1. 配置core-site.xml，並scp到其他節點

引數說明：

The following properties should be in the core-site.xml of all the nodes in the cluster.

hadoop.http.filter.initializers: add to this property the org.apache.hadoop.security.AuthenticationFilterInitializer initializer class.

hadoop.http.authentication.type: Defines authentication used for the HTTP web-consoles. The supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME#. The dfeault value is simple.

hadoop.http.authentication.token.validity: Indicates how long (in seconds) an authentication token is valid before it has to be renewed. The default value is 36000.

hadoop.http.authentication.signature.secret.file: The signature secret file for signing the authentication tokens. The same secret should be used for all nodes in the cluster, JobTracker, NameNode, DataNode and TastTracker. The default value is $user.home/hadoop-http-auth-signature-secret. IMPORTANT: This file should be readable only by the Unix user running the daemons.

hadoop.http.authentication.cookie.domain: The domain to use for the HTTP cookie that stores the authentication token. In order to authentiation to work correctly across all nodes in the cluster the domain must be correctly set. There is no default value, the HTTP cookie will not have a domain working only with the hostname issuing the HTTP cookie.

IMPORTANT: when using IP addresses, browsers ignore cookies with domain settings. For this setting to work properly all nodes in the cluster must be configured to generate URLs with hostname.domain names on it.

hadoop.http.authentication.simple.anonymous.allowed: Indicates if anonymous requests are allowed when using 'simple' authentication. The default value is true

hadoop.http.authentication.kerberos.principal: Indicates the Kerberos principal to be used for HTTP endpoint when using 'kerberos' authentication. The principal short name must be HTTP per Kerberos HTTP SPNEGO specification. The default value is HTTP/
 
[email protected]$LOCALHOST, where _HOST -if present- is replaced with bind address of the HTTP server.

hadoop.http.authentication.kerberos.keytab: Location of the keytab file with the credentials for the Kerberos principal used for the HTTP endpoint. The default value is $user.home/hadoop.keytab.i

 

2. 手動建立 ${user.home}/hadoop-http-auth-signature-secret 檔案，並sep到其他節點

3、重新啟動後發現如下錯誤，確認是該Hadoop版本不支援：

4、升級Hadoop版本，新版本為Hadoop1.2.1,升級過程如下;

1：執行dfsadmin -upgradeProgress status 檢查是否存在備份 如果是第一次升級 就不存在備份
2：備份dfs.namenode.dir下檔案
3：停止所有節點 bin/stop-all.sh
4：在所有節點上重新部署hadoop 並替換conf資料夾下所有檔案（就是將原有的hadoop-0.19.1更名為hadoop-0.21.0-oldverstion,然後解壓hadoop-1.2.1.tar.gz 將0.19.2中的conf檔案替換為0.21.0中的conf資料夾）,注意複製檔案後文件許可權問題。

[[email protected] hadoop]$ vi /etc/profile.d/java.sh

export JAVA_HOME=/usr/java/jdk1.6.0_22/
export HADOOP_HOME=/opt/modules/hadoop/hadoop-0.21.0/
export HIVE_HOME=/opt/modules/hive-0.11.0/
export PATH=$JAVA_HOME/bin:$HADOOP_HOME/bin:$HIVE_HOME/bin:$PATH

[[email protected] profile.d]# source /etc/profile
[[email protected] profile.d]# cd $HADOOP_HOME

5：使用 bin/start-dfs.sh -upgrade 進行升級
6：執行一段時間後 沒有問題 再 執行升級終結操作bin/hadoop dfsadmin -finalizeUpgrade

7：升級完成

注意:

HDFS從一個版本升級到另外一個版本的時候，NameNode和DataNode使用的檔案格式有可能會改變。當你第一次使用新版本的時候，你要使用

bin/start-dfs.sh -upgrade

告訴Hadoop 去改變HDFS版本（否則，新版本不會生效）。

然後它開始升級，你可以通過

bin/hadoop dfsadmin -upgradeProgress

命令來檢視版本升級的情況。

當然你可以使用

bin/hadoop dfsadmin -upgradeProgress details

來檢視更多的詳細資訊。

當升級過程被阻塞的時候，你可以使用

bin/hadoop dfsadmin -upgradeProgress force

來強制升級繼續執行（當你使用這個命令的時候，一定要慎重考慮）。

當HDFS升級完畢後，Hadoop依舊保留著舊版本的有關資訊，
以便你可以方便的對HDFS進行降級操作。
可以使用bin/start-dfs.sh -rollback來執行降級操作。

4、重新驗證：

6、最後：bin/hadoop dfsadmin -finalizeUpgrade

7、50030埠2個NODE處理Save安全模式下，最後離開安全模式；

重新檢視效果;

7