kudu 安全连接问题解决

从impala执行创建kudu表的时候,等了很久不见响应,然后查看 master上的kudu 日志,发现WARNING文件中不断添加如下报错

W1128 16:56:55.749083 93981 negotiation.cc:318] Unauthorized connection attempt: Server connection negotiation failed: server connection from 100.73.0.57:42533: unauthenticated connections from publicly routable IPs are prohibited. See --trusted_subnets flag for more information.: 100.73.0.57:42533

然后从kudu的手册之中看到 trusted_subnets 的解释如下

--trusted_subnets

A trusted subnet whitelist. If set explicitly, all unauthenticated or unencrypted connections are prohibited except the ones from the specified address blocks. Otherwise, private network (127.0.0.0/8, etc.) and local subnets of all local network interfaces will be used. Set it to '0.0.0.0/0' to allow unauthenticated/unencrypted connections from all remote IP addresses. However, if network access is not otherwise restricted by a firewall, malicious users may be able to gain unauthorized access.

Type
string
Default
127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16
Tags
evolving,advanced

大概意思 要添加可信的子网ip,不过问题是怎么添加的问题,尝试了下, 是在 gflagfile 的 **** 高级配置代码段(安全阀),添加 –trusted_subnets
然后就被教育了IP的知识,说我添加的不是 CIDR 域名,然后查了一下,终于搞清楚了,比如100.0.0.0/24,这里的24 不是从0到24的意思,而是 32位的ip 里面,其中24位已经用了,剩下的8位子空间可用。三级IP

Leave a comment

Your email address will not be published.

*