HADOOP-15168. Add kdiag tool to hadoop command. Contributed by Bharat Viswanadham.
This commit is contained in:
parent
d4e13a4647
commit
51cb6c5380
@ -45,6 +45,7 @@ function hadoop_usage
|
|||||||
hadoop_add_subcommand "key" client "manage keys via the KeyProvider"
|
hadoop_add_subcommand "key" client "manage keys via the KeyProvider"
|
||||||
hadoop_add_subcommand "trace" client "view and modify Hadoop tracing settings"
|
hadoop_add_subcommand "trace" client "view and modify Hadoop tracing settings"
|
||||||
hadoop_add_subcommand "version" client "print the version"
|
hadoop_add_subcommand "version" client "print the version"
|
||||||
|
hadoop_add_subcommand "kdiag" client "Diagnose Kerberos Problems"
|
||||||
hadoop_generate_usage "${HADOOP_SHELL_EXECNAME}" true
|
hadoop_generate_usage "${HADOOP_SHELL_EXECNAME}" true
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -148,6 +149,9 @@ function hadoopcmd_case
|
|||||||
kerbname)
|
kerbname)
|
||||||
HADOOP_CLASSNAME=org.apache.hadoop.security.HadoopKerberosName
|
HADOOP_CLASSNAME=org.apache.hadoop.security.HadoopKerberosName
|
||||||
;;
|
;;
|
||||||
|
kdiag)
|
||||||
|
HADOOP_CLASSNAME=org.apache.hadoop.security.KDiag
|
||||||
|
;;
|
||||||
key)
|
key)
|
||||||
HADOOP_CLASSNAME=org.apache.hadoop.crypto.key.KeyShell
|
HADOOP_CLASSNAME=org.apache.hadoop.crypto.key.KeyShell
|
||||||
;;
|
;;
|
||||||
|
@ -149,7 +149,7 @@ call :updatepath %HADOOP_BIN_PATH%
|
|||||||
exit /b
|
exit /b
|
||||||
)
|
)
|
||||||
|
|
||||||
set corecommands=fs version jar checknative conftest distch distcp daemonlog archive classpath credential kerbname key trace
|
set corecommands=fs version jar checknative conftest distch distcp daemonlog archive classpath credential kerbname key trace kdiag
|
||||||
for %%i in ( %corecommands% ) do (
|
for %%i in ( %corecommands% ) do (
|
||||||
if %hadoop-command% == %%i set corecommand=true
|
if %hadoop-command% == %%i set corecommand=true
|
||||||
)
|
)
|
||||||
@ -231,6 +231,10 @@ call :updatepath %HADOOP_BIN_PATH%
|
|||||||
set CLASS=org.apache.hadoop.security.HadoopKerberosName
|
set CLASS=org.apache.hadoop.security.HadoopKerberosName
|
||||||
goto :eof
|
goto :eof
|
||||||
|
|
||||||
|
:kdiag
|
||||||
|
set CLASS=org.apache.hadoop.security.KDiag
|
||||||
|
goto :eof
|
||||||
|
|
||||||
:key
|
:key
|
||||||
set CLASS=org.apache.hadoop.crypto.key.KeyShell
|
set CLASS=org.apache.hadoop.crypto.key.KeyShell
|
||||||
goto :eof
|
goto :eof
|
||||||
@ -307,6 +311,7 @@ call :updatepath %HADOOP_BIN_PATH%
|
|||||||
@echo credential interact with credential providers
|
@echo credential interact with credential providers
|
||||||
@echo jnipath prints the java.library.path
|
@echo jnipath prints the java.library.path
|
||||||
@echo kerbname show auth_to_local principal conversion
|
@echo kerbname show auth_to_local principal conversion
|
||||||
|
@echo kdiag diagnose kerberos problems
|
||||||
@echo key manage keys via the KeyProvider
|
@echo key manage keys via the KeyProvider
|
||||||
@echo trace view and modify Hadoop tracing settings
|
@echo trace view and modify Hadoop tracing settings
|
||||||
@echo daemonlog get/set the log level for each daemon
|
@echo daemonlog get/set the log level for each daemon
|
||||||
|
@ -187,6 +187,12 @@ user name.
|
|||||||
|
|
||||||
Example: `hadoop kerbname user@EXAMPLE.COM`
|
Example: `hadoop kerbname user@EXAMPLE.COM`
|
||||||
|
|
||||||
|
### `kdiag`
|
||||||
|
|
||||||
|
Usage: `hadoop kdiag`
|
||||||
|
|
||||||
|
Diagnose Kerberos Problems
|
||||||
|
|
||||||
### `key`
|
### `key`
|
||||||
|
|
||||||
Usage: `hadoop key <subcommand> [options]`
|
Usage: `hadoop key <subcommand> [options]`
|
||||||
|
@ -435,17 +435,12 @@ or a specific principal in a named keytab.
|
|||||||
The output of the command can be used for local diagnostics, or forwarded to
|
The output of the command can be used for local diagnostics, or forwarded to
|
||||||
whoever supports the cluster.
|
whoever supports the cluster.
|
||||||
|
|
||||||
The `KDiag` command has its own entry point; it is currently not hooked up
|
The `KDiag` command has its own entry point; It is invoked by passing `kdiag` to
|
||||||
to the end-user CLI.
|
`bin/hadoop` command. Accordingly, it will display the kerberos client state
|
||||||
|
of the command used to invoke it.
|
||||||
It is invoked simply by passing its full classname to one of the `bin/hadoop`,
|
|
||||||
`bin/hdfs` or `bin/yarn` commands. Accordingly, it will display the kerberos client
|
|
||||||
state of the command used to invoke it.
|
|
||||||
|
|
||||||
```
|
```
|
||||||
hadoop org.apache.hadoop.security.KDiag
|
hadoop kdiag
|
||||||
hdfs org.apache.hadoop.security.KDiag
|
|
||||||
yarn org.apache.hadoop.security.KDiag
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The command returns a status code of 0 for a successful diagnostics run.
|
The command returns a status code of 0 for a successful diagnostics run.
|
||||||
@ -525,7 +520,7 @@ some basic Kerberos preconditions.
|
|||||||
#### `--out outfile`: Write output to file.
|
#### `--out outfile`: Write output to file.
|
||||||
|
|
||||||
```
|
```
|
||||||
hadoop org.apache.hadoop.security.KDiag --out out.txt
|
hadoop kdiag --out out.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
Much of the diagnostics information comes from the JRE (to `stderr`) and
|
Much of the diagnostics information comes from the JRE (to `stderr`) and
|
||||||
@ -534,7 +529,7 @@ To get all the output, it is best to redirect both these output streams
|
|||||||
to the same file, and omit the `--out` option.
|
to the same file, and omit the `--out` option.
|
||||||
|
|
||||||
```
|
```
|
||||||
hadoop org.apache.hadoop.security.KDiag --keytab zk.service.keytab --principal zookeeper/devix.example.org@REALM > out.txt 2>&1
|
hadoop kdiag --keytab zk.service.keytab --principal zookeeper/devix.example.org@REALM > out.txt 2>&1
|
||||||
```
|
```
|
||||||
|
|
||||||
Even there, the output of the two streams, emitted across multiple threads, can
|
Even there, the output of the two streams, emitted across multiple threads, can
|
||||||
@ -543,15 +538,12 @@ name in the Log4j output to distinguish background threads from the main thread
|
|||||||
helps at the hadoop level, but doesn't assist in JVM-level logging.
|
helps at the hadoop level, but doesn't assist in JVM-level logging.
|
||||||
|
|
||||||
#### `--resource <resource>` : XML configuration resource to load.
|
#### `--resource <resource>` : XML configuration resource to load.
|
||||||
|
To load XML configuration files, this option can be used. As by default, the
|
||||||
When using the `hdfs` and `yarn` commands, it is often useful to force
|
`core-default` and `core-site` XML resources are only loaded. This will help,
|
||||||
load the `hdfs-site.xml` and `yarn-site.xml` resource files, to pick up any Kerberos-related
|
when additional configuration files has any Kerberos related configurations.
|
||||||
configuration options therein.
|
|
||||||
The `core-default` and `core-site` XML resources are always loaded.
|
|
||||||
|
|
||||||
```
|
```
|
||||||
hdfs org.apache.hadoop.security.KDiag --resource hbase-default.xml --resource hbase-site.xml
|
hadoop kdiag --resource hbase-default.xml --resource hbase-site.xml
|
||||||
yarn org.apache.hadoop.security.KDiag --resource yarn-default.xml --resource yarn-site.xml
|
|
||||||
```
|
```
|
||||||
|
|
||||||
For extra logging during the operation, set the logging and `HADOOP_JAAS_DEBUG`
|
For extra logging during the operation, set the logging and `HADOOP_JAAS_DEBUG`
|
||||||
@ -580,9 +572,9 @@ nor `"/"` characters.
|
|||||||
### Example
|
### Example
|
||||||
|
|
||||||
```
|
```
|
||||||
hdfs org.apache.hadoop.security.KDiag \
|
hadoop kdiag \
|
||||||
--nofail \
|
--nofail \
|
||||||
--resource hbase-default.xml --resource hbase-site.xml \
|
--resource hdfs-site.xml --resource yarn-site.xml \
|
||||||
--keylen 1024 \
|
--keylen 1024 \
|
||||||
--keytab zk.service.keytab --principal zookeeper/devix.example.org@REALM
|
--keytab zk.service.keytab --principal zookeeper/devix.example.org@REALM
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user