python3.6.5基于kerberos認(rèn)證的hive和hdfs連接調(diào)用方式
1. Kerberos是一種計(jì)算機(jī)網(wǎng)絡(luò)授權(quán)協(xié)議,用來(lái)在非安全網(wǎng)絡(luò)中,對(duì)個(gè)人通信以安全的手段進(jìn)行身份認(rèn)證。具體請(qǐng)查閱官網(wǎng)
2. 需要安裝的包(基于centos)
yum install libsasl2-devyum install gcc-c++ python-devel.x86_64 cyrus-sasl-devel.x86_64yum install python-devel yum install krb5-develyum install python-krbV pip install krbcontext==0.9pip install thrift==0.9.3pip install thrift-sasl==0.2.1pip install impyla==0.14.1pip install hdfs[kerberos]pip install pykerberos==1.2.1
3. /etc/krb5.conf 配置, 在這個(gè)文件里配置你服務(wù)器所在的域
4./etc/hosts 配置, 配置集群機(jī)器和域所在機(jī)器
5. 通過(guò)kinit 生成 ccache_file或者keytab_file
6. 連接hive代碼如下
import osfrom impala.dbapi import connectfrom krbcontext import krbcontextkeytab_path = os.path.split(os.path.realpath(__file__))[0] + ’/xxx.keytab’principal = ’xxx’with krbcontext(using_keytab=True,principal=principal,keytab_file=keytab_path): conn = connect(host=ip, port=10000, auth_mechanism=’GSSAPI’, kerberos_service_name=’hive’) cursor = conn.cursor() cursor.execute(’SELECT * FROM default.books’) for row in cursor: print(row)
7. 連接hdfs代碼如下
from hdfs.ext.kerberos import KerberosClientfrom krbcontext import krbcontext hdfs_url = ’http://’ + host + ’:’ + portdata = self._get_keytab(sso_ticket)self._save_keytab(data)with krbcontext(using_keytab=True, keytab_file=self.keytab_file, principal=self.user): self.client = KerberosClient(hdfs_url) self.client._list_status(path).json()[’FileStatuses’][’FileStatus’] #獲取path下文件及文件夾
8. 注:krbcontext這個(gè)包官方說(shuō)支持python2,但是python3也能用
這個(gè)hdfs_url 一定要帶'http://'不然會(huì)報(bào)錯(cuò)
9. 我新增了一些配置文件配置,具體的操作如下
python3.6.5基于kerberos認(rèn)證的hdfs,hive連接調(diào)用(含基礎(chǔ)環(huán)境配置)
1需要準(zhǔn)備的環(huán)境
yum包(需要先裝yum包,再裝python包,不然會(huì)有問(wèn)題)
yum install openldap-clients -y yum install krb5-workstation krb5-libs -y yum install gcc-c++ python-devel.x86_64 cyrus-sasl-devel.x86_64 yum install python-devel yum install krb5-devel yum install python-krbV yum install cyrus-sasl-plain cyrus-sasl-devel cyrus-sasl-gssapi
python包安裝(pip或pip3,請(qǐng)根據(jù)實(shí)際情況選擇)
pip install krbcontext==0.9 pip install thrift==0.9.3 pip install thrift-sasl==0.2.1 pip install impyla==0.14.1 pip install hdfs[kerberos] pip install pykerberos==1.2.1
配置/etc/hosts文件(需要把大數(shù)據(jù)平臺(tái)的機(jī)器和域名進(jìn)行配置)
10.xxx.xxx.xxx name-1 panel.test.com10.xxx.xxx.xxx name-1
配置/etc/krb5.conf(具體查看kerberos服務(wù)配置中心)
參考配置(僅供參考,具體更具自己實(shí)際配置修改)
[libdefaults] renew_lifetime = 9d forwardable = true default_realm = PANEL.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind1.log kdc = FILE:/var/log/krb5kdc1.log [realms] PANEL.COM = { admin_server = panel.test1.com kdc = panel.test1.com }
連接代碼:
hdfs:
import json, osfrom hdfs.ext.kerberos import KerberosClientfrom krbcontext import krbcontext def _connect(self, host, port, sso_ticket=None): try: hdfs_url = ’http://’ + host + ’:’ + port active_str = ’kinit -kt {0} {1}’.format(self.keytab_file, self.user) # 激活當(dāng)前kerberos用戶認(rèn)證,因?yàn)閜ython緩存機(jī)制,切換用戶,這個(gè)緩存不會(huì)自動(dòng)切換,需要手動(dòng)處理下 os.system(active_str) with krbcontext(using_keytab=True, keytab_file=self.keytab_file, principal=self.user): self.client = KerberosClient(hdfs_url) except Exception as e: raise e
hive
import osfrom krbcontext import krbcontextfrom impala.dbapi import connectfrom auto_model_platform.settings import config def _connect(self, host, port, sso_ticket=None): try: active_str = ’kinit -kt {0} {1}’.format(self.keytab_file, self.user) # 同hdfs os.system(active_str) with krbcontext(using_keytab=True, principal=self.user, keytab_file=self.keytab_file): self.conn = connect(host=host, port=port, auth_mechanism=’GSSAPI’, kerberos_service_name=’hive’) self.cursor = self.conn.cursor() except Exception as e: raise e
總結(jié)
我在做的時(shí)候也遇到很多坑,其實(shí)在這個(gè)需要理解其中原理,比如kerberos的機(jī)制和對(duì)應(yīng)命令
如果是做基礎(chǔ)平臺(tái)用,用多用戶切換的情況,建議不要用python,因?yàn)橐稽c(diǎn)都不友好,官方包問(wèn)題很多,我都改用java的jdbc去操作hdfs和hive了
如果只是自己測(cè)試和和做算法研究,還是可以用的,因?yàn)檫@個(gè)代碼簡(jiǎn)單,容易實(shí)現(xiàn)
補(bǔ)充
kinit命令
kinit -kt xxxx.keytab #激活xxxx用戶當(dāng)前緩存kinit list #查看當(dāng)前緩存用戶
以上這篇python3.6.5基于kerberos認(rèn)證的hive和hdfs連接調(diào)用方式就是小編分享給大家的全部?jī)?nèi)容了,希望能給大家一個(gè)參考,也希望大家多多支持好吧啦網(wǎng)。
相關(guān)文章:
1. Python2.6版本pip安裝步驟解析2. python公司內(nèi)項(xiàng)目對(duì)接釘釘審批流程的實(shí)現(xiàn)3. python中Ansible模塊的Playbook的具體使用4. Python自動(dòng)化之定位方法大殺器xpath5. Python本地及虛擬解釋器配置過(guò)程解析6. Python 利用flask搭建一個(gè)共享服務(wù)器的步驟7. 基于python實(shí)現(xiàn)matlab filter函數(shù)過(guò)程詳解8. Python中Anaconda3 安裝gdal庫(kù)的方法9. python自動(dòng)化測(cè)試三部曲之request+django實(shí)現(xiàn)接口測(cè)試10. Python importlib模塊重載使用方法詳解
網(wǎng)公網(wǎng)安備