快捷導(dǎo)航

python3.6.5基于kerberos認(rèn)證的hive和hdfs連接調(diào)用方式

更新時(shí)間：2020年06月06日 10:12:35 作者：后廠村葫蘆娃

這篇文章主要介紹了python3.6.5基于kerberos認(rèn)證的hive和hdfs連接調(diào)用方式，具有很好的參考價(jià)值，希望對大家有所幫助。一起跟隨小編過來看看吧

1. Kerberos是一種計(jì)算機(jī)網(wǎng)絡(luò)授權(quán)協(xié)議，用來在非安全網(wǎng)絡(luò)中，對個(gè)人通信以安全的手段進(jìn)行身份認(rèn)證。具體請查閱官網(wǎng)

2. 需要安裝的包（基于centos）

yum install libsasl2-dev
yum install gcc-c++ python-devel.x86_64 cyrus-sasl-devel.x86_64
yum install python-devel 
yum install krb5-devel
yum install python-krbV
 
pip install krbcontext==0.9
pip install thrift==0.9.3
pip install thrift-sasl==0.2.1
pip install impyla==0.14.1
pip install hdfs[kerberos]
pip install pykerberos==1.2.1

3. /etc/krb5.conf 配置，在這個(gè)文件里配置你服務(wù)器所在的域

4./etc/hosts 配置，配置集群機(jī)器和域所在機(jī)器

5. 通過kinit 生成 ccache_file或者keytab_file

6. 連接hive代碼如下

import os
from impala.dbapi import connect
from krbcontext import krbcontext
keytab_path = os.path.split(os.path.realpath(__file__))[0] + '/xxx.keytab'
principal = 'xxx'
with krbcontext(using_keytab=True,principal=principal,keytab_file=keytab_path):
 conn = connect(host=ip, port=10000, auth_mechanism='GSSAPI', kerberos_service_name='hive')
 cursor = conn.cursor()
 cursor.execute('SELECT * FROM default.books')
 for row in cursor:
  print(row)

7. 連接hdfs代碼如下

from hdfs.ext.kerberos import KerberosClient
from krbcontext import krbcontext
 
hdfs_url = 'http://' + host + ':' + port
data = self._get_keytab(sso_ticket)
self._save_keytab(data)
with krbcontext(using_keytab=True, keytab_file=self.keytab_file, principal=self.user):
 self.client = KerberosClient(hdfs_url)
 self.client._list_status(path).json()['FileStatuses']['FileStatus'] #獲取path下文件及文件夾

8. 注：krbcontext這個(gè)包官方說支持python2，但是python3也能用

這個(gè)hdfs_url 一定要帶"http://"不然會(huì)報(bào)錯(cuò)

9. 我新增了一些配置文件配置，具體的操作如下

python3.6.5基于kerberos認(rèn)證的hdfs,hive連接調(diào)用（含基礎(chǔ)環(huán)境配置）

1需要準(zhǔn)備的環(huán)境

yum包（需要先裝yum包，再裝python包，不然會(huì)有問題）

 yum install openldap-clients -y
 yum install krb5-workstation krb5-libs -y
 yum install gcc-c++ python-devel.x86_64 cyrus-sasl-devel.x86_64
 yum install python-devel 
 yum install krb5-devel
 yum install python-krbV
 yum install cyrus-sasl-plain cyrus-sasl-devel cyrus-sasl-gssapi

python包安裝（pip或pip3，請根據(jù)實(shí)際情況選擇）

 pip install krbcontext==0.9
 pip install thrift==0.9.3
 pip install thrift-sasl==0.2.1
 pip install impyla==0.14.1
 pip install hdfs[kerberos]
 pip install pykerberos==1.2.1

配置/etc/hosts文件（需要把大數(shù)據(jù)平臺的機(jī)器和域名進(jìn)行配置）

10.xxx.xxx.xxx name-1 panel.test.com
10.xxx.xxx.xxx name-1

配置/etc/krb5.conf(具體查看kerberos服務(wù)配置中心)

參考配置（僅供參考，具體更具自己實(shí)際配置修改）

[libdefaults]
  renew_lifetime = 9d
  forwardable = true
  default_realm = PANEL.COM
  ticket_lifetime = 24h
  dns_lookup_realm = false
  dns_lookup_kdc = false
  default_ccache_name = /tmp/krb5cc_%{uid}
 [logging]
  default = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind1.log
  kdc = FILE:/var/log/krb5kdc1.log
 [realms]
  PANEL.COM = {
  admin_server = panel.test1.com
  kdc = panel.test1.com
  }

連接代碼：

hdfs：

import json, os
from hdfs.ext.kerberos import KerberosClient
from krbcontext import krbcontext
 
 def _connect(self, host, port, sso_ticket=None):
  try:
   hdfs_url = 'http://' + host + ':' + port
   active_str = 'kinit -kt {0} {1}'.format(self.keytab_file, self.user)
   # 激活當(dāng)前kerberos用戶認(rèn)證，因?yàn)閜ython緩存機(jī)制，切換用戶，這個(gè)緩存不會(huì)自動(dòng)切換，需要手動(dòng)處理下
   os.system(active_str)
   with krbcontext(using_keytab=True, keytab_file=self.keytab_file, principal=self.user):
    self.client = KerberosClient(hdfs_url)
  except Exception as e:
   raise e

hive

import os
from krbcontext import krbcontext
from impala.dbapi import connect
from auto_model_platform.settings import config

 def _connect(self, host, port, sso_ticket=None):
  try:
   active_str = 'kinit -kt {0} {1}'.format(self.keytab_file, self.user)
   # 同hdfs
   os.system(active_str)
   with krbcontext(using_keytab=True, principal=self.user, keytab_file=self.keytab_file):
    self.conn = connect(host=host, port=port, auth_mechanism='GSSAPI', kerberos_service_name='hive')
    self.cursor = self.conn.cursor()
  except Exception as e:
   raise e

總結(jié)

我在做的時(shí)候也遇到很多坑，其實(shí)在這個(gè)需要理解其中原理，比如kerberos的機(jī)制和對應(yīng)命令

如果是做基礎(chǔ)平臺用，用多用戶切換的情況，建議不要用python，因?yàn)橐稽c(diǎn)都不友好，官方包問題很多，我都改用java的jdbc去操作hdfs和hive了

如果只是自己測試和和做算法研究，還是可以用的，因?yàn)檫@個(gè)代碼簡單，容易實(shí)現(xiàn)

補(bǔ)充

kinit命令