hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Biju N <bijuatapa...@gmail.com>
Subject Re: HBase connection "expiration" on kerberized cluster
Date Mon, 07 Aug 2017 21:08:49 GMT
Hi Sebastien,
   Can you also add these properties in your configuration and give it a
try?

configuration.set("hadoop.security.authentication", "Kerberos");
configuration.set("hbase.security.authentication", "Kerberos");
configuration.set("hbase.master.kerberos.principal", "hbase/_HOST@realm");
<- realm need to be replaced
configuration.set("hbase.regionserver.kerberos.principal",
"hbase/_HOST@realm");

Also eemove

                configuration.set("hbase.client.kerberos.principal",
"myuser@myDomain");
                configuration.set("hbase.client.keytab.file",
"/path/to/myuser/keytab");


On Mon, Aug 7, 2017 at 3:55 AM, schausson <schausson@softera.fr> wrote:

> Hi Sean,
>
> Unfortunately, couldn't solve my issue ...
> Below is the code of my utility class in charge of logging in and creating
> an HBase connection. I added the AuthUtil stuff as suggested in your
> answer,
> but probably missed something :(
>
> My web service basically invokes GetHBaseConnection() method, and uses
> returned connection to read/write data from/to HBase.
> At application startup, everything is fine : it successfully logs in,
> creates the HBase connection and my web service returns proper data.
> The problem comes up if I wait for a long while (> ticket lifetime). Then,
> when I invoke again my web service, I face the previously mentionned
> warnings and get a socket timeout error...
> When I look at the AuthUtil.getAuthChore() source code, it invokes
> ugi.checkTGTAndReloginFromKeytab() and this is also what I do in the
> background thread that I create when logging in (cf
> SpawnAutoRenewalThread()
> method below)
>
> Just to make it clear : in your answer, you wrote "you'll need to provide a
> keytab that HBase can use to renew kerberos access over time.". Does it
> mean
> that I have to provide a specific keytab for hbase or can I use a single
> keytab for everything ?
>
> In the end, should I stop trying to reuse my hbase connection and re-create
> it every time (whatever the heavy cost of re-creating it) ?
>
> Sorry about my "newbie" questions, but I feel really confused about all
> this
> stuff...
>
> Thanks for your help
>
> Sebastien
>
> PS : Note that if I remove hbase requests from my web service and "just"
> perform some HDFS operations (listing files from a folder for instance),
> everything works fine, even if I wait for a long while, so the point is
> hbase related.
>
> ------------------------------------------------
>
> private static Configuration configuration;
> private static boolean loggedOnCluster = false;
> private static Connection connection = null;
> private static ChoreService choreService = null;
>
> private static Configuration GetConfiguration() throws IOException {
>         if (configuration == null) {
>                 configuration = HBaseConfiguration.create();
>                 configuration.set("hbase.client.kerberos.principal",
> "myuser@myDomain");
>                 configuration.set("hbase.client.keytab.file",
> "/path/to/myuser/keytab");
>         }
>         return configuration;
> }
>
>
> public static Connection GetHbaseConnection() {
>         try {
>                 if (!loggedOnCluster) {
>                         Configuration conf = GetConfiguration();
>                         String userAccount = conf.get("hbase.client.
> kerberos.principal");
>                         String keyTabPath = conf.get("hbase.client.keytab.
> file");
>                         UserGroupInformation.setConfiguration(conf);
>                         UserGroupInformation.loginUserFromKeytab(userAccount,
> keyTabPath);
>                         loggedOnCluster = true;
>                         SpawnAutoRenewalThread();
>                 }
>         } catch (IOException e) {
>                 LOGGER.error("!! Error while login in !!");
>                 e.printStackTrace();
>         }
>
>         if (connection == null || connection.isClosed() ||
> connection.isAborted())
> {
>                 try {
>                         final Configuration conf = GetConfiguration();
>                         final ScheduledChore authChore =
> AuthUtil.getAuthChore(conf);
>                         if (authChore != null) {
>                                 choreService = new
> ChoreService("MY_APPLICATION");
>                                 choreService.scheduleChore(authChore);
>                         }
>                         connection = ConnectionFactory.
> createConnection(conf);
>                 } catch (IOException ex) {
>                         LOGGER.error("!! Could not obtain connection to
> HBase !!");
>                         ex.printStackTrace();
>                         connection = null;
>                 }
>         }
>         return connection;
> }
>
> private static void SpawnAutoRenewalThread() throws IOException {
>         Thread t = new Thread(new Runnable() {
>                 @Override
>                 public void run() {
>                         while (true) {
>                                 try {
>                                         UserGroupInformation.
> getLoginUser().checkTGTAndReloginFromKeytab();
>                                 } catch (IOException e1) {
>                                         e1.printStackTrace();
>                                 }
>                                 try {
>                                         Thread.sleep(1800000L);
>                                 } catch (InterruptedException e) {
>                                         e.printStackTrace();
>                                 }
>                         }
>                 }
>         });
>         t.setDaemon(true);
>         t.setName("TGT Renewer for current user" +
> UserGroupInformation.getLoginUser());
>         t.start();
> }
>
>
>
>
> --
> View this message in context: http://apache-hbase.679495.n3.
> nabble.com/HBase-connection-expiration-on-kerberized-
> cluster-tp4089493p4089549.html
> Sent from the HBase User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message