Apache knox_apache发生服务特定错误1

Apache knox_apache发生服务特定错误1knox错误总结windowsbrowser有时候打不开KnoxUIhosts文件添加Knox的{{GATE_WAY}}ip的映射就可以打开界面了打开Knoxadmin_UI后显示不完全需要下载特定的js,私信我即可解决Knox配置yarnservice报错2020-03-1717:07:13,311ERRORknox.gateway(Gateway…

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全家桶1年46,售后保障稳定

knox错误总结

windows browser 有时候打不开Knox UI

hosts文件添加 Knox 的{
{GATE_WAY}}ip的映射
就可以打开界面了


打开Knox admin_UI后显示不完全

在这里插入图片描述

需要 下载特定的js,私信我即可解决


Knox 配置yarn service报错

在这里插入图片描述

2020-03-17 17:07:13,311 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to http://10.1.236.56:8088/cluster was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

Jetbrains全家桶1年46,售后保障稳定

需要修改一下gateway.dispatch.whitelist.services属性,内容里删掉YARNUI,如果不删除,则会报错:
在这里插入图片描述
修改完重新调用
ERROR knox.gateway (GatewayFilter.java:doFilter(173)) – Gateway processing failed: java.io.IOException: Service connectivity error.

发现是地址写错了
地址修改后没问题


Knox跳yarn时账号密码输入后跳转不进去

在这里插入图片描述

2020-03-17 18:08:12,147 ERROR knox.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(206)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user ou=people,dc=hadoop,dc=apache,dc=org]

https://cwiki.apache.org/confluence/display/KNOX/2017/03/01/Apache+Knox+using+multiple+LDAP+Realms
发现realm配置错误
在这里插入图片描述
要把这个Uid加上就可以了


KnoxSSO登陆后,一会就退出

修改timeout参数,30–>60,不行
百度
在这里插入图片描述
整个人沉默了
看gateway.log日志

2020-03-17 14:59:34,277 INFO  federation.jwt (AbstractJWTFilter.java:validateToken(295)) - Access token has expired; a new one must be acquired.

看文档
https://cwiki.apache.org/confluence/display/KNOX/KnoxToken+Sessions+with+KnoxShell+in+Apache+Knox+0.12.0

param descriptor value
knox.token.ttl This indicates the lifespan of the token. Once it expires a new token must be acquired from KnoxToken service. This is in milliseconds. The 36000000 in the topology above gives you 10 hrs 30000 That is 30 seconds
knox.token.audiences This is a comma separated list of audiences to add to the JWT token. This is used to ensure that a token received by a participating application knows that the token was intended for use with that application. It is optional. In the event that an endpoint has expected audiences and they are not present the token must be rejected. In the event where the token has audiences and the endpoint has none expected then the token is accepted. empty
knox.token.target.url This is an optional configuration parameter to indicate the intended endpoint for which the token may be used. The KnoxShell token credential collector can pull this URL from a knoxtokencache file to be used in scripts. This eliminates the need to prompt for or hardcode endpoints in your scripts. n/a

knox.token.ttl参数修改下就好了


登陆账号密码后继续让登陆52集群


高版本1.0.x的knox 跳转Hdfs,HbaseUI ssl报错

2020-04-13 11:53:03,401 WARN  knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: https://host-10-1-236-145:8443/gateway/ocdp/hdfs
?user.name=admin javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: un
able to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target

正在解决中…


输入admin/admin-password点击sign in报错

因为ambari 2.6版本没有KNOX的quick links
所以访问knox admin ui需要手动输入,url如下
https://10.1.236.84:8443/gateway/knoxsso/knoxauth/login.html

输入admin/admin-password点击sign in报错
查看gateway.log发现报错日志如下

ERROR service.knoxsso (WebSSOResource.java:getAuthenticationToken(172)) - The original URL: undefined for redirecting back after authentication is not valid according to the configured whitelist: . See documentation for KnoxSSO Whitelisting.

在ambari2.6版本中没有quick link的跳转,所以没有cookie带进来,正在解决


Knox跳转HDFS页面js加载不出来

/usr/hdp/2.6.0.3-8/knox/data/services/hdfsui/2.7.0/rewrite.xml添加如下配置
并删除/usr/hdp/2.6.0.3-8/knox/data/deployments/中的cluster.topo文件,重启集群knox

  <rule dir="OUT" name="HDFSUI/hdfs/outbound/jquery-1.10.2.min.js" pattern="/static/jquery-1.10.2.min.js">
    <rewrite template="{$frontend[url]}/hdfs/static/jquery-1.10.2.min.js"/>
  </rule>
  <rule dir="OUT" name="HDFSUI/hdfs/outbound/jquery.dataTables.min.js" pattern="/static/jquery.dataTables.min.js">
    <rewrite template="{$frontend[url]}/hdfs/static/jquery.dataTables.min.js"/>

nginx跳转knox跳转ranger报错400

nginx代理knox报错,但是knox直接跳转正常

在这里插入图片描述

解决方案
/usr/hdp/2.6.0.3-8/knox/data/services/rangerui/2.7.0/rewrite.xml添加如下配置
并删除/usr/hdp/2.6.0.3-8/knox/data/deployments/中的cluster.topo文件,重启集群knox

<match pattern="*://*:*/login.jsp"/>

0.12版本knox无法在ambari操作组件启停

前台报错
在这里插入图片描述
gateway.log如下

2020-04-13 15:54:15,600 WARN  hadoop.gateway (DefaultDispatch.java:executeOutboundRequest(146)) - Connection exception dispatching request: http://10.1.236.84:8080/api/v1/stacks/HDP/versions/2.6/recommendations java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: "d{"

F12

message: "Invalid Request: Malformed Request Body.  An exception occurred parsing the request body: Unexpected character ('%' (code 37)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')↵ at [Source: java.io.StringReader@699524d0; line: 1, column: 3]"

解决方案
ocdp.xml中添加配置

    <service>
         <role>AMBARI</role>
         <url>http://10.1.236.84:8080</url>
    </service>

加了这个配置后就可以进行ambari操作组件,包括配置参数修改、组件启停


knox访问组件UI报错

2020-04-13 16:21:03,961 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to https://10.1.236.84:8443/gateway/ocdp/hdfs was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

将gateway.site.xml参数进行修改

gateway.dispatch.whitelist=DEFAULT

Knox访问ambari,后台不停报错

2020-04-13 17:07:41,990 ERROR hadoop.gateway (JsonFilterReader.java:filterStreamValue(531)) - Failed to filter value http://ocdp_host-10-1-236-84/api/v1/clusters/ocdp/requests/377, rule AMBARI/ambari/href/outbound: java.lang.NullPointerException
2020-04-13 17:07:41,990 ERROR hadoop.gateway (UrlRewriteProcessor.java:rewrite(169)) - Failed to rewrite URL: http://ocdp_host-10-1-236-84/api/v1/clusters/ocdp/requests/378, direction: OUT via rule: AMBARI/ambari/href/outbound, status: FAILURE

解决方案
删除底下文件的配置
/usr/hdp/2.6.0.3-8/knox/data/services/ambari/2.2.0/rewrite.xml

<match pattern="*://*:*/api/{**}?{**}"/>

Knox跳转yarn界面中其他节点日志8042报错

2020-03-17 17:07:13,311 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to http://10.1.236.56:8042/cluster was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

gateway-site.xml修改参数

gateway.dispatch.whitelist.services=DEFAULT

knox 修改了create-master密码启动失败

ERROR hadoop.gateway (DefaultAliasService.java:getPasswordFromAliasForCluster(100)) - Failed to get credential for cluster __gateway: org.apache.hadoop.gateway.se
rvices.security.KeystoreServiceException: java.io.IOException: Keystore was tampered with, or password was incorrect
 FATAL hadoop.gateway (GatewayServer.java:main(155)) - Failed to start gateway: org.apache.hadoop.gateway.services.ServiceLifecycleException: Provisioned signing k
ey passphrase cannot be acquired.

修改了knox gateway的create-master ,启动报错
解决方案:rm -rf {GATE_WAY}/data/security/*
然后再
su knox;
{GATE_WAY}/bin/create-master;
{GATE_WAY}/bin/gateway.sh start
即可

报错Gateway SSL Certificate is Expired. Server will not start

2021-08-24 10:18:43,689 FATAL knox.gateway (GatewayServer.java:main(167)) - Failed to start gateway: org.apache.knox.gateway.services.ServiceLifecycleException: Gateway SSL Certificate is Expired. Server will not start.

解决

证书过期了,重新生成试试
mv /home/ocdc/knox/data/security/keystores/gateway.jks /home/ocdc/knox/data/security/keystores/bak_gateway.jks

Knox 代理ambari等页面后输入密码报错

在这里插入图片描述
后台日志如下
在这里插入图片描述

ERROR service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - The original URL: http://10.1.236.92:8080/ for redirecting back after authentication is not valid according to the configured whitelist: ^/.*$;^https?://(.+\.asiainfo\.com):[0-9]+/?.*$. See documentation for KnoxSSO Whitelisting.

在这里插入图片描述

试试1.4版本吧
结果依旧是这个错
但是发现正则不匹配
正则匹配上了就可以了
但是输入knox的账号密码后进去ambari又跳转出来了,又到了knox登陆界面
后台日志报错如下

2020-09-01 17:34:18,928 INFO  knox.gateway (KnoxLdapRealm.java:getUserDn(688)) - Computed userDn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org using dnTemplate for principal: admin
2020-09-01 17:34:18,945 ERROR knox.gateway (WhitelistUtils.java:deriveDefaultDispatchWhitelist(92)) - Unable to reliably determine the Knox domain for the default whitelist. Defaulting to allow requests only to testdp01. Please consider explicitly configuring the whitelist via the gateway.dispatch.whitelist property in gateway-site
2020-09-01 17:34:18,945 INFO  knox.gateway (WhitelistUtils.java:getDispatchWhitelist(61)) - Applying a derived dispatch whitelist because none is configured in gateway-site: ^\/.*$;^https?:\/\/testdp01:[0-9]+\/?.*$
2020-09-01 17:34:18,946 INFO  knox.gateway (CookieUtils.java:getCookiesForName(46)) - Unable to find cookie with name: original-url
2020-09-01 17:34:18,959 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(368)) - JWT cookie successfully added.
2020-09-01 17:34:18,960 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(270)) - About to redirect to original URL: http://testdp01:8080/
2020-09-01 17:34:19,235 ERROR knox.gateway (WhitelistUtils.java:deriveDefaultDispatchWhitelist(92)) - Unable to reliably determine the Knox domain for the default whitelist. Defaulting to allow requests only to testdp01. Please consider explicitly configuring the whitelist via the gateway.dispatch.whitelist property in gateway-site
2020-09-01 17:34:19,235 INFO  knox.gateway (WhitelistUtils.java:getDispatchWhitelist(61)) - Applying a derived dispatch whitelist because none is configured in gateway-site: ^\/.*$;^https?:\/\/testdp01:[0-9]+\/?.*$

然后我又吧gateway-site.xml中配置修改如下

    <property>
        <name>gateway.dispatch.whitelist</name>
        <value>^.*$</value>
        <description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services.
        If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description>
    </property>

发现还是一样,输入knox的账号密码后进去ambari又跳转出来了,又到了knox登陆界面。
但是这一次日志没有报错了
在这里插入图片描述

跟同事讨论发现可能要对knox中自带的ldap用户导入到ambari user中去

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/206761.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号