hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cheney Sun <sun.che...@gmail.com>
Subject Fwd: problem access security hbase
Date Tue, 01 Jul 2014 15:44:44 GMT
Hello all,

I have setup a security hbase/hdfs/zookeeper, which was confirmed and work
normally.
I wrote a Java program to get/put data to a table and package the
core-site.xml / hbase-site.xml (which are obtained from the secure cluster)
into the jar file, and it worked correctly.

But when I removed the core-site.xml and hbase-site.xml from the jar, and
instead, I use the Configuration API to set the relevant settings in the
program as below,
Configuration hbaseConf = HBaseConfiguration.create(hadoopConf);
hbaseConf.set("hbase.zookeeper.quorum","slave-nodex");
hbaseConf.set("hbase.zookeeper.property.clientPort", "2181");
hbaseConf.set("hbase.rpc.engine",
"org.apache.hadoop.hbase.ipc.SecureRpcEngine");
hbaseConf.set("hbase.security.authentication", "kerberos");
hbaseConf.set("hbase.master.kerberos.principal", "hbase/_HOST@HADOOP.COM
<HOST@HADOOP.QIYI.COM>");
hbaseConf.set("hbase.master.keytab.file","/etc/hbase/conf/hbase.keytab");
hbaseConf.set("hbase.regionserver.kerberos.principal", "hbase/_
HOST@HADOOP.COM <HOST@HADOOP.QIYI.COM>");
hbaseConf.set("hbase.regionserver.keytab.file","/etc/hbase/conf/hbase.keytab");
hbaseConf.set("hadoop.security.authentication", "kerberos");
hbaseConf.set("hadoop.security.authorization", "true");

It failed getting authenticated to access to the hbase with the error
message as:
org.apache.hadoop.ipc.RemoteException: Authentication is required
at org.apache.hadoop.hbase.ipc.HBaseClient.call(HBaseClient.java:1021)
~[test-0.0.1-SNAPSHOT-jar-with-dependencies.jar:na]
 at
org.apache.hadoop.hbase.ipc.SecureRpcEngine$Invoker.invoke(SecureRpcEngine.java:164)
~[test-0.0.1-SNAPSHOT-jar-with-dependencies.jar:na]
at com.sun.proxy.$Proxy7.getProtocolVersion(Unknown Source) ~[na:na]

It looks like the settings through API in code doesn't work. Is is a known
issue or am I wrong somewhere?

Thanks,
Cheney

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message