Ambari启用Kerberos认证后NameNode UI, RESOURCEMANAGER ,Spark2 history server ui提示要登录, 如果Windows 和KDC是集成同一个Windows AD,那么可以通过AD账号登录打开页面,否则将提示:401: Authorization required。
这种情况可以配置页面匿名访问解决:
--namenode ui 在HDFS -> Advanced core-site set hadoop.http.authentication.simple.anonymous.allowed to true 在HDFS -> Custom core-site set hadoop.http.authentication.type to simple set hadoop.proxyuser.HTTP.groups to * set hadoop.proxyuser.knox.groups to * set hadoop.proxyuser.knox.hosts to * set hadoop.proxyuser.yarn.hosts to * --spark history ui, 在export 前面加#注释掉 在Spark2 -> Advanced spark2-env -> content {% if security_enabled %} #export SPARK_HISTORY_OPTS='-Dspark.ui.filters=org.apache.hadoop.security.authentication.server.AuthenticationFilter -Dspark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal={{spnego_principal}},kerberos.keytab={{spnego_keytab}}"' {% endif %} --ResourceManager UI 在yarn -> Advanced ranger-yarn-security set Add YARN Authorization to false 在yarn -> Custom yarn-site set yarn.resourcemanager.proxy-user-privileges.enabled to false