduser@v-hadoop4-kbds ~]$ tail -f zookeeper.out
#查看日志
tail -f zookeeper
[hadoop@vm10-247-24-53 conf]$ ansible slave -m shell -a "/mnt/kbdsproject/zookeeper/bin/zkServer.sh status"
vm10-247-24-63.ksc.com | SUCCESS | rc=0 >>
Mode: followerJMX enabled by default
Using config: /mnt/kbdsproject/zookeeper/bin/../conf/zoo.cfg
vm10-247-24-28.ksc.com | SUCCESS | rc=0 >>
Mode: followerJMX enabled by default
Using config: /mnt/kbdsproject/zookeeper/bin/../conf/zoo.cfg
vm10-247-24-49.ksc.com | SUCCESS | rc=0 >>
Mode: leaderJMX enabled by default
Using config: /mnt/kbdsproject/zookeeper/bin/../conf/zoo.cfg
[hadoop@vm10-247-24-53 conf]$
