Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5BC9E200B13 for ; Wed, 15 Jun 2016 16:26:52 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 5A98F160A4D; Wed, 15 Jun 2016 14:26:52 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A2ABB160A19 for ; Wed, 15 Jun 2016 16:26:51 +0200 (CEST) Received: (qmail 56001 invoked by uid 500); 15 Jun 2016 14:26:50 -0000 Mailing-List: contact user-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hbase.apache.org Delivered-To: mailing list user@hbase.apache.org Received: (qmail 55988 invoked by uid 99); 15 Jun 2016 14:26:49 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Jun 2016 14:26:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 82E031A0C84 for ; Wed, 15 Jun 2016 14:26:49 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.18 X-Spam-Level: * X-Spam-Status: No, score=1.18 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id NvjITiPmaIlp for ; Wed, 15 Jun 2016 14:26:45 +0000 (UTC) Received: from mail-qk0-f174.google.com (mail-qk0-f174.google.com [209.85.220.174]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with ESMTPS id 7078C5F2F2 for ; Wed, 15 Jun 2016 14:26:44 +0000 (UTC) Received: by mail-qk0-f174.google.com with SMTP id p10so19153421qke.3 for ; Wed, 15 Jun 2016 07:26:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=MGUK3FIay/3QNgsAl8bKVWVa1BW22PinpwW6Tya3cUE=; b=vtJ5KhFfa9jN53rjqnzF0a/66q6TNAZqYvCRpJ6K3ZhOdTSpCPTV2E/e1x6hKw8FE8 eMkGoLh+/FSQJlUQYcx6W+f1eSYZ+Qulk7M9uqYBpBZr2zysmuoW5u0fDN+NxceR26MO W5wJ/wRIf9lrG3+5jaM0E7bQnLhdpUvOEgBiyucAIC7KjXyIpL+Xk4EbhRCGIvC/icMa mfVg8MtmmEObyBnAV+bYjQHoPicHBDspWnNDVOTpp0CA+sU9H4pBzO157ZnQICXKnzGZ ukytIilQ6JmfcmcWAOWrQ+C1z4I7KwUd8PiJsKbjg6mSZTVRYRjKC/lSHVl26kFtDP6d yw9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=MGUK3FIay/3QNgsAl8bKVWVa1BW22PinpwW6Tya3cUE=; b=Ox4gi0q0FaJNyU3mOFBH59/NJaV4GNxtvMu+m2ZltQZPhLXvuttfQ32NDwb/5U6Aiz JNRiMsQBkz83evqsl7+6WpwMQ5x9O/E0kMPLaQ727xBTGEswqJIsdEBXCXOmYzUwsfOt o8gFT2G6DIrUoVG9C5FR2Byvc+gJqNAeUZdSLJs0OcvofvHxK+yugnLsvu3at7afAKzH 119PhqBxz4c7YQoTK5YjxQ1uTWL9R4PALP/cZ0IyOS6jNMqS4RmJMESCTTdnNchlvcQn vN0AU/cmgl/TTT0jogO4PBCrgz/kymUSGECFQ8YVmQbYOAiJFsUIcZ9sy1n+oTMcejxQ BDdA== X-Gm-Message-State: ALyK8tLoWfGoRyNWF6z+9sxEaa849iGDu/EnZZzOuPGyw97pTIurNyCDHHVRAFKKsDfdejW94Q/vzV4EX6GKvw== X-Received: by 10.129.57.6 with SMTP id g6mr5930756ywa.13.1466000803258; Wed, 15 Jun 2016 07:26:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.37.151 with HTTP; Wed, 15 Jun 2016 07:26:42 -0700 (PDT) In-Reply-To: References: From: Ted Yu Date: Wed, 15 Jun 2016 07:26:42 -0700 Message-ID: Subject: Re: HBase acl commands are too slow To: "user@hbase.apache.org" Content-Type: multipart/alternative; boundary=001a114c6bde1e68e7053551e930 archived-at: Wed, 15 Jun 2016 14:26:52 -0000 --001a114c6bde1e68e7053551e930 Content-Type: text/plain; charset=UTF-8 Have you looked at http://hbase.apache.org/book.html#security ? I noticed that DEBUG logging was not on in the log you posted earlier. Is it possible to turn on DEBUG logging and repeat the operation ? Thanks On Wed, Jun 15, 2016 at 2:12 AM, kumar r wrote: > Hi Ted, > > Thanks for your reply. > > I cannot find anything in configuration. Can you tell me what might be root > cause for this issue? > > What will be major cause for acl command taking more than 30 seconds to > process. I cannot find anything other than this in hbase log. Is there any > documentation available to secure zookeeper and hbase with kerberos > properly? > > The same log occurs in normal cluster also and i have enabled > authorization. The same authorization command runs in 5 to 6 seconds. > > Thanks, > Kumar > > On Tue, Jun 14, 2016 at 7:59 PM, Ted Yu wrote: > > > bq. Opening socket connection to server machine2/192.168.60.3:2181. > Will > > not attempt to authenticate using SASL (unknown error) > > > > It seems connection to zookeeper might have some issue. > > Can you double check configuration ? > > > > On Mon, Jun 13, 2016 at 11:56 PM, kumar r wrote: > > > > > Hi, > > > > > > Thanks for the reply. > > > > > > Please find the command and time took to process it, > > > > > > > > > > > > > > > > > > *hbase(main):006:0> grant 'Selva','RW','@default'0 row(s) in 11.8830 > > > secondshbase(main):007:0> revoke 'Selva','@default'0 row(s) in 32.4330 > > > seconds* > > > > > > Find my HBase log in below pastebin > > > > > > http://pastebin.com/MHMjhHuF > > > > > > > > > Thanks, > > > > > > Kumar > > > > > > > > > On Mon, Jun 13, 2016 at 7:42 PM, Ted Yu wrote: > > > > > > > Can you inspect master log for the corresponding 40 seconds to see if > > > there > > > > was some clue ? > > > > > > > > Feel free to pastebin the log snippet for this period if you cannot > > > > determine the cause. > > > > > > > > Cheers > > > > > > > > On Sun, Jun 12, 2016 at 10:19 PM, kumar r > wrote: > > > > > > > > > Hi, > > > > > > > > > > I have configured secure HBase-1.1.3. Hadoop version using 2.7.2. > > > > > > > > > > I have enabled authorization in HBase. > > > > > > > > > > When executing any authorization command like user_permission, > grant, > > > > > revoke, > > > > > etc. > > > > > > > > > > Its getting more than 40 seconds to display the result. > > > > > > > > > > Below are hbase-site.xml configuration properties > > > > > > > > > > > > > > > > > > > > hbase.master > > > > > IP:60000 > > > > > > > > > > > > > > > hbase.rootdir > > > > > hdfs://IP:9000/HBase > > > > > > > > > > > > > > > hbase.cluster.distributed > > > > > true > > > > > > > > > > > > > > > hbase.zookeeper.quorum > > > > > IP1:2181,IP2:2181,IP3:2181 > > > > > > > > > > > > > > > hbase.master.port > > > > > 60000 > > > > > > > > > > > > > > > hbase.master.info.port > > > > > 60010 > > > > > > > > > > > > > > > hbase.regionserver.port > > > > > 60020 > > > > > > > > > > > > > > > hbase.regionserver.info.port > > > > > 60030 > > > > > > > > > > > > > > > hbase.security.authentication > > > > > KERBEROS > > > > > > > > > > > > > > > hbase.master.keytab.file > > > > > masterkeytab > > > > > > > > > > > > > > > hbase.regionserver.keytab.file > > > > > regionserverkeytab > > > > > > > > > > > > > > > hbase.master.kerberos.principal > > > > > masterprincipal > > > > > > > > > > > > > > > hbase.regionserver.kerberos.principal > > > > > regionserverprincipal > > > > > > > > > > > > > > > hbase.rpc.engine > > > > > org.apache.hadoop.hbase.ipc.SecureRpcEngine > > > > > > > > > > > > > > > hbase.ssl.enabled > > > > > true > > > > > > > > > > > > > > > hbase.superuser > > > > > @HadoopUser > > > > > > > > > > > > > > > hbase.security.authorization > > > > > true > > > > > > > > > > > > > > > hbase.coprocessor.master.classes > > > > > > > > > > > org.apache.hadoop.hbase.security.access.AccessController > > > > > > > > > > > > > > > hbase.coprocessor.region.classes > > > > > > > > > > > > > > > > > > > > org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController > > > > > > > > > > > > > > > Find my stack overflow question here > > > > > > > > > > > > > > > http://stackoverflow.com/questions/37782043/hbase-acl-commands-are-too-slow > > > > > > > > > > Thanks, > > > > > > > > > > Kumar > > > > > > > > > > > > > > > --001a114c6bde1e68e7053551e930--