【Oozie】SSH Workflow报错之Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

最新推荐文章于 2024-06-18 18:24:11 发布

栗子ma

最新推荐文章于 2024-06-18 18:24:11 发布

阅读量2.9k

点赞数 1

分类专栏： Oozie Hue CDH 文章标签： Oozie SSH Action Oozie SSH Workflow Oozie免密登陆

本文链接：https://blog.csdn.net/sinat_40431164/article/details/84977105

版权

Oozie 同时被 3 个专栏收录

4 篇文章 0 订阅

订阅专栏

Hue

4 篇文章 0 订阅

订阅专栏

CDH

3 篇文章 0 订阅

订阅专栏

【问题】添加workflow，拖拽一个ssh，user and host填写USER@HOST，ssh command填写一个最简单的ll命令，保存，submit，报错：
Caused by: java.io.IOException: Not able to perform operation [ssh -o PasswordAuthentication=no -o KbdInteractiveDevices=no -o StrictHostKeyChecking=no -o ConnectTimeout=20 USER@HOST mkdir -p oozie-oozi/***-oozie-oozi-W/ssh-bd59--ssh/ ] | ErrorStream: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
   at org.apache.oozie.action.ssh.SshActionExecutor.executeCommand(SshActionExecutor.java:342)
   at org.apache.oozie.action.ssh.SshActionExecutor.setupRemote(SshActionExecutor.java:375)
   at org.apache.oozie.action.ssh.SshActionExecutor$1.call(SshActionExecutor.java:208)
   at org.apache.oozie.action.ssh.SshActionExecutor$1.call(SshActionExecutor.java:206)
   at org.apache.oozie.action.ssh.SshActionExecutor.execute(SshActionExecutor.java:550)
   ... 11 more
上述所尝试的不是Oozie server所在的节点，但是在Oozie server所在的节点尝试以上操作也是报相同的错误
上述所尝试的是通过hdfs用户登陆的hue之后提交的workflow，但是用oozie和root用户登陆hue提交的workflow也是报相同的错误

【办法一】看网上有人说打开cloudera manager页面，选择oozie service，进入配置，搜索系统用户，从oozie修改为USER，搜索系统组，从oozie修改为USER，但是我没成功，报错：
Workflow submission failed
Failed to create deployment directory: StandbyException: Operation category READ is not supported in state standby. Visit https://s.apache.org/sbnn-error (error 403)

【办法二】Oozie server will run the SSH as oozie user to run the ssh as. Enable password-less login for oozie user. Create SSH keys for oozie user and copy its public key to the authorized_keys of cloudera user. 因此：
（1）在oozie server所在的机器上
$su oozie
$whoami
oozie
$ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/*/oozie/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /*/oozie/.ssh/id_dsa.
Your public key has been saved in /*/oozie/.ssh/id_dsa.pub.
$cat /*/oozie/.ssh/id_dsa.pub
$vi /*/USER/.ssh/authorized_keys
将cat的内容贴进去
（2）在其他机器上
因为oozie server只配置了一个实例，所以其他机器$vi /*/USER/.ssh/authorized_keys，将cat的内容贴进去即可

【测试】以USER用户登陆hue，提交workflow也是USER@HOST，执行命令为ls、mkdir、sh脚本均成功

【贴士一】su oozie没反应，是因为cat /*/passwd，显示
oozie:x:*:*:Oozie User:/*/oozie:/bin/false
其中的/bin/false是最严格的禁止login选项，一切服务都不能用，需要修改为/bin/bash
等到配置好oozie的免密登陆后再改回/bin/false

【贴士二】
访问http://oozie.apache.org/docs/4.1.0/DG_SshActionExtension.html，发现官方文档中有一句话：
The oozie.action.ssh.allow.user.at.host property, in the oozie-site.xml configuration, indicates if an alternate user than the one submitting the job can be used for the ssh invocation. By default this property is set tot true .
进入cloudera manager，进入oozie服务，点击配置，搜索oozie-site.xml，点击加号，名称oozie.action.ssh.allow.user.at.host，值false
这样用除了USER之外的其他用户登陆hue，并提交用户为USER的ssh workflow时，点击submit的时候，发现会报错：
org.apache.oozie.action.ActionExecutorException: user mismatch between oozie user [oozie] and ssh host [USER@HOST]

栗子ma

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
【Oozie】SSH Workflow报错之Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

【问题】添加workflow，拖拽一个ssh，user and host填写USER@HOST，ssh command填写一个最简单的ll命令，保存，submit，报错：Caused by: java.io.IOException: Not able to perform operation [ssh -o PasswordAuthentication=no -o KbdInteractiveD...
复制链接

扫一扫

专栏目录