TT Bigdata
JaneTTR
2025-11-17
目录

[关闭 Kerberos]-Hive 注销异常

# 一、问题背景:关闭 Kerberos 时 Hive 卡在 ZK ACL

在 Ambari 中执行 关闭 Kerberos 向导 时,Hive 会在 disable_security 阶段调用 zkmigrator.jar 去修改 Zookeeper 上 /hive 的 ACL,把之前为 Kerberos 准备的安全 ACL 回滚为开放 ACL。

理论上这里应该是一个“打扫战场”的流程:

  • 找到 /hive 这个 znode
  • 执行一次 ACL 调整(例如:world:anyone:crdwa
  • 收尾完成后,Kerberos 撤销流程继续往下跑

实际环境中,却遇到了 连续重试 + Java 报错退出 的情况,导致整个 关闭 Kerberos 的操作失败

触发场景小结

  • Stack:BIGTOP 3.2.0
  • 组件:Hive Server2
  • 操作:通过 Ambari 关闭 Kerberos
  • 现象:Hive Server2 在 disable_security 阶段执行失败

# 二、完整报错日志与关键信息提取

# 1、Ambari 抛出的异常栈

stderr: 
NoneType: None

The above exception was the cause of the following exception:

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/stacks/BIGTOP/3.2.0/services/HIVE/package/scripts/hive_server.py", line 121, in <module>
    HiveServer().execute()
  File "/usr/lib/ambari-agent/lib/resource_management/libraries/script/script.py", line 413, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/stacks/BIGTOP/3.2.0/services/HIVE/package/scripts/hive_server.py", line 100, in disable_security
    zkmigrator.set_acls(self._base_node(params.hive_cluster_token_zkstore), 'world:anyone:crdwa')
  File "/usr/lib/ambari-agent/lib/resource_management/core/resources/zkmigrator.py", line 44, in set_acls
    tries=tries,
  File "/usr/lib/ambari-agent/lib/resource_management/core/base.py", line 168, in __init__
    self.env.run()
  File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line 171, in run
    self.run_action(resource, action)
  File "/usr/lib/ambari-agent/lib/resource_management/core/environment.py", line 137, in run_action
    provider_action()
  File "/usr/lib/ambari-agent/lib/resource_management/core/providers/system.py", line 350, in action_run
    returns=self.resource.returns,
  File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 95, in inner
    result = function(command, **kwargs)
  File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 161, in checked_call
    returns=returns,
  File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 278, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 493, in _call
    raise ExecutionFailed(err_msg, code, out, err)
resource_management.core.exceptions.ExecutionFailed: Execution of '/usr/jdk64/jdk17/bin/java -Djava.security.auth.login.config=/etc/hive/conf/zkmigrator_jaas.conf -jar /var/lib/ambari-agent/tools/zkmigrator.jar -connection-string hadoop1:2181,hadoop2:2181,hadoop3:2181 -znode /hive -acl world:anyone:crdwa' returned 1. Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
 stdout:
2025-11-06 11:34:23,663 - call['ambari-python-wrap /usr/lib/bigtop-select/distro-select status hive-server2'] {'timeout': 20}
2025-11-06 11:34:23,715 - call returned (0, 'hive-server2 - 3.2.0')
2025-11-06 11:34:23,717 - Stack Feature Version Info: Cluster Stack=3.2.0, Command Stack=None, Command Version=3.2.0 -> 3.2.0
2025-11-06 11:34:23,722 - Using hadoop conf dir: /etc/hadoop/conf
2025-11-06 11:34:23,727 - File['/var/lib/ambari-agent/cred/lib/CredentialUtil.jar'] {'content': DownloadSource('http://hadoop1:8080/resources/CredentialUtil.jar'), 'mode': 0o755}
2025-11-06 11:34:23,728 - Not downloading the file from http://hadoop1:8080/resources/CredentialUtil.jar, because /var/lib/ambari-agent/tmp/CredentialUtil.jar already exists
2025-11-06 11:34:24,577 - Setting ACL on znode /hive to world:anyone:crdwa
2025-11-06 11:34:24,577 - Execute['/usr/jdk64/jdk17/bin/java -Djava.security.auth.login.config=/etc/hive/conf/zkmigrator_jaas.conf -jar /var/lib/ambari-agent/tools/zkmigrator.jar -connection-string hadoop1:2181,hadoop2:2181,hadoop3:2181 -znode /hive -acl world:anyone:crdwa'] {'user': 'hive', 'environment': {'JAVA_HOME': '/usr/jdk64/jdk17'}, 'logoutput': True, 'tries': 3}
Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
2025-11-06 11:34:24,818 - Retrying after 0 seconds. Reason: Execution of '/usr/jdk64/jdk17/bin/java -Djava.security.auth.login.config=/etc/hive/conf/zkmigrator_jaas.conf -jar /var/lib/ambari-agent/tools/zkmigrator.jar -connection-string hadoop1:2181,hadoop2:2181,hadoop3:2181 -znode /hive -acl world:anyone:crdwa' returned 1. Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
2025-11-06 11:34:25,101 - Retrying after 0 seconds. Reason: Execution of '/usr/jdk64/jdk17/bin/java -Djava.security.auth.login.config=/etc/hive/conf/zkmigrator_jaas.conf -jar /var/lib/ambari-agent/tools/zkmigrator.jar -connection-string hadoop1:2181,hadoop2:2181,hadoop3:2181 -znode /hive -acl world:anyone:crdwa' returned 1. Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Failed to instantiate SLF4J LoggerFactory
Reported exception:
java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/log4j/Level
	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:388)
	at org.apache.zookeeper.ZooKeeper.<clinit>(ZooKeeper.java:165)
	at org.apache.ambari.tools.zk.ZkConnection.open(ZkConnection.java:43)
	at org.apache.ambari.tools.zk.ZkMigrator.setAcls(ZkMigrator.java:111)
	at org.apache.ambari.tools.zk.ZkMigrator.main(ZkMigrator.java:45)
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Level
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 9 more

Command failed after 1 tries
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234

# 2、UI 报错截图

报错在 Ambari 页面上表现如下:

image-20251106133509855

从日志里先锁定“根因关键词”

  • Failed to instantiate SLF4J LoggerFactory
  • NoClassDefFoundError: org/apache/log4j/Level
  • 入口类:org.apache.zookeeper.ZooKeeper
  • 使用的 Java:/usr/jdk64/jdk17/bin/java
  • 调用方式:-jar zkmigrator.jar

问题已经很明确:运行 zkmigrator.jar 时,类路径里缺 log4j,在 JDK17 环境里直接崩了。

# 三、从日志中还原 zkmigrator 的原始命令

从 stdout 部分可以直接提取 Ambari 实际执行的命令:

sudo -u hive /usr/jdk64/jdk17/bin/java \
  -Djava.security.auth.login.config=/etc/hive/conf/zkmigrator_jaas.conf \
  -jar /var/lib/ambari-agent/tools/zkmigrator.jar \
  -connection-string hadoop1:2181,hadoop2:2181,hadoop3:2181 \
  -znode /hive \
  -acl world:anyone:crdwa
1
2
3
4
5
6

我们在服务器上用 同样的命令 手工执行一遍,可以稳定复现同样的报错。

这样做的好处

  • 把问题从 Ambari Agent / Script 层 “剥离”出来
  • 聚焦在 Java 命令本身是否合理——特别是 classpath 与依赖是否完整

# 四、定位思路:-jar 模式下 classpath 不包含 ZK + log4j

在 JDK17 环境中,log4j 已经不可能出现在 JDK 自带库里,必须在 classpath 中显式引入。而当前命令采用的是:

java -jar /var/lib/ambari-agent/tools/zkmigrator.jar ...
1

这种调用方式有一个典型特征:

  • 默认只加载 当前 fat-jar 内部 的依赖
  • 不会自动去加载 Zookeeper client 自带的 log4j

对照一下环境现状:

  • zkmigrator.jar 里本身 没有打入 log4j
  • 集群已经安装了 Zookeeper 客户端,其中有 log4j,但 没有被加进 classpath
  • 最终效果就是:Zookeeper 初始化时要用到 org.apache.log4j.Level,却找不到对应类
为什么想到用 Zookeeper client 的 lib?
  1. 既然要操作 ZK(-connection-string ...),说明集群肯定安装了 Zookeeper
  2. ZK client 通常自带 log4j 相关 jar
  3. 直接复用 /usr/bigtop/current/zookeeper-client/lib 中的 jar,可以最小改动解决依赖缺失问题

# 五、命令行试验:从 -jar 切换到 -cp

# 1、替换为 -cp + 主类调用

把原来的命令从:

java -jar zkmigrator.jar ...
1

改成类似下面的形式(示意):

/usr/jdk64/jdk17/bin/java \
  -Djava.security.auth.login.config=/etc/hive/conf/zkmigrator_jaas.conf \
  -cp "/var/lib/ambari-agent/tools/zkmigrator.jar:/usr/bigtop/current/zookeeper-client/lib/*" \
  org.apache.ambari.tools.zk.ZkMigrator \
  -connection-string hadoop1:2181,hadoop2:2181,hadoop3:2181 \
  -znode /hive \
  -acl world:anyone:crdwa
1
2
3
4
5
6
7

核心变化有两点:

  • -cp 明确把 zkmigrator.jar + ZK_LIB_DIR/* 加入 classpath
  • 直接指定 主类org.apache.ambari.tools.zk.ZkMigrator

执行后如下图,命令可以 成功完成 ACL 设置

image-20251106133647494

说明

一旦在命令行验证通过,就可以确定:

  • 问题不在 JAAS 配置
  • 不在 Kerberos 凭证
  • 不在 ZK 地址与 ACL 本身 而是 纯粹的 classpath / log4j 依赖缺失

# 六、正式修复:改造 zkmigrator.py 的命令构造方式

Ambari 中 Hive 在调用 zkmigrator 时,入口在:

  • /usr/lib/ambari-agent/core/resources/zkmigrator.py(路径以实际环境为准)

我们对这个文件做了一个最小改动:只改造它生成 Java 命令的方式,其他逻辑全部保持不动。

原始文件通过 -jar 调用 zkmigrator.jar,我们将其改为 -cp + 主类,并且显式拼出 Zookeeper client 的 lib 路径。

image-20251106133532229

# 1、改造后的 zkmigrator.py 完整示例

image-20251117205224688

#!/usr/bin/env python3
"""
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Ambari Agent

"""
from resource_management.core.resources.system import Execute
from resource_management.core.logger import Logger
from resource_management.libraries.functions import format

# 新增两个常量
MAIN_CLASS = "org.apache.ambari.tools.zk.ZkMigrator"
ZK_LIB_DIR = "/usr/bigtop/current/zookeeper-client/lib"


class ZkMigrator:
    def __init__(self, zk_host, java_exec, java_home, jaas_file, user):
        self.zk_host = zk_host
        self.java_exec = java_exec
        self.java_home = java_home
        self.jaas_file = jaas_file
        self.user = user
        self.zkmigrator_jar = "/var/lib/ambari-agent/tools/zkmigrator.jar"

    def set_acls(self, znode, acl, tries=3):
        Logger.info(format("Setting ACL on znode {znode} to {acl}"))
        Execute(
            self._acl_command(znode, acl),
            user=self.user,
            environment={"JAVA_HOME": self.java_home},
            logoutput=True,
            tries=tries,
        )

    def delete_node(self, znode, tries=3):
        Logger.info(format("Removing znode {znode}"))
        Execute(
            self._delete_command(znode),
            user=self.user,
            environment={"JAVA_HOME": self.java_home},
            logoutput=True,
            tries=tries,
        )

    # 核心改动:这里由 -jar → -cp + 主类
    # 只改命令构造,不触碰其他逻辑
    def _java_prefix(self):
        classpath = f"\"{self.zkmigrator_jar}:{ZK_LIB_DIR}/*\""
        return (
            f"{self.java_exec} "
            f"-Djava.security.auth.login.config={self.jaas_file} "
            f"-cp {classpath} {MAIN_CLASS}"
        )

    def _acl_command(self, znode, acl):
        return (
            f"{self._java_prefix()} "
            f"-connection-string {self.zk_host} -znode {znode} -acl {acl}"
        )

    def _delete_command(self, znode):
        return (
            f"{self._java_prefix()} "
            f"-connection-string {self.zk_host} -znode {znode} -delete"
        )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

改动点总结

  1. 新增两个常量:

    • MAIN_CLASS = "org.apache.ambari.tools.zk.ZkMigrator"
    • ZK_LIB_DIR = "/usr/bigtop/current/zookeeper-client/lib"

  2. _java_prefix 里:

    • 使用 -cp "zkmigrator.jar:ZK_LIB_DIR/*"
    • 替换 -jar 调用方式
    • 在 classpath 中显式引入了 Zookeeper client 目录,间接引入 log4j

  3. 只改“命令字符串构造”,不改调用方式和业务逻辑set_acls / delete_node 等保持不变)。

#Ambari#Hive#Kerberos#Zookeeper#ZkMigrator#JDK17#Log4j
[关闭 Kerberos]-Kafka 注销异常
Kerberos 客户端模板渲染异常处理

Kerberos 客户端模板渲染异常处理

最近更新
01
[开启Kerberos]-Trino启动-配置文件处理
11-18
02
Livy 安装 2.2.0+
11-17
03
[开启Kerberos]-Trino启动-缺失PEM证书处理
11-17
更多文章>
Theme by Vdoing | Copyright © 2017-2025 JaneTTR | MIT License