网上搜到的相关文章都是特别旧且没有参考价值的,自己试验了半天,终于成功,分享经验如下:
1.storm2.1.0读取采用kerberos认证方式的kafka 2.2.1时,最常遇到的问题在kafkaSpout中使用System.setProperty来指定krb5.conf和jaas.conf文件的路径后,程序一运行就报找不到配置文件。而这种问题往往出现在程序运行在storm集群时,在本地运行时就不会出现这种问题。所以猜测是相关参数在运行时并没有在集群各节点生效。一种简单粗暴的办法,就是在storm程序提交时,增加两个运行时参数,指向具体的配置文件路径,如:
-Djava.security.krb5.conf=/opt/bigdata/stream/storm/apache-storm-2.1.0/hadoop-kerberos-conf/krb5.conf -Djava.security.auth.login.config=/opt/bigdata/stream/storm/apache-storm-2.1.0/hadoop-kerberos-conf/jaas.conf。可以尝试加在storm.yaml里。由于我们使用了一个storm外壳框架,就在这个框架的配置文件里,增加了相应的内容。
2.krb5.conf、jaas.conf和keytab文件一定要正确,尤其是jaas.conf文件,不仅要配置kafka的client,还是配置zookeeper的client。例如:
KafkaClient{
com.sun.security.auth.module.Krb5LoginModule required
keyTab="/opt/bigdata/stream/storm/apache-storm-2.1.0/hadoop-kerberos-conf/XXXXX.keytab"
doNotPrompt=true
storeKey=true
useKeyTab=true
serviceName="kafka"
principal="XXXX";
};
Client{
com.sun.security.auth.module.Krb5LoginModule required
keyTab="/opt/bigdata/stream/storm/apache-storm-2.1.0/hadoop-kerberos-conf/XXXX.keytab"
doNotPrompt=true
storeKey=true
useKeyTab=true
serviceName="kafka"
principal="XXXX";
};
Client{
com.sun.security.auth.module.Krb5LoginModule required
keyTab="/opt/bigdata/stream/storm/apache-storm-2.1.0/hadoop-kerberos-conf/XXXX.keytab"
doNotPrompt=true
storeKey=true
useKeyTab=true
serviceName="zookeeper"
principal="XXXX";
};
krb5.conf的内容:
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/opt/bigdata/stream/storm/apache-storm-2.1.0/log/krb5libs.log
kdc = FILE:/opt/bigdata/stream/storm/apache-storm-2.1.0/log/krb5kdc.log
admin_server = FILE:/opt/bigdata/stream/storm/apache-storm-2.1.0/log/kadmind.log
[libdefaults]
default_realm = XXX.XXX.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
udp_preference_limit = 1
[realms]
XXX.XXX.COM = {
kdc = 机器名
admin_server = 机器名
}
[domain_realm]
xxx.xxx.com = XXX.XXX.COM
.xxx.xxx.com = XXX.XXX.COM
3.注意storm集群的每个节点的/etc/hosts文件,把kafka/zookeeper/kdc等等所有相关机器的域名映射都加进去。