cloudera CDH 禁用 kerberos

环境信息

• 操作系统系统:Centos7
• JDK:1.7
• CDH 版本:5.8.4

1,停止集群

2,修改参数

Zookeeper:
enableSecurity (Enable Kerberos Authentication)->FALSE

HDFS:
hadoop.security.authentication->Simple
hadoop.security.authorization->FALSE
dfs.datanode.address from 1004 (for Kerberos) to 50010 (default)
dfs.datanode.http.address from 1006 (for Kerberos) to 50075 (default)
Data Directory Permissions from 700 to 755

HBASE:
hbase.security.authentication->Simple
hbase.security.authorization->FALSE

Hue:
Kerberos Ticket Renewer->Delete role or stop role

3,删除hbase znode,RsouceManager znode,zkfc znode(出现问题再执行)

1. Zookeeper->Configration->java Configuration Options for Zookeeper Server 添加-Dzookeeper.skipACL=yes(关闭zk的权限检查)
2. 重启zookeeper服务
3. 登录zkcli:hbase zkcli
4. 删除hbase znode:rmr /hbase
5. 删除RM znode:rmr /rmstore/ZKRMStateRoot
6. 删除zkfc znode:rmr /hadoop-ha/nameservice-test1
7. Zookeeper->Configration->java Configuration Options for Zookeeper Server 删除-Dzookeeper.skipACL=yes
8. 重启zookeeper及相应服务

问题排查：

问题描述：

Diagnostics: Not able to initialize app directories in any of the configured local directories for app application_1497933181227_0003

解决方案：在nodemanager节点执行:sudo rm -rf /hdfs/yarn/nm/usercache/（未启用kerberos前目录权限为yarn:yarn，启用后变成dengsc:yarn，导致权限不兼容）

问题描述：

hmaster启动失败：Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /jpush-hbase/backup-masters/nfjd-hadoop-test01.jpushoa.com,60000,1497931699986

参考链接：https://www.zybuluo.com/xtccc/note/181910
http://community.cloudera.com/t5/Cloudera-Manager-Installation/Disabling-Kerberos-on-Cloudera-EXpress-5-5-1-HBase-issue/m-p/42482/highlight/true#M7622

解决方案：(1)Zookeeper添加参数(跳过zk目录权限检查): java Configuration Options for Zookeeper Server : -Dzookeeper.skipACL=yes (2)删除zk元数据目录:hbase zkcli;rmr /hbase

问题描述：

Resource Manager 启动失败：RMStateStore has been fenced,ResourceManager all standby.

解决方案：(1)Zookeeper: java Configuration Options for Zookeeper Server : -Dzookeeper.skipACL=yes (2)rmr /rmstore/ZKRMStateRoot
注：会丢失yarn应用执行信息。

问题描述：

Failover Controller启动失败：Unable to start failover controller. Parent znode does not exist.
Run with -formatZK flag to initialize ZooKeeper.

解决方案：(1)Zookeeper: java Configuration Options for Zookeeper Server : -Dzookeeper.skipACL=yes (2)rmr /hadoop-ha/nameservice-test1 (3)重新deploy客户端文件,确保nn主机core-site.xml中参数为simple方式访问集群 (4)登录namenode节点,执行:hdfs zkfc -formatZK 重新格式化zkfc