hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anil Gupta <anilgupt...@gmail.com>
Subject Re: Java Secure Client : Hbase
Date Mon, 12 May 2014 03:38:47 GMT
Hi Gaurav,

Please check my last reply. 
Please don't send multiple emails for the same issue.

Sent from my iPhone

> On May 8, 2014, at 4:52 AM, Gaurav Thakur <gaurav2985@gmail.com> wrote:
> 
> Hi I have a secure java client which fails to connect to hbase.
> 
> Using the same keytab and principal I`m able to use hbase from shell.
> 
> Please see below the code.
> 
> public static void main(String [] args) {
>        try {
>            System.setProperty(CommonConstants.KRB_REALM,
> ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm"));
>            System.setProperty(CommonConstants.KRB_KDC,
> ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc"));
>            System.setProperty(CommonConstants.KRB_DEBUG, "true");
> 
> 
> 
>            final Configuration config = HBaseConfiguration.create();
> 
> 
> config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
> AUTH_KRB);
> 
> config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
> AUTHORIZATION);
> 
> config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY,
> AUTO_CLOSE);
>            config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY,
> defaultFS);
>            config.set("hbase.zookeeper.quorum",
> ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host"));
>            config.set("hbase.zookeeper.property.clientPort",
> ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port"));
>            config.set("hbase.client.retries.number", Integer.toString(0));
>            config.set("zookeeper.session.timeout", Integer.toString(6000));
>            config.set("zookeeper.recovery.retry", Integer.toString(0));
>            config.set("hbase.master",
> "gauravt-namenode.pbi.global.pvt:60000");
>            config.set("zookeeper.znode.parent", "/hbase-secure");
>            config.set("hbase.rpc.engine",
> "org.apache.hadoop.hbase.ipc.SecureRpcEngine");
>            config.set("hbase.security.authentication", AUTH_KRB);
>            config.set("hbase.security.authorization", AUTHORIZATION);
>            config.set("hbase.master.kerberos.principal",
> "hbase/gauravt-namenode.pbi.global.pvt@pbi.global.pvt");
>            config.set("hbase.master.keytab.file",
> "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
>            config.set("hbase.regionserver.kerberos.principal",
> "hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt");
>            config.set("hbase.regionserver.keytab.file",
> "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
> 
>            UserGroupInformation.setConfiguration(config);
>            UserGroupInformation userGroupInformation =
> UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt",
> "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
>            UserGroupInformation.setLoginUser(userGroupInformation);
> 
>            User user = User.create(userGroupInformation);
> 
>            user.runAs(new PrivilegedExceptionAction<Object>() {
> 
>                @Override
>                public Object run() throws Exception {
>                    HBaseAdmin admins = new HBaseAdmin(config);
> 
>                    if(admins.isTableAvailable("ambarismoketest")) {
>                        System.out.println("Table is available");
>                    };
> 
>                    HConnection connection =
> HConnectionManager.createConnection(config);
> 
>                    HTableInterface table =
> connection.getTable("ambarismoketest");
> 
>                    byte [] family = Bytes.toBytes("fammily");
> 
>                    byte [] col01 = Bytes.toBytes("col01");
> 
>                    Scan scan = new Scan();
>                    scan.addColumn(family, col01);
> 
>                    ResultScanner rs = table.getScanner(scan);
> 
>                    for (Result r = rs.next(); r != null; r = rs.next()) {
>                        byte[] valueObj = r.getValue(family, col01);
>                        String value = new String(valueObj);
>                        System.out.println(value);
>                    }
> 
>                    admins.close();
>                    System.out.println(table.get(new Get(null)));
>                    return table.get(new Get(null));
>                }
>            });
> 
> System.out.println(UserGroupInformation.getLoginUser().getUserName());
> 
> 
> 
>            /*HbaseTemplate template = client.getHbaseTemplate();
> 
>            template.find("ambarismoketest", new Scan(), new
> ResultsExtractor() {
> 
>                @Override
>                public Object extractData(ResultScanner results)
>                        throws Exception {
>                    // TODO Auto-generated method stub
>                    return results;
>                }
> 
>            });*/
> 
>        } catch (Exception e) {
>            // TODO Auto-generated catch block
>            e.printStackTrace();
>        }
> 
> I get an exception :
> 
> Caused by:
> org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException):
> GSS initiate failed
>    at
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
>    at
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
>    at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762)
>    at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354)
>    at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883)
>    at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880)
>    at java.security.AccessController.doPrivileged(Native Method)
>    at javax.security.auth.Subject.doAs(Subject.java:396)
>    at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
>    at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)

Mime
View raw message