HADOOP部署之后无法WEB访问_hadoop3.3.6 ha集群搭建后无法web访问

问题现象

部署HADOOP后，无法通过http://ip:port访问服务页面

问题1：hdfs-site.xml配置项

• 通过jps命令查看java进程的状态，HADOOP相关的进程运行正常。

jps是jdk提供的一个查看当前java进程的小工具， 可以看做是JavaVirtual Machine Process Status Tool的缩写。

[root@node4 ~]# jps
25059 SecondaryNameNode
25347 ResourceManager
25556 NodeManager
24805 DataNode
29269 Jps
24633 NameNode
1
2
3
4
5
6
7

• 通过netstat命令查看网络端口服务情况，发现local address列给出的ip地址除了127.0.0.1就是0.0.0.0，这些本地有效的地址，是无法对外提供服务的，这才是问题的关键。

[root@node4 ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:43759         0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 0.0.0.0:50070        0.0.0.0:*               LISTEN      24633/java          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      12782/sshd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2325/master         
tcp        0      0 0.0.0.0:50010           0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 0.0.0.0:50075           0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 0.0.0.0:50020           0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      24633/java          
tcp        0      0 0.0.0.0:50090           0.0.0.0:*               LISTEN      25059/java          
tcp6       0      0 :::22                   :::*                    LISTEN      12782/sshd          
tcp6       0      0 127.0.0.1:8088          :::*                    LISTEN      25347/java          
tcp6       0      0 ::1:25                  :::*                    LISTEN      2325/master         
tcp6       0      0 :::13562                :::*                    LISTEN      25556/java          
tcp6       0      0 :::43451                :::*                    LISTEN      25556/java          
tcp6       0      0 127.0.0.1:8030          :::*                    LISTEN      25347/java          
tcp6       0      0 127.0.0.1:8031          :::*                    LISTEN      25347/java          
tcp6       0      0 127.0.0.1:8032          :::*                    LISTEN      25347/java          
tcp6       0      0 127.0.0.1:8033          :::*                    LISTEN      25347/java          
tcp6       0      0 :::8040                 :::*                    LISTEN      25556/java          
tcp6       0      0 :::8042                 :::*                    LISTEN      25556/java          
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

修改HADOOP_HOME/etc/hadoop/hdfs-site.xml文件，加入

<property>
        <name>dfs.namenode.http-address</name>
        <value>node4:50070</value>
</property>
1
2
3
4

再次用netstat -ntlp查看

[root@node4 ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:43759         0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 10.60.8.28.50070        0.0.0.0:*               LISTEN      24633/java          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      12782/sshd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2325/master         
tcp        0      0 0.0.0.0:50010           0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 0.0.0.0:50075           0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 0.0.0.0:50020           0.0.0.0:*               LISTEN      24805/java          
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      24633/java          
tcp        0      0 0.0.0.0:50090           0.0.0.0:*               LISTEN      25059/java          
tcp6       0      0 :::22                   :::*                    LISTEN      12782/sshd          
tcp6       0      0 127.0.0.1:8088          :::*                    LISTEN      25347/java          
tcp6       0      0 ::1:25                  :::*                    LISTEN      2325/master         
tcp6       0      0 :::13562                :::*                    LISTEN      25556/java          
tcp6       0      0 :::43451                :::*                    LISTEN      25556/java          
tcp6       0      0 127.0.0.1:8030          :::*                    LISTEN      25347/java          
tcp6       0      0 127.0.0.1:8031          :::*                    LISTEN      25347/java          
tcp6       0      0 127.0.0.1:8032          :::*                    LISTEN      25347/java          
tcp6       0      0 127.0.0.1:8033          :::*                    LISTEN      25347/java          
tcp6       0      0 :::8040                 :::*                    LISTEN      25556/java          
tcp6       0      0 :::8042                 :::*                    LISTEN      25556/java          
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

问题2：selinux

按照道理应该可以访问50070端口了，但是仍然不行。再检查selinux，发现状态是enabled。
- 查看SELINUX的状态

[root@node4 ~]# /usr/sbin/sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Process contexts:
Current context:                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling terminal:           unconfined_u:object_r:user_devpts_t:s0
/etc/passwd                     system_u:object_r:passwd_file_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

编辑/etc/selinux/config文件SELINUX=enforcing修改成SELINUX=disable，重启服务器。再试。修改后的selinux

[root@node4 ~]# /usr/sbin/sestatus -v
SELinux status:                 disabled
1
2

问题3：firewall（iptables端口开放）

关闭selinux之后，仍然无法访问页面，再查看iptables防火墙的设置。

[root@node4 sbin]# firewall-cmd --state
running
[root@node4 sbin]# firewall-cmd --get-service
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
1
2
3
4

增加50070端口到允许，重启防火墙服务。

[root@node4 sbin]# firewall-cmd --zone=public --add-port=50070/tcp --permanent
success
[root@node4 sbin]# firewall-cmd --reload
success
1
2
3
4

处理结果

页面可以访问了