[KUDU-3236] Server krbtgt/XUELIANG.SVC.CLUSTER.LOCAL@BIGDATA.XUELIANG.COM not found in Kerberos database - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Not A Bug
Affects Version/s: 1.10.0
Fix Version/s: n/a
Component/s: authz
Labels:
None
Environment:
Centos7.7 kudu-1.10.0-cdh6.3.0

Description

hi everybody,
When I started Kerberos for kudu according to the official documents, I found that the result was not satisfactory. The kudu is containerized and installed on the big data platform. After I configured Kerberos according to the official documents, I found that tserver could not be registered in the master。What I expect is krbtgt/BIGDATA.XUELIANG.COM@BIGDATA.XUELIANG.COM ，but got krbtgt/XUELIANG.SVC.CLUSTER.LOCAL@BIGDATA.XUELIANG.COM. . could anybody give me some tips? thanks in advance.

The kudu master.gflagfile:
--log_dir=/opt/java/kudu/master/logs
--fs_wal_dir=/opt/java/kudu/master/wal
--fs_data_dirs=/opt/java/kudu/master/data/1,/opt/java/kudu/master/data/2,/opt/java/kudu/master/data/3
--raft_get_node_instance_timeout_ms=300000
--webserver_port=8051
--master_addresses= service-kudu-xueliang-master-0:7051,service-kudu-xueliang-master-1:7051,service-kudu-xueliang-master-2:7051
--block_cache_capacity_mb=512
--memory_limit_hard_bytes=0
--rpc_service_queue_length=50
--max_clock_sync_error_usec=10000000
--maintenance_manager_num_threads=1
--webserver_doc_root=/opt/java/kudu/www
--rpc_encryption=required
--rpc_authentication=required
--trusted_subnets=0.0.0.0/0
--keytab_file=/opt/java/kudu/conf/kuduxueliang.keytab

The kudu tserver.gflagfile:
--log_dir=/opt/java/kudu/tserver/logs
--fs_wal_dir=/opt/java/kudu/tserver/wal
--fs_data_dirs=/opt/java/kudu/tserver/data/1
--webserver_port=8050
--tserver_master_addrs= service-kudu-xueliang-master-0:7051,service-kudu-xueliang-master-1:7051,service-kudu-xueliang-master-2:7051
--block_cache_capacity_mb=512
--memory_limit_hard_bytes=26843545600
--rpc_service_queue_length=50
--max_clock_sync_error_usec=10000000
--maintenance_manager_num_threads=1
--webserver_doc_root=/opt/java/kudu/www
--rpc_encryption=required
--rpc_authentication=required
--trusted_subnets=0.0.0.0/0
--keytab_file=/opt/java/kudu-1.10.0-cdh6.3.0/conf/kuduxueliang.keytab

the krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = BIGDATA.XUELIANG.COM
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = true
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0

[realms]
BIGDATA.XUELIANG.COM =

{ kdc = hdh136.bigdata.xueliang.com:88 master_kdc = hdh136.bigdata.xueliang.com:88 admin_server = hdh136.bigdata.xueliang.com:749 default_domain = bigdata.xueliang.com pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem }

[domain_realm]
.bigdata.xueliang.com = BIGDATA.XUELIANG.COM
bigdata.xueliang.com = BIGDATA.XUELIANG.COM
hdh136.bigdata.xueliang.com = BIGDATA.XUELIANG.COM

[dbmodules]
BIGDATA.XUELIANG.COM =

{ db_library = ipadb.so }

the kudu tserver log:
heartbeater.cc:566] Failed to heartbeat to service-kudu-xueliang-master-1:7051 (7471 consecutive failures): Not authorized: Failed to ping master at service-kudu-xueliang-master-1:7051: Client connection negotiation failed: client connection to 10.103.68.4:7051: Server krbtgt/XUELIANG.SVC.CLUSTER.LOCAL@BIGDATA.XUELIANG.COM not found in Kerberos database .

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Qijun Xie

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 21/Jan/21 08:11

Updated:: 21/Jan/21 11:44

Resolved:: 21/Jan/21 11:04