hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Esteban Gutierrez <este...@cloudera.com>
Subject Re: HBase replication on secured clusters
Date Mon, 01 Aug 2016 23:27:32 GMT
Hi,

Assuming your both clusters have the proper cross realm authentication and
ZK and ZooKeeper has the right zookeeper.security.auth_to_local rules
configured (same as the ones from Hadoop) you shouldn't have that problem.
Also, your krb5. should have the proper mappings between hostnames and
realms in the [domain_realm] section.

cheers,
esteban.


--
Cloudera, Inc.


On Mon, Aug 1, 2016 at 11:34 AM, maychau <phuong.chau@thomsonreuters.com>
wrote:

> Hello everyone,
>
> I'm trying to write a Scala application to test HBase replication on
> secured
> (Kerberized) clusters. I'm using Cloudera CDH5.5.2 version. My keytab is
> hbase user. The program did pickup the keytab and is able to log in with it
> based on INFO message, however I'm getting error "KeeperErrorCode = NoAuth
> for /hbase/replication/peers". Does anyone know why it is not able to
> access
> that znode using hbase keytab even though I believe it should be able to as
> that work through hbase zkcli shell client.
>
>   def main(args: Array[String]) {
>    val conf = HBaseConfiguration.create()
>
>    val keytab = "path_to_hbase.keytab"
>    val principle = "<actual_hbase_principle_here>"
>    System.setProperty("java.security.auth.login.config",
> "path_to_jaas.conf_file");
>
>    UserGroupInformation.setConfiguration(conf)
>    UserGroupInformation.loginUserFromKeytab(principle, keytab)
>
>   val connection = ConnectionFactory.createConnection(conf)
>
>   //FAILED HERE WHEN TRYING TO CONNECT TO ZK TO GET CHILDREN NODE
>   val replAdmin = new ReplicationAdmin(conf)
>  }
>
> [main] INFO org.apache.hadoop.security.UserGroupInformation - Login
> successful for user <KEYTABUSER> using keytab file <path_to_hbase.keytab>
>
> [main-EventThread] INFO org.apache.zookeeper.ClientCnxn - EventThread shut
> down
> Exception in thread "main" java.io.IOException: Error initializing the
> replication admin client.
>         at
>
> org.apache.hadoop.hbase.client.replication.ReplicationAdmin.<init>(ReplicationAdmin.java:151)
>         at com.thomsonreuters.bigdata.HbaseTest$.main(HbaseTest.scala:201)
>         at com.thomsonreuters.bigdata.HbaseTest.main(HbaseTest.scala)
> Caused by: org.apache.hadoop.hbase.replication.ReplicationException: Error
> getting the list of peer clusters.
>         at
>
> org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.addExistingPeers(ReplicationPeersZKImpl.java:361)
>         at
>
> org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.init(ReplicationPeersZKImpl.java:104)
>         at
>
> org.apache.hadoop.hbase.client.replication.ReplicationAdmin.<init>(ReplicationAdmin.java:132)
>         ... 2 more
> Caused by: org.apache.zookeeper.KeeperException$NoAuthException:
> KeeperErrorCode = NoAuth for /hbase/replication/peers
>         at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
>         at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
>         at org.apache.zookeeper.ZooKeeper.getChildren(ZooKeeper.java:1472)
>         at
>
> org.apache.hadoop.hbase.zookeeper.RecoverableZooKeeper.getChildren(RecoverableZooKeeper.java:296)
>         at
>
> org.apache.hadoop.hbase.zookeeper.ZKUtil.listChildrenNoWatch(ZKUtil.java:575)
>         at
>
> org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.addExistingPeers(ReplicationPeersZKImpl.java:359)
>         ... 4 more
>
> Thank you
>
>
>
> --
> View this message in context:
> http://apache-hbase.679495.n3.nabble.com/HBase-replication-on-secured-clusters-tp4081486.html
> Sent from the HBase User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message