hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From schausson <schaus...@softera.fr>
Subject Re: HBase connection "expiration" on kerberized cluster
Date Mon, 07 Aug 2017 07:55:36 GMT
Hi Sean,

Unfortunately, couldn't solve my issue ... 
Below is the code of my utility class in charge of logging in and creating
an HBase connection. I added the AuthUtil stuff as suggested in your answer,
but probably missed something :(

My web service basically invokes GetHBaseConnection() method, and uses
returned connection to read/write data from/to HBase.
At application startup, everything is fine : it successfully logs in,
creates the HBase connection and my web service returns proper data.
The problem comes up if I wait for a long while (> ticket lifetime). Then,
when I invoke again my web service, I face the previously mentionned
warnings and get a socket timeout error...
When I look at the AuthUtil.getAuthChore() source code, it invokes
ugi.checkTGTAndReloginFromKeytab() and this is also what I do in the
background thread that I create when logging in (cf SpawnAutoRenewalThread()
method below)

Just to make it clear : in your answer, you wrote "you'll need to provide a
keytab that HBase can use to renew kerberos access over time.". Does it mean
that I have to provide a specific keytab for hbase or can I use a single
keytab for everything ?

In the end, should I stop trying to reuse my hbase connection and re-create
it every time (whatever the heavy cost of re-creating it) ? 

Sorry about my "newbie" questions, but I feel really confused about all this
stuff...

Thanks for your help

Sebastien

PS : Note that if I remove hbase requests from my web service and "just"
perform some HDFS operations (listing files from a folder for instance),
everything works fine, even if I wait for a long while, so the point is
hbase related.

------------------------------------------------

private static Configuration configuration;
private static boolean loggedOnCluster = false;
private static Connection connection = null;
private static ChoreService choreService = null;
	
private static Configuration GetConfiguration() throws IOException {
	if (configuration == null) {
		configuration = HBaseConfiguration.create();
		configuration.set("hbase.client.kerberos.principal", "myuser@myDomain");
		configuration.set("hbase.client.keytab.file", "/path/to/myuser/keytab");
	}
	return configuration;
}


public static Connection GetHbaseConnection() {
	try {
		if (!loggedOnCluster) {
			Configuration conf = GetConfiguration();
			String userAccount = conf.get("hbase.client.kerberos.principal");
			String keyTabPath = conf.get("hbase.client.keytab.file");
			UserGroupInformation.setConfiguration(conf);
			UserGroupInformation.loginUserFromKeytab(userAccount, keyTabPath);
			loggedOnCluster = true;
			SpawnAutoRenewalThread();
		}
	} catch (IOException e) {
		LOGGER.error("!! Error while login in !!");
		e.printStackTrace();
	}

	if (connection == null || connection.isClosed() || connection.isAborted())
{
		try {
			final Configuration conf = GetConfiguration();
			final ScheduledChore authChore = AuthUtil.getAuthChore(conf);
			if (authChore != null) {
				choreService = new ChoreService("MY_APPLICATION");
				choreService.scheduleChore(authChore);
			}
			connection = ConnectionFactory.createConnection(conf);
		} catch (IOException ex) {
			LOGGER.error("!! Could not obtain connection to HBase !!");
			ex.printStackTrace();
			connection = null;
		}
	}      	
	return connection;
}

private static void SpawnAutoRenewalThread() throws IOException {
	Thread t = new Thread(new Runnable() {
		@Override
		public void run() {
			while (true) {
				try {
					UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
				} catch (IOException e1) {
					e1.printStackTrace();
				}
				try {
					Thread.sleep(1800000L);
				} catch (InterruptedException e) {
					e.printStackTrace();
				}
			}
		}
	});
	t.setDaemon(true);
	t.setName("TGT Renewer for current user" +
UserGroupInformation.getLoginUser());
	t.start();
}




--
View this message in context: http://apache-hbase.679495.n3.nabble.com/HBase-connection-expiration-on-kerberized-cluster-tp4089493p4089549.html
Sent from the HBase User mailing list archive at Nabble.com.

Mime
View raw message