在使用go客户端访问开启kerberos和RBAC的HDFS时无法正常读写,关闭RBAC(kerberos不关)可以正常读写,不知是否有人遇到过?
在使用go客户端(github.com/colinmarc/hdfs)访问开启kerberos和RBAC的HDFS时无法正常读写,报错与权限有关,关闭RBAC(kerberos不关)可以正常读写,不知是否有人遇到过?
1. 运行环境
使用go 版本:1.19.4
使用go库:github.com/colinmarc/hdfs
hdfs(版本:2.7.2、3.3.4):开启kerberos,开启RBAC
2. 问题描述?
在使用库github.com/colinmarc/hdfs编写的go客户端,访问开启kerberos和RBAC的HDFS时无法正常读写,报错与权限有关,关闭RBAC(kerberos不关)可以正常读写
报错信息:no available namenodes: SASL handshake: sasl call failed with FATAL_UNAUTHORIZED
kerberos认证代码片段:
func getKerberosClientWithKeytab(username, realm string, krb5ConfigPath, keytabPath string) *krb.Client {
cfg, err := config.Load(krb5ConfigPath)
if err != nil {
log.Println("Couldn't load krb config:", err)
return nil
}
kt, err := keytab.Load(keytabPath)
if err != nil {
log.Println("Couldn't load keytab:", err)
return nil
}
client := krb.NewWithKeytab(username, realm, kt, cfg)
err = client.Login()
if err != nil {
log.Println("Kerberos login failed: ", err)
return nil
} else {
log.Println("Kerberos login success ")
}
return client
}获取认证后的hdfs client代码片段:
func NewHDFSClient(username, realm string, krb5ConfigPath, krb5CCName string, nodenames []string) *HDFSClient {
conf, err := hadoopconf.LoadFromEnvironment()
if err != nil {
fmt.Println("Problem loading configuration: ", err)
}
options := hdfs.ClientOptionsFromConf(conf)
options.Addresses = nodenames
options.KerberosClient = getKerberosClientWithKeytab(username, realm, krb5ConfigPath, krb5CCName)
options.KerberosServicePrincipleName = username
options.User = "work"
log.Println("options.Addresses:", options.Addresses)
log.Println("options.KerberosClient:", options.KerberosClient)
log.Println("options.KerberosServicePrincipleName:", options.KerberosServicePrincipleName)
log.Println("options.User:", options.User)
client, err := hdfs.NewClient(options)
if err != nil {
log.Panicln("client error:", err)
}
hdfsClient := &HDFSClient{
Client: client,
}
return hdfsClient
}在网上调研后也没有找到相关类似信息可以解决我的这个问题,请大佬帮忙看看,感谢
3. 您期望得到的结果?
在开启kerberos和RBAC的hdfs上,go客户端可以正常读写
关于 LearnKu
粤公网安备 44030502004330号