hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anil gupta <anilgupt...@gmail.com>
Subject Re: problem access security hbase
Date Wed, 02 Jul 2014 05:16:07 GMT
Hi Cheney,

If you are using a java client and using kinit way to login then i don't
have much idea about handling long running clients.
We run long running clients using UserGroupInformation to login to cluster.
I dont know the very specifics but it think there is a kerberos setting
where you can setup in such a way that Ticket auto-renews. We run this
client ranging from 2-4 weeks without any problem of security. Hope this
helps.

Thanks,
Anil Gupta


On Tue, Jul 1, 2014 at 7:12 PM, Cheney Sun <sun.cheney@gmail.com> wrote:

> Thanks Gary, Anil.
>
> Add this statement 'UserGroupInformation.setConfiguration(hbaseConf);' can
> resolve the problem.
>
> I'm using the kinit way to login KDC. But I wonder if I switch to calling
> UserGroupInformation.loginFromKeytab() in code, does it need to be
> called periodically for a long running program, since the TGT obtained from
> KDC will expire?
>
> Thanks,
> Cheney
>
>
> On Wed, Jul 2, 2014 at 1:20 AM, Gary Helmling <ghelmling@gmail.com> wrote:
>
> > Hi Cheney,
> >
> > Did you obtain kerberos credentials before running your program, either
> by
> > calling kinit before running the program, or by calling
> > UserGroupInformation.loginFromKeytab() in your code?
> >
> >
> > On Tue, Jul 1, 2014 at 8:44 AM, Cheney Sun <sun.cheney@gmail.com> wrote:
> >
> > > Hello all,
> > >
> > > I have setup a security hbase/hdfs/zookeeper, which was confirmed and
> > work
> > > normally.
> > > I wrote a Java program to get/put data to a table and package the
> > > core-site.xml / hbase-site.xml (which are obtained from the secure
> > cluster)
> > > into the jar file, and it worked correctly.
> > >
> > > But when I removed the core-site.xml and hbase-site.xml from the jar,
> and
> > > instead, I use the Configuration API to set the relevant settings in
> the
> > > program as below,
> > > Configuration hbaseConf = HBaseConfiguration.create(hadoopConf);
> > > hbaseConf.set("hbase.zookeeper.quorum","slave-nodex");
> > > hbaseConf.set("hbase.zookeeper.property.clientPort", "2181");
> > > hbaseConf.set("hbase.rpc.engine",
> > > "org.apache.hadoop.hbase.ipc.SecureRpcEngine");
> > > hbaseConf.set("hbase.security.authentication", "kerberos");
> > > hbaseConf.set("hbase.master.kerberos.principal", "hbase/_
> HOST@HADOOP.COM
> > > <HOST@HADOOP.QIYI.COM>");
> > >
> hbaseConf.set("hbase.master.keytab.file","/etc/hbase/conf/hbase.keytab");
> > > hbaseConf.set("hbase.regionserver.kerberos.principal", "hbase/_
> > > HOST@HADOOP.COM <HOST@HADOOP.QIYI.COM>");
> > >
> > >
> >
> hbaseConf.set("hbase.regionserver.keytab.file","/etc/hbase/conf/hbase.keytab");
> > > hbaseConf.set("hadoop.security.authentication", "kerberos");
> > > hbaseConf.set("hadoop.security.authorization", "true");
> > >
> > > It failed getting authenticated to access to the hbase with the error
> > > message as:
> > > org.apache.hadoop.ipc.RemoteException: Authentication is required
> > > at org.apache.hadoop.hbase.ipc.HBaseClient.call(HBaseClient.java:1021)
> > > ~[test-0.0.1-SNAPSHOT-jar-with-dependencies.jar:na]
> > >  at
> > >
> > >
> >
> org.apache.hadoop.hbase.ipc.SecureRpcEngine$Invoker.invoke(SecureRpcEngine.java:164)
> > > ~[test-0.0.1-SNAPSHOT-jar-with-dependencies.jar:na]
> > > at com.sun.proxy.$Proxy7.getProtocolVersion(Unknown Source) ~[na:na]
> > >
> > > It looks like the settings through API in code doesn't work. Is is a
> > known
> > > issue or am I wrong somewhere?
> > >
> > > Thanks,
> > > Cheney
> > >
> >
>



-- 
Thanks & Regards,
Anil Gupta

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message