跨集群KDC数据迁移

拷贝KDC A的数据追加到KDC B，使得在B集群节点可以通过认证访问A集群内的服务。

1 KDC A

将KDC A的DATABASE数据导出，然后发送到KDC B点

[root@node1a198 krb5kdc]# kdb5_util dump /var/kerberos/krb5kdc/kdc2.dump
[root@node1a198 krb5kdc]# scp kdc2.dump node1a142:/var/kerberos/krb5kdc/

2 KDC B

将KDC A点导出的DATABASE数据导入KDC B点数据库

[root@node1a142 krb5kdc]# kdb5_util load -update kdc2.dump

[root@node1a142 krb5kdc]# kadmin.local -q listprincs|grep node1a141
HTTP/[email protected]
hdfs/[email protected]
hive/[email protected]
mapred/[email protected]
sentry/[email protected]
spark/[email protected]
yarn/[email protected]
zookeeper/[email protected]

[root@node1a142 krb5kdc]# kinit admin
Password for [email protected]:

3 验证

在B集群节点上访问A集群的hdfs服务正常

[root@node1a142 krb5kdc]# hdfs dfs -ls hdfs://node1a203:8020/
Found 9 items
drwxr-xr-x   - root  supergroup          0 2017-05-27 18:55 hdfs://node1a203:8020/cdtest
drwx------   - hbase hbase               0 2017-05-22 18:51 hdfs://node1a203:8020/hbase
drwx------   - hbase hbase               0 2017-07-07 12:43 hdfs://node1a203:8020/hbase1
drwxr-xr-x   - hbase hbase               0 2017-05-11 10:46 hdfs://node1a203:8020/hbase2
drwxr-xr-x   - root  supergroup          0 2016-12-01 17:30 hdfs://node1a203:8020/home
drwxr-xr-x   - mdss  supergroup          0 2016-12-13 18:30 hdfs://node1a203:8020/idfs
drwxr-xr-x   - hdfs  supergroup          0 2017-05-22 18:51 hdfs://node1a203:8020/system
drwxrwxrwt   - hdfs  supergroup          0 2017-07-07 12:27 hdfs://node1a203:8020/tmp
drwxrwxr-x+  - hdfs  supergroup          0 2017-05-04 15:48 hdfs://node1a203:8020/user