文档首页/
MapReduce服务 MRS/
开发指南(普通版_2.x及之前)/
Presto开发指南/
Presto应用开发常见问题/
在集群外节点连接开启Kerberos认证的集群,HTTP在Kerberos数据库中无法找到相应的记录
更新时间:2024-08-03 GMT+08:00
在集群外节点连接开启Kerberos认证的集群,HTTP在Kerberos数据库中无法找到相应的记录
问题
presto-examples-1.0-SNAPSHOT-jar-with-dependencies.jar在集群内节点运行时正常,但在集群外节点运行PrestoJDBCExample连接开启Kerberos的集群时出现以下两种报错。
报错1:
java.sql.SQLException: Kerberos error for [HTTP@10.33.11.138]: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)) at io.prestosql.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:281) at io.prestosql.jdbc.PrestoStatement.execute(PrestoStatement.java:229) at io.prestosql.jdbc.PrestoStatement.executeQuery(PrestoStatement.java:78) at PrestoJDBCExample.main(PrestoJDBCExample.java:68) Caused by: io.prestosql.jdbc.$internal.client.ClientException: Kerberos error for [HTTP@10.33.11.138]: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)) at io.prestosql.jdbc.$internal.client.SpnegoHandler.generateToken(SpnegoHandler.java:174) at io.prestosql.jdbc.$internal.client.SpnegoHandler.authenticate(SpnegoHandler.java:140) at io.prestosql.jdbc.$internal.client.SpnegoHandler.authenticate(SpnegoHandler.java:128) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.java:289) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:157) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) at io.prestosql.jdbc.$internal.client.SpnegoHandler.intercept(SpnegoHandler.java:115) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) at io.prestosql.jdbc.$internal.client.OkHttpUtil.lambda$userAgent$0(OkHttpUtil.java:64) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) at io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) at io.prestosql.jdbc.$internal.okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) at io.prestosql.jdbc.$internal.okhttp3.RealCall.execute(RealCall.java:77) at io.prestosql.jdbc.$internal.client.JsonResponse.execute(JsonResponse.java:131) at io.prestosql.jdbc.$internal.client.StatementClientV1.<init>(StatementClientV1.java:132) at io.prestosql.jdbc.$internal.client.StatementClientFactory.newStatementClient(StatementClientFactory.java:24) at io.prestosql.jdbc.QueryExecutor.startQuery(QueryExecutor.java:46) at io.prestosql.jdbc.PrestoConnection.startQuery(PrestoConnection.java:714) at io.prestosql.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:241) ... 3 more Caused by: GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)) at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:454) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at io.prestosql.jdbc.$internal.client.SpnegoHandler.generateToken(SpnegoHandler.java:167) ... 23 more Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:772) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882) at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317) ... 26 more Caused by: KrbException: Server not found in Kerberos database (7) - UNKNOWN_SERVER at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251) at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262) at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:466) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695) ... 30 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55) ... 36 more
报错2:
java.sql.SQLException:
Authentication failed: Authentication failed for token:
...
at
com.facebook.presto.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:271)
at
com.facebook.presto.jdbc.PrestoStatement.execute(PrestoStatement.java:227)
at
com.facebook.presto.jdbc.PrestoStatement.executeQuery(PrestoStatement.java:76)
at
PrestoJDBCExample.main(PrestoJDBCExample.java:65)
Caused by:
com.facebook.presto.jdbc.internal.client.ClientException: Authentication failed:
Authentication failed for token:
...
at
com.facebook.presto.jdbc.internal.client.StatementClientV1.requestFailedException(StatementClientV1.java:432)
at
com.facebook.presto.jdbc.internal.client.StatementClientV1.<init>(StatementClientV1.java:132)
at
com.facebook.presto.jdbc.internal.client.StatementClientFactory.newStatementClient(StatementClientFactory.java:24)
at
com.facebook.presto.jdbc.QueryExecutor.startQuery(QueryExecutor.java:46)
at
com.facebook.presto.jdbc.PrestoConnection.startQuery(PrestoConnection.java:683)
at
com.facebook.presto.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:239)
... 3 more
回答
客户端拼接出的HTTP的principal与Kerberos数据库中的不一致(报错1)或获取的token无法链接Presto。
在集群上执行cat /etc/hosts,将Presto coordinator的IP和hostname加入当前节点的/etc/hosts中。
父主题: Presto应用开发常见问题
