kudu 安全连接问题解决

从impala执行创建kudu表的时候,等了很久不见响应,然后查看 master上的kudu 日志,发现WARNING文件中不断添加如下报错

W1128 16:56:55.749083 93981 negotiation.cc:318] Unauthorized connection attempt: Server connection negotiation failed: server connection from unauthenticated connections from publicly routable IPs are prohibited. See --trusted_subnets flag for more information.:

然后从kudu的手册之中看到 trusted_subnets 的解释如下


A trusted subnet whitelist. If set explicitly, all unauthenticated or unencrypted connections are prohibited except the ones from the specified address blocks. Otherwise, private network (, etc.) and local subnets of all local network interfaces will be used. Set it to '' to allow unauthenticated/unencrypted connections from all remote IP addresses. However, if network access is not otherwise restricted by a firewall, malicious users may be able to gain unauthorized access.


大概意思 要添加可信的子网ip,不过问题是怎么添加的问题,尝试了下, 是在 gflagfile 的 **** 高级配置代码段(安全阀),添加 –trusted_subnets
然后就被教育了IP的知识,说我添加的不是 CIDR 域名,然后查了一下,终于搞清楚了,比如100.0.0.0/24,这里的24 不是从0到24的意思,而是 32位的ip 里面,其中24位已经用了,剩下的8位子空间可用。三级IP

Leave a comment

Your email address will not be published.