ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roberta Marton <roberta.mar...@esgyn.com>
Subject RE: Trying to create hbase tables after enabling Kerberos with Ambari
Date Mon, 21 Mar 2016 20:40:28 GMT
Thanks for your suggestion.  My property settings did have the second rule
defined but not the first.

However, it did not seem to help.

I tried setting the rule several other ways but nothing seems to work.  I
still get the same behavior.



   Roberta



*From:* Robert Levas [mailto:rlevas@hortonworks.com]
*Sent:* Monday, March 21, 2016 11:21 AM
*To:* user@ambari.apache.org
*Subject:* Re: Trying to create hbase tables after enabling Kerberos with
Ambari



Hi Roberta…



It seems like you need an auth-to-local run set up to translate
trafodion-robertaCluster@TRAFKDC.COM to trafodion.



To can do this by editing the hadoop.security.auth_to_local property under
HDFS->Configs->Advanced->Advanced core-site.



Adding the following rule should do the trick:



RULE:[1:$1@$0](.*-robertaCluster@TRAFKDC.COM)s/-robertaCluster@.*//



You will need to add this rule to the ruleset before/above less general
rules like



RULE:[1:$1@$0](.*@TRAFKDC.COM)s/@.*//



After adding this rule, save the config and restart the recommended
services.



I hope this helps,



Rob







*From: *Roberta Marton <roberta.marton@esgyn.com>
*Reply-To: *"user@ambari.apache.org" <user@ambari.apache.org>
*Date: *Monday, March 21, 2016 at 2:08 PM
*To: *"user@ambari.apache.org" <user@ambari.apache.org>
*Subject: *Trying to create hbase tables after enabling Kerberos with Ambari



I am trying to install Kerberos on top of my Hortonworks installation.  I
have tried this with both versions 2.2 and 2.3 and get similar results.

After I enable Kerberos, I create a Linux user called trafodion and grant
this user all HBase permissions.

I connect as trafodion but get permission errors when I try to create a
table.



Details:



[trafodion@myhost ~]$ whoami

trafodion



[trafodion@myhost ~]$ klist

Ticket cache: FILE:/tmp/krb5cc_503

Default principal: trafodion-robertaCluster@TRAFKDC.COM



Valid starting     Expires            Service principal

03/21/16 16:39:33  03/22/16 16:39:33  krbtgt/TRAFKDC.COM@TRAFKDC.COM

        renew until 03/21/16 16:39:33



hbase shell



hbase(main):002:0> whoami

trafodion-robertaCluster@TRAFKDC.COM(auth:KERBEROS)OIw

2016-03-21 17:06:22,925 WARN  [main] security.UserGroupInformation: No
groups available for user trafodion-robertaCluster



hbase(main):003:0> user_permission

User                            Table,Family,Qualifier:Permission

trafodion                      hbase:acl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]

ambari-qa                      hbase:acl,,: [Permission:
actions=READ,WRITE,EXEC,CREATE,ADMIN]

2 row(s) in 1.7630 seconds



hbase(main):004:0> create 't1', 'f1', 'f2'



ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
permissions for user 'trafodion-robertaCluster' (global, action=CREATE)



I am able to perform ‘user_permission’ but not ‘create’



Any suggestion on how to proceed?



    Roberta

Mime
View raw message