1:在hadoop01机器上添加其他节点的3个认证
t添加对hdfs的认证:
kadmin.local -q "addprinc -randkey yarn/hadoop01@HADOOP.COM"
kadmin.local -q "addprinc -randkey yarn/hadoop02@HADOOP.COM"
kadmin.local -q "addprinc -randkey yarn/hadoop03@HADOOP.COM"
kadmin.local -q "addprinc -randkey mapred/hadoop01@HADOOP.COM"
kadmin.local -q "addprinc -randkey mapred/hadoop02@HADOOP.COM"
kadmin.local -q "addprinc -randkey mapred/hadoop03@HADOOP.COM"
2:生产keytab文件
cd /var/kerberos/krb5kdc/
kadmin.local -q "xst -k yarn.keytab hdfs/hadoop01@HADOOP.COM"
kadmin.local -q "xst -k yarn.keytab hdfs/hadoop02@HADOOP.COM"
kadmin.local -q "xst -k yarn.keytab hdfs/hadoop03@HADOOP.COM"
kadmin.local -q "xst -k mapred.keytab hdfs/hadoop01@HADOOP.COM"
kadmin.local -q "xst -k mapred.keytab hdfs/hadoop02@HADOOP.COM"
kadmin.local -q "xst -k mapred.keytab hdfs/hadoop03@HADOOP.COM"
3:查看加密类型和时间戳
klist -ket yarn.keytab
klist -ket mapred.keytab
4:拷贝文件
cp yarn.keytab /etc/hadoop/conf/
cp mapred.keytab /etc/hadoop/conf/
cd /etc/hadoop/conf
chown -R yarn:hadoop yarn.keytab(如果是yarn,就是 yarn:hadoop)
chown -R mapred:hadoop mapred.keytab(如果是mapred,就是 mapred:hadoop)
yarn只需要读权限:
chown 400 yarn.keytab mapred.keytab
scp -r yarn.keytab root@hadoop02:/etc/hadoop/conf
scp -r yarn.keytab root@hadoop03:/etc/hadoop/conf
scp -r mapred:hadoop.keytab root@hadoop02:/etc/hadoop/conf
scp -r mapred:hadoop.keytab root@hadoop03:/etc/hadoop/conf
(一样登录 hadoop02,hadoop03 去修改 keytab文件权限)