Apache knox_apache发生服务特定错误1

Apache knox_apache发生服务特定错误1knox错误总结windowsbrowser有时候打不开KnoxUIhosts文件添加Knox的{{GATE_WAY}}ip的映射就可以打开界面了打开Knoxadmin_UI后显示不完全需要下载特定的js,私信我即可解决Knox配置yarnservice报错2020-03-1717:07:13,311ERRORknox.gateway(Gateway…

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全家桶1年46,售后保障稳定

knox错误总结

windows browser 有时候打不开Knox UI

hosts文件添加 Knox 的{
{GATE_WAY}}ip的映射
就可以打开界面了


打开Knox admin_UI后显示不完全

在这里插入图片描述

需要 下载特定的js,私信我即可解决


Knox 配置yarn service报错

在这里插入图片描述

2020-03-17 17:07:13,311 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to http://10.1.236.56:8088/cluster was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

Jetbrains全家桶1年46,售后保障稳定

需要修改一下gateway.dispatch.whitelist.services属性,内容里删掉YARNUI,如果不删除,则会报错:
在这里插入图片描述
修改完重新调用
ERROR knox.gateway (GatewayFilter.java:doFilter(173)) – Gateway processing failed: java.io.IOException: Service connectivity error.

发现是地址写错了
地址修改后没问题


Knox跳yarn时账号密码输入后跳转不进去

在这里插入图片描述

2020-03-17 18:08:12,147 ERROR knox.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(206)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user ou=people,dc=hadoop,dc=apache,dc=org]

https://cwiki.apache.org/confluence/display/KNOX/2017/03/01/Apache+Knox+using+multiple+LDAP+Realms
发现realm配置错误
在这里插入图片描述
要把这个Uid加上就可以了


KnoxSSO登陆后,一会就退出

修改timeout参数,30–>60,不行
百度
在这里插入图片描述
整个人沉默了
看gateway.log日志

2020-03-17 14:59:34,277 INFO  federation.jwt (AbstractJWTFilter.java:validateToken(295)) - Access token has expired; a new one must be acquired.

看文档
https://cwiki.apache.org/confluence/display/KNOX/KnoxToken+Sessions+with+KnoxShell+in+Apache+Knox+0.12.0

param descriptor value
knox.token.ttl This indicates the lifespan of the token. Once it expires a new token must be acquired from KnoxToken service. This is in milliseconds. The 36000000 in the topology above gives you 10 hrs 30000 That is 30 seconds
knox.token.audiences This is a comma separated list of audiences to add to the JWT token. This is used to ensure that a token received by a participating application knows that the token was intended for use with that application. It is optional. In the event that an endpoint has expected audiences and they are not present the token must be rejected. In the event where the token has audiences and the endpoint has none expected then the token is accepted. empty
knox.token.target.url This is an optional configuration parameter to indicate the intended endpoint for which the token may be used. The KnoxShell token credential collector can pull this URL from a knoxtokencache file to be used in scripts. This eliminates the need to prompt for or hardcode endpoints in your scripts. n/a

knox.token.ttl参数修改下就好了


登陆账号密码后继续让登陆52集群


高版本1.0.x的knox 跳转Hdfs,HbaseUI ssl报错

2020-04-13 11:53:03,401 WARN  knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: https://host-10-1-236-145:8443/gateway/ocdp/hdfs
?user.name=admin javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: un
able to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target

正在解决中…


输入admin/admin-password点击sign in报错

因为ambari 2.6版本没有KNOX的quick links
所以访问knox admin ui需要手动输入,url如下
https://10.1.236.84:8443/gateway/knoxsso/knoxauth/login.html

输入admin/admin-password点击sign in报错
查看gateway.log发现报错日志如下

ERROR service.knoxsso (WebSSOResource.java:getAuthenticationToken(172)) - The original URL: undefined for redirecting back after authentication is not valid according to the configured whitelist: . See documentation for KnoxSSO Whitelisting.

在ambari2.6版本中没有quick link的跳转,所以没有cookie带进来,正在解决


Knox跳转HDFS页面js加载不出来

/usr/hdp/2.6.0.3-8/knox/data/services/hdfsui/2.7.0/rewrite.xml添加如下配置
并删除/usr/hdp/2.6.0.3-8/knox/data/deployments/中的cluster.topo文件,重启集群knox

  <rule dir="OUT" name="HDFSUI/hdfs/outbound/jquery-1.10.2.min.js" pattern="/static/jquery-1.10.2.min.js">
    <rewrite template="{$frontend[url]}/hdfs/static/jquery-1.10.2.min.js"/>
  </rule>
  <rule dir="OUT" name="HDFSUI/hdfs/outbound/jquery.dataTables.min.js" pattern="/static/jquery.dataTables.min.js">
    <rewrite template="{$frontend[url]}/hdfs/static/jquery.dataTables.min.js"/>

nginx跳转knox跳转ranger报错400

nginx代理knox报错,但是knox直接跳转正常

在这里插入图片描述

解决方案
/usr/hdp/2.6.0.3-8/knox/data/services/rangerui/2.7.0/rewrite.xml添加如下配置
并删除/usr/hdp/2.6.0.3-8/knox/data/deployments/中的cluster.topo文件,重启集群knox

<match pattern="*://*:*/login.jsp"/>

0.12版本knox无法在ambari操作组件启停

前台报错
在这里插入图片描述
gateway.log如下

2020-04-13 15:54:15,600 WARN  hadoop.gateway (DefaultDispatch.java:executeOutboundRequest(146)) - Connection exception dispatching request: http://10.1.236.84:8080/api/v1/stacks/HDP/versions/2.6/recommendations java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: "d{"

F12

message: "Invalid Request: Malformed Request Body.  An exception occurred parsing the request body: Unexpected character ('%' (code 37)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')↵ at [Source: java.io.StringReader@699524d0; line: 1, column: 3]"

解决方案
ocdp.xml中添加配置

    <service>
         <role>AMBARI</role>
         <url>http://10.1.236.84:8080</url>
    </service>

加了这个配置后就可以进行ambari操作组件,包括配置参数修改、组件启停


knox访问组件UI报错

2020-04-13 16:21:03,961 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to https://10.1.236.84:8443/gateway/ocdp/hdfs was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

将gateway.site.xml参数进行修改

gateway.dispatch.whitelist=DEFAULT

Knox访问ambari,后台不停报错

2020-04-13 17:07:41,990 ERROR hadoop.gateway (JsonFilterReader.java:filterStreamValue(531)) - Failed to filter value http://ocdp_host-10-1-236-84/api/v1/clusters/ocdp/requests/377, rule AMBARI/ambari/href/outbound: java.lang.NullPointerException
2020-04-13 17:07:41,990 ERROR hadoop.gateway (UrlRewriteProcessor.java:rewrite(169)) - Failed to rewrite URL: http://ocdp_host-10-1-236-84/api/v1/clusters/ocdp/requests/378, direction: OUT via rule: AMBARI/ambari/href/outbound, status: FAILURE

解决方案
删除底下文件的配置
/usr/hdp/2.6.0.3-8/knox/data/services/ambari/2.2.0/rewrite.xml

<match pattern="*://*:*/api/{**}?{**}"/>

Knox跳转yarn界面中其他节点日志8042报错

2020-03-17 17:07:13,311 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to http://10.1.236.56:8042/cluster was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

gateway-site.xml修改参数

gateway.dispatch.whitelist.services=DEFAULT

knox 修改了create-master密码启动失败

ERROR hadoop.gateway (DefaultAliasService.java:getPasswordFromAliasForCluster(100)) - Failed to get credential for cluster __gateway: org.apache.hadoop.gateway.se
rvices.security.KeystoreServiceException: java.io.IOException: Keystore was tampered with, or password was incorrect
 FATAL hadoop.gateway (GatewayServer.java:main(155)) - Failed to start gateway: org.apache.hadoop.gateway.services.ServiceLifecycleException: Provisioned signing k
ey passphrase cannot be acquired.

修改了knox gateway的create-master ,启动报错
解决方案:rm -rf {GATE_WAY}/data/security/*
然后再
su knox;
{GATE_WAY}/bin/create-master;
{GATE_WAY}/bin/gateway.sh start
即可

报错Gateway SSL Certificate is Expired. Server will not start

2021-08-24 10:18:43,689 FATAL knox.gateway (GatewayServer.java:main(167)) - Failed to start gateway: org.apache.knox.gateway.services.ServiceLifecycleException: Gateway SSL Certificate is Expired. Server will not start.

解决

证书过期了,重新生成试试
mv /home/ocdc/knox/data/security/keystores/gateway.jks /home/ocdc/knox/data/security/keystores/bak_gateway.jks

Knox 代理ambari等页面后输入密码报错

在这里插入图片描述
后台日志如下
在这里插入图片描述

ERROR service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - The original URL: http://10.1.236.92:8080/ for redirecting back after authentication is not valid according to the configured whitelist: ^/.*$;^https?://(.+\.asiainfo\.com):[0-9]+/?.*$. See documentation for KnoxSSO Whitelisting.

在这里插入图片描述

试试1.4版本吧
结果依旧是这个错
但是发现正则不匹配
正则匹配上了就可以了
但是输入knox的账号密码后进去ambari又跳转出来了,又到了knox登陆界面
后台日志报错如下

2020-09-01 17:34:18,928 INFO  knox.gateway (KnoxLdapRealm.java:getUserDn(688)) - Computed userDn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org using dnTemplate for principal: admin
2020-09-01 17:34:18,945 ERROR knox.gateway (WhitelistUtils.java:deriveDefaultDispatchWhitelist(92)) - Unable to reliably determine the Knox domain for the default whitelist. Defaulting to allow requests only to testdp01. Please consider explicitly configuring the whitelist via the gateway.dispatch.whitelist property in gateway-site
2020-09-01 17:34:18,945 INFO  knox.gateway (WhitelistUtils.java:getDispatchWhitelist(61)) - Applying a derived dispatch whitelist because none is configured in gateway-site: ^\/.*$;^https?:\/\/testdp01:[0-9]+\/?.*$
2020-09-01 17:34:18,946 INFO  knox.gateway (CookieUtils.java:getCookiesForName(46)) - Unable to find cookie with name: original-url
2020-09-01 17:34:18,959 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(368)) - JWT cookie successfully added.
2020-09-01 17:34:18,960 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(270)) - About to redirect to original URL: http://testdp01:8080/
2020-09-01 17:34:19,235 ERROR knox.gateway (WhitelistUtils.java:deriveDefaultDispatchWhitelist(92)) - Unable to reliably determine the Knox domain for the default whitelist. Defaulting to allow requests only to testdp01. Please consider explicitly configuring the whitelist via the gateway.dispatch.whitelist property in gateway-site
2020-09-01 17:34:19,235 INFO  knox.gateway (WhitelistUtils.java:getDispatchWhitelist(61)) - Applying a derived dispatch whitelist because none is configured in gateway-site: ^\/.*$;^https?:\/\/testdp01:[0-9]+\/?.*$

然后我又吧gateway-site.xml中配置修改如下

    <property>
        <name>gateway.dispatch.whitelist</name>
        <value>^.*$</value>
        <description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services.
        If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description>
    </property>

发现还是一样,输入knox的账号密码后进去ambari又跳转出来了,又到了knox登陆界面。
但是这一次日志没有报错了
在这里插入图片描述

跟同事讨论发现可能要对knox中自带的ldap用户导入到ambari user中去

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/206761.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)
blank

相关推荐

  • 利用python、tensorflow、opencv实现人脸识别(包会)!「建议收藏」

    利用python、tensorflow、opencv实现人脸识别(包会)!「建议收藏」 一,前言本人是机械专业在读硕士,在完成暑假实践的时候接触到了人脸识别,对这一实现很感兴趣,所以花了大概十天时间做出了自己的人脸识别。这篇文章应该是很详细的了所以帮你实现人脸识别应该没什么问题。先说本博文的最终要达到的效果:通过一系列操作,在摄像头的视频流中识别特定人的人脸,并且予以标记。本人通过网上资料的查询发现这类人脸识别,大多参考了一位日本程序员小哥的文章。链接:http…

    2022年10月25日
  • Oracle监听器Server端与Client端配置实例

    Oracle监听器Server端与Client端配置实例

  • tomcat7和tomcat8的websocket区别

    tomcat7和tomcat8的websocket区别tomcat8真正支持jsr-356(包含对websocket的支持),tomcat7部分版本的websocket实现不兼容jsr-356。websocket实现tomcat7.x与tomcat8.x有很大差异。在tomcat7中使用websocket需要定义一个servlet,然后继承WebSocketServlet,在tomcat8中使用websocke。出自:http://blog.csd

  • 牛逼!Java 从入门到精通,超全汇总版

    牛逼!Java 从入门到精通,超全汇总版文章目录Java基础HeadFirstJavaJava核心技术卷一Java编程思想设计模式HeadFirst设计模式图解设计模式设计模式重学Java设计模式Java进阶Java并发编程实战Java并发编程艺术Java并发编程之美图解Java多线程设计模式JVM深入理解Java虚拟机Java虚拟机规范HotSpot实战自己动手写Java虚拟机MySQLMySQL基础教程SQL基础教程深入浅出MySQLMySQL必知必会SQL必知必会高性能MySQLMySQL

  • vb学习什么[通俗易懂]

    vb学习什么[通俗易懂]学习几天的vb总结一下实在学习什么,我们看到的vb程序设计这本书中,第一句话就介绍了vb是什么,它是一门面向对象的可视化程序设计语言,而我们用的一个vb6.0其实是一个已经打包的平台,而在这门语言中提到了面向对象,那面向对象是什么,它就是书中提到的三要素:属性、事件、方法。属性是指对象的特征,描述对象的数据,在生活中可以理解为你看到一个人或者一个事物给你的外在表象,不同的事物具有…

  • 手机分辨率介绍_手机分辨率通俗讲解

    手机分辨率介绍_手机分辨率通俗讲解分辨率(resolution,港台称之为解释度)就是屏幕图像的精密度,是指显示器所能显示的像素的多少。由于屏幕上的点、线和面都是由像素组成的,显示器可显示的像素越多,画面就越精细,同样的屏幕区域内能显示的信息也越多,所以分辨率是个非常重要的性能指标之一。可以把整个图像想象成是一个

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号