hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Demai Ni <nid...@gmail.com>
Subject Re: HBase 0.94.3 with ACL RS won't start
Date Fri, 20 Jun 2014 17:21:47 GMT
hi, Andrew,

I didn't setup the keytabs as the current setup is using a firewall instead
of kerberos. so only use the authorization feature of hbase, and not
authentication at this moment. A long story about why. :-(

Anyway, I got a tip here
http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH4/4.3.0/CDH4-Security-Guide/cdh4sg_topic_8_2.html
and add this property on hbase-site.xml (I think that is different between
94 and 98)

<property>
     <name>hbase.rpc.engine</name>
     <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>
</property>

And now hbase can start and I am able to grant auth like:
----------
hbase(main):004:0> grant 'dn','R','t1_dn'
0 row(s) in 0.0700 seconds

hbase(main):005:0> user_permission 't1_dn'
User
Table,Family,Qualifier:Permission
 demai                                   t1_dn,,: [Permission:
actions=READ,WRITE]
 dn                                      t1_dn,,: [Permission: actions=READ]

---------

Demai


On Fri, Jun 20, 2014 at 10:11 AM, Andrew Purtell <apurtell@apache.org>
wrote:

> Have you set up keytabs for the server processes?
>
>
> On Thu, Jun 19, 2014 at 9:40 PM, Demai Ni <nidmgg@gmail.com> wrote:
>
> > hi, folks,
> >
> > I am able to recreate the same error on another single node cluster.
> >
> > RS log pasted here: http://pastebin.com/iP9Mrz2T
> > and
> > hbase-site.xml is here: http://pastebin.com/ppnqfwGR
> >
> > the only thing changes is by adding the following property per
> > http://hbase.apache.org/book/hbase.accesscontrol.configuration.html
> >    <property>
> >      <name>hbase.coprocessor.master.classes</name>
> >
> >  <value>org.apache.hadoop.hbase.security.access.AccessController</value>
> >        </property>
> >        <property>
> >        <name>hbase.coprocessor.region.classes</name>
> >          <value>org.apache.hadoop.hbase.security.token.TokenProvider,
> >
>  org.apache.hadoop.hbase.security.access.AccessController</value>
> >    </property>
> >
> > the same setting works on another hbase 98.2 cluster. So I am wondering
> > what's missing here.
> >
> > BTW, I didn't follow the instruction here:
> > http://hbase.apache.org/book/zk.sasl.auth.html for zookeeper as no
> > Authentication is needed on this cluster.
> >
> > Any suggestion or pointers?
> >
> > Demai
> >
> >
> > On Thu, Jun 19, 2014 at 2:59 PM, Enoch Hsu <ehsu@us.ibm.com> wrote:
> >
> > >
> > >
> > > Hi All,
> > >
> > > I am running HBase 0.94.3 and trying to get ACL working on a single
> node
> > > cluster. I followed the steps in
> > > http://hbase.apache.org/book/hbase.accesscontrol.configuration.html
> step
> > > 8.4.3 and added those 2 properties to my hbase-site.xml
> > > After stopping and starting hbase, my regionserver is dying with
> > following
> > > error/stack trace
> > >
> > > 2014-06-19 14:51:00,430 WARN
> > > org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler:
> Exception
> > > running postOpenDeployTasks; region=1028785192
> > > org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException:
> > Failed
> > > 1 action: org.apache.hadoop.hbase.security.AccessDeniedException:
> > > Insufficient permissions (table=-ROOT-, family: info, action=WRITE)
> > >         at
> > >
> >
> org.apache.hadoop.hbase.security.access.AccessController.requirePermission
> > > (AccessController.java:471)
> > >         at
> > org.apache.hadoop.hbase.security.access.AccessController.prePut
> > > (AccessController.java:878)
> > >         at
> > > org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.prePut
> > > (RegionCoprocessorHost.java:800)
> > >         at
> org.apache.hadoop.hbase.regionserver.HRegion.doPreMutationHook
> > > (HRegion.java:2046)
> > >         at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate
> > > (HRegion.java:2022)
> > >         at org.apache.hadoop.hbase.regionserver.HRegionServer.multi
> > > (HRegionServer.java:3573)
> > >         at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
> > >         at sun.reflect.DelegatingMethodAccessorImpl.invoke
> > > (DelegatingMethodAccessorImpl.java:37)
> > >         at java.lang.reflect.Method.invoke(Method.java:611)
> > >         at org.apache.hadoop.hbase.ipc.WritableRpcEngine$Server.call
> > > (WritableRpcEngine.java:364)
> > >         at org.apache.hadoop.hbase.ipc.HBaseServer$Handler.run
> > > (HBaseServer.java:1426)
> > > : 1 time, servers with issues: bdvm081.svl.ibm.com:60020,
> > >         at org.apache.hadoop.hbase.client.HConnectionManager
> > > $HConnectionImplementation.processBatchCallback
> > > (HConnectionManager.java:1624)
> > >         at org.apache.hadoop.hbase.client.HConnectionManager
> > > $HConnectionImplementation.processBatch(HConnectionManager.java:1400)
> > >         at org.apache.hadoop.hbase.client.HTable.flushCommits
> > > (HTable.java:915)
> > >         at org.apache.hadoop.hbase.client.HTable.doPut(HTable.java:771)
> > >         at org.apache.hadoop.hbase.client.HTable.put(HTable.java:746)
> > >         at org.apache.hadoop.hbase.catalog.MetaEditor.put
> > > (MetaEditor.java:99)
> > >         at org.apache.hadoop.hbase.catalog.MetaEditor.putToCatalogTable
> > > (MetaEditor.java:89)
> > >         at org.apache.hadoop.hbase.catalog.MetaEditor.updateLocation
> > > (MetaEditor.java:260)
> > >         at
> org.apache.hadoop.hbase.catalog.MetaEditor.updateMetaLocation
> > > (MetaEditor.java:222)
> > >         at
> > > org.apache.hadoop.hbase.regionserver.HRegionServer.postOpenDeployTasks
> > > (HRegionServer.java:1757)
> > >         at
> org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler
> > > $PostOpenDeployTasksThread.run(OpenRegionHandler.java:242)
> > >
> > > Any ideas on what is causing this and how to fix?
> > >
> > > I also tried adding hbase.superuser but that also did not work.
> > >
> > > Thanks,
> > > Enoch Hsu
> >
>
>
>
> --
> Best regards,
>
>    - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message