org.apache.hadoop.ipc.RemoteException(javax.securi ty.sasl.SaslException): GSS initiate failed

hdfs开启kerberos之后，namenode报错，连不上journalnode

2019-03-15 18:54:46,504 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:hdfs/[email protected] (auth:KERBEROS) cause:org.apache.hadoop.ipc.RemoteException(javax.securi
ty.sasl.SaslException): GSS initiate failed
2019-03-15 18:54:46,505 WARN org.apache.hadoop.ipc.Client: Couldn't setup connection for hdfs/[email protected] to server-02.bj/192.168.0.1:8485
org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed
    at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:378)
    at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:594)
    at org.apache.hadoop.ipc.Client$Connection.access$2000(Client.java:396)
    at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:761)
    at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:757)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1924)
    at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:756)
    at org.apache.hadoop.ipc.Client$Connection.access$3000(Client.java:396)
    at org.apache.hadoop.ipc.Client.getConnection(Client.java:1557)
    at org.apache.hadoop.ipc.Client.call(Client.java:1480)
    at org.apache.hadoop.ipc.Client.call(Client.java:1441)
    at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:231)
    at com.sun.proxy.$Proxy19.getEditLogManifest(Unknown Source)
    at org.apache.hadoop.hdfs.qjournal.protocolPB.QJournalProtocolTranslatorPB.getEditLogManifest(QJournalProtocolTranslatorPB.java:245)
    at org.apache.hadoop.hdfs.qjournal.client.IPCLoggerChannel$13.call(IPCLoggerChannel.java:556)
    at org.apache.hadoop.hdfs.qjournal.client.IPCLoggerChannel$13.call(IPCLoggerChannel.java:553)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

journalnode也有报错：

2019-03-15 20:21:01,014 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 8485: readAndProcess from client 192.168.0.56 threw exception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]

 

这个是因为jce的问题，下载地址

https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

下载之后解压得到

# ls -l UnlimitedJCEPolicyJDK8/
total 16
-rw-rw-r-- 1 root root 3035 Dec 21  2013 local_policy.jar
-rw-r--r-- 1 root root 7323 Dec 21  2013 README.txt
-rw-rw-r-- 1 root root 3023 Dec 21  2013 US_export_policy.jar

拷贝至jre对应目录

# cp UnlimitedJCEPolicyJDK8/*.jar $JAVA_HOME/jre/lib/security

然后重启hdfs即可