JAVA连接kerberos认证的Metastore
登陆kerberos认证
try {
//登录kerberos
String krb5File = paraConfig.getValue("Kerberos.krb5");
String keyUser = paraConfig.getValue("Kerberos.keyuser");
String keyPath = paraConfig.getValue("Kerberos.keyPath");
String keyPrincipal = paraConfig.getValue("Kerberos.keyPrincipal");
System.out.println("开始登录kerberos: user: " + keyUser + ", file: " + keyPath + ",keyPrincipal: " + keyPrincipal);
//可以直接在启动脚本里面设置 export xxx=xxx
System.setProperty("java.security.krb5.conf", krb5File);
System.setProperty("krb.principal", keyUser);
System.out.println("设置系统参数完成" + krb5File + keyUser);
Configuration conf = new Configuration();
conf.set("hadoop.security.authentication", "kerberos");
conf.set("kerberos.principal", keyPrincipal);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(keyUser, keyPath);
System.out.println("登录kerberos成功! kerberos user: " + UserGroupInformation.getCurrentUser());
return true;
} catch (Throwable ex) {
System.out.println("登录失败原因" + ex);
return false;
} finally {
System.out.println("LOG END");
}
登陆metastore
//此处会自动加载配置路径中的hive-site.xml文件;按理说配置会被覆盖掉,但是我自己的配置文件没有被代码覆盖掉;导致报错;懂得老哥指导一下
HiveConf conf = new HiveConf();
String value = config.getValue("HiveMetaStore.Principal");
String sasl = config.getValue("HiveMetaStore.Sasl");
String timeOut = config.getValue("HiveMetaStore.Timeout");
String urls = config.getValue("HiveMetaStore.Uris");
String retryDelay = config.getValue("HiveMetaStore.RetryDelay");
LOG.info(String.format("参数为 %s====%s=====%s====%s====%s",value,sasl,timeOut,urls,retryDelay));
conf.setVar(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL, value);
conf.setVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL, sasl);
conf.setVar(HiveConf.ConfVars.METASTORE_CLIENT_SOCKET_TIMEOUT, timeOut);
conf.setVar(HiveConf.ConfVars.METASTOREURIS, urls);
conf.setVar(HiveConf.ConfVars.METASTORE_CLIENT_CONNECT_RETRY_DELAY, retryDelay);
DBName = config.getValue("Test.DBName", "probe_test");
tableName = config.getValue("Test.TableName", "person_test");
mode = Integer.parseInt(config.getValue("Test.Mode", "1"));
client = new HiveMetaStoreClient(conf);
启动的脚本指定一下HADOOP_HOME;
hdfs文件有用户管控的话指定一下HADOOP_USER即可;
配置文件如下:
#mode 1:չʾDB£»2½¨¿â ½¨±í 4 ɾ¿âɾ±í
Test.Mode=7
Test.DBName=test_probe_se
Test.TableName=test_person
#hive
HiveMetaStore.Sasl=true
HiveMetaStore.Timeout=50
HiveMetaStore.Uris=thrift://172.26.54.7:9083
HiveMetaStore.RetryDelay=5s
# kerberos
Kerberos.krb5=
Kerberos.keyuser=
Kerberos.keyPath=
Kerberos.keyPrincipal=
HiveMetaStore.Principal=
个人建议打包一定不要把hive-site.xml打进包里;血的教训;
指定或者使用代码配置;