Return-Path: X-Original-To: apmail-hbase-user-archive@www.apache.org Delivered-To: apmail-hbase-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7E4D518412 for ; Thu, 27 Aug 2015 16:24:36 +0000 (UTC) Received: (qmail 64318 invoked by uid 500); 27 Aug 2015 16:24:34 -0000 Delivered-To: apmail-hbase-user-archive@hbase.apache.org Received: (qmail 64251 invoked by uid 500); 27 Aug 2015 16:24:34 -0000 Mailing-List: contact user-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hbase.apache.org Delivered-To: mailing list user@hbase.apache.org Received: (qmail 64237 invoked by uid 99); 27 Aug 2015 16:24:33 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Aug 2015 16:24:33 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 7DBB0EEB24 for ; Thu, 27 Aug 2015 16:24:33 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.151 X-Spam-Level: *** X-Spam-Status: No, score=3.151 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id VFM-Tu3DgLUj for ; Thu, 27 Aug 2015 16:24:23 +0000 (UTC) Received: from mail-yk0-f174.google.com (mail-yk0-f174.google.com [209.85.160.174]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 93C8620D7B for ; Thu, 27 Aug 2015 16:24:22 +0000 (UTC) Received: by ykfw73 with SMTP id w73so25475185ykf.3 for ; Thu, 27 Aug 2015 09:24:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=62VVYWdZh4Lgirw6FfzQ8zvbyEtOJFVuZenuSEBEhcE=; b=Lhi4jheQ/4EblzoKVhcEccyVscJzK6N3cZapIWdq/qY+ZJv93aHpYcNtrakTYrpG+S IFqpms82fSuomLNw/KgYpyFVkuTGVxUQBoKXHNSGRUqSGC8EDaGNloDopHzeOYZBCcC0 LNyPq9mA3lDEQzBoX16fhB8BUasGyeiAPEFno9XQLQgbasgSW2aQHFpEKsTBhZtjG7rH OfPVn5fyNQu6yUv5+xLL/ko9o7MWJY19IjrVXyXuTsZWIBplsgzDh0Fv/qICFVGtSCme X3+qYaU05XfdLSkGOrNdF2DNZwiJvRCqeXpcavKx2++ojFkjt6c0F+PTzBe9D5EfnDeP gHPg== X-Received: by 10.170.146.213 with SMTP id n204mr4102504ykc.104.1440692661491; Thu, 27 Aug 2015 09:24:21 -0700 (PDT) MIME-Version: 1.0 Received: by 10.129.44.66 with HTTP; Thu, 27 Aug 2015 09:24:02 -0700 (PDT) In-Reply-To: References: From: anil gupta Date: Thu, 27 Aug 2015 09:24:02 -0700 Message-ID: Subject: Re: Problem with HBase + Kerberos To: "user@hbase.apache.org" Content-Type: multipart/alternative; boundary=001a1139fa88519e10051e4d66f7 --001a1139fa88519e10051e4d66f7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Maybe, this is related to some Ambari setup? Can you also ask on Ambari mailing list. IMO, secure HBase cluster connectivity has been working in HBase for a very long time. On Thu, Aug 27, 2015 at 12:48 AM, Lo=C3=AFc Chanel wrote: > I did not, but as I Kerberized my cluster with Ambari, it did the mandato= ry > modifications. > > Lo=C3=AFc CHANEL > Engineering student at TELECOM Nancy > Trainee at Worldline - Villeurbanne > > 2015-08-27 1:17 GMT+02:00 Laurent H : > > > Do you change some stuff in your hbase-site.xml when you've installed > > Kerberos ? > > > > -- > > Laurent HATIER - Consultant Big Data & Business Intelligence chez > CapGemini > > fr.linkedin.com/pub/laurent-hatier/25/36b/a86/ > > > > > > 2015-08-21 9:44 GMT+02:00 Lo=C3=AFc Chanel : > > > > > Sorry if I didn't mention that, but yeah, I ran kinit before invoking > > hbase > > > shell, and klists command says that my user has a ticket. > > > [root@host /]# klist > > > Ticket cache: FILE:/tmp/krb5cc_0 > > > Default principal: testuser@REALM > > > > > > Valid starting Expires Service principal > > > 08/21/15 09:39:33 08/22/15 09:39:33 krbtgt/REALM@REALM > > > renew until 08/21/15 09:39:33 > > > > > > > > > Lo=C3=AFc CHANEL > > > Engineering student at TELECOM Nancy > > > Trainee at Worldline - Villeurbanne > > > > > > 2015-08-21 6:12 GMT+02:00 anil gupta : > > > > > > > Did you run kinit command before invoking "hbase shell"? What does > > klist > > > > command says? > > > > > > > > On Thu, Aug 20, 2015 at 6:47 AM, Lo=C3=AFc Chanel < > > > loic.chanel@telecomnancy.net > > > > > > > > > wrote: > > > > > > > > > By the way, as this may help to find my issue, I just tested typi= ng > > > > *whoami > > > > > *in HBase shell : this returned me exactly what it should : > > > > > testuser@REALM (auth:KERBEROS) > > > > > groups: nobody, toast > > > > > > > > > > Lo=C3=AFc CHANEL > > > > > Engineering student at TELECOM Nancy > > > > > Trainee at Worldline - Villeurbanne > > > > > > > > > > 2015-08-20 15:17 GMT+02:00 Lo=C3=AFc Chanel < > loic.chanel@telecomnancy.net > > >: > > > > > > > > > > > Nothing more with your option :/ > > > > > > > > > > > > Lo=C3=AFc CHANEL > > > > > > Engineering student at TELECOM Nancy > > > > > > Trainee at Worldline - Villeurbanne > > > > > > > > > > > > 2015-08-20 15:04 GMT+02:00 Lo=C3=AFc Chanel < > > loic.chanel@telecomnancy.net > > > >: > > > > > > > > > > > >> I'm using HDP 2.2.4.2, with HBase 0.98.4.2.2. > > > > > >> I have unlimited strength JCE installed. > > > > > >> > > > > > >> I'll try to have more clues with this option. > > > > > >> > > > > > >> Lo=C3=AFc CHANEL > > > > > >> Engineering student at TELECOM Nancy > > > > > >> Trainee at Worldline - Villeurbanne > > > > > >> > > > > > >> 2015-08-20 14:58 GMT+02:00 Ted Yu : > > > > > >> > > > > > >>> Which hbase / hadoop release are you using ? > > > > > >>> > > > > > >>> Running with -Dsun.security.krb5.debug=3Dtrue will provide mo= re > > clue. > > > > > >>> > > > > > >>> Do you have unlimited strength JCE installed ? > > > > > >>> > > > > > >>> Cheers > > > > > >>> > > > > > >>> On Thu, Aug 20, 2015 at 5:46 AM, Lo=C3=AFc Chanel < > > > > > >>> loic.chanel@telecomnancy.net> > > > > > >>> wrote: > > > > > >>> > > > > > >>> > Hi all, > > > > > >>> > > > > > > >>> > Since I kerberized my cluster, it seems like I can't use > HBase > > > > > anymore > > > > > >>> ... > > > > > >>> > For example, executing create 'toto','titi' on HBase shell > > > results > > > > > in > > > > > >>> the > > > > > >>> > printing of this line endlessly : > > > > > >>> > WARN [main] security.UserGroupInformation: Not attempting = to > > > > > re-login > > > > > >>> > since the last re-login was attempted less than 600 seconds > > > before. > > > > > >>> > > > > > > >>> > And nothing else happens. > > > > > >>> > I tried to restart HDFS and HBase, and to re-generate > > credentials > > > > and > > > > > >>> > keytabs, but nothing changed. > > > > > >>> > As for the logs, they are not very explicits, as the only > thing > > > > they > > > > > >>> say > > > > > >>> > (and keep saying) is : > > > > > >>> > > > > > > >>> > 2015-08-20 13:50:12,697 DEBUG [RpcServer.reader=3D2,port=3D= 60000] > > > > > >>> > ipc.RpcServer: Created SASL server with mechanism =3D GSSAP= I > > > > > >>> > 2015-08-20 13:50:12,698 DEBUG [RpcServer.reader=3D2,port=3D= 60000] > > > > > >>> > ipc.RpcServer: Have read input token of size 650 for > processing > > > by > > > > > >>> > saslServer.evaluateResponse() > > > > > >>> > 2015-08-20 13:50:12,704 DEBUG [RpcServer.reader=3D2,port=3D= 60000] > > > > > >>> > ipc.RpcServer: Will send token of size 108 from saslServer. > > > > > >>> > 2015-08-20 13:50:12,706 DEBUG [RpcServer.reader=3D2,port=3D= 60000] > > > > > >>> > ipc.RpcServer: Have read input token of size 0 for processi= ng > > by > > > > > >>> > saslServer.evaluateResponse() > > > > > >>> > 2015-08-20 13:50:12,707 DEBUG [RpcServer.reader=3D2,port=3D= 60000] > > > > > >>> > ipc.RpcServer: Will send token of size 32 from saslServer. > > > > > >>> > 2015-08-20 13:50:12,708 DEBUG [RpcServer.reader=3D2,port=3D= 60000] > > > > > >>> > ipc.RpcServer: RpcServer.listener,port=3D60000: DISCONNECTI= NG > > > client > > > > > >>> > 192.168.6.148:43014 because read count=3D-1. Number of acti= ve > > > > > >>> connections: 3 > > > > > >>> > > > > > > >>> > Do anyone has an idea about where this might come from, or > how > > to > > > > > >>> solve it > > > > > >>> > ? Because I couldn't find much documentation about this. > > > > > >>> > Thanks in advance for your help ! > > > > > >>> > > > > > > >>> > > > > > > >>> > Lo=C3=AFc > > > > > >>> > > > > > > >>> > Lo=C3=AFc CHANEL > > > > > >>> > Engineering student at TELECOM Nancy > > > > > >>> > Trainee at Worldline - Villeurbanne > > > > > >>> > > > > > > >>> > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Thanks & Regards, > > > > Anil Gupta > > > > > > > > > > --=20 Thanks & Regards, Anil Gupta --001a1139fa88519e10051e4d66f7--