启用kerberos时无法连接到hbase

zsbz8rwp  于 2021-05-29  发布在  Hadoop
关注(0)|答案(2)|浏览(525)

我启用了kerberos来保护hadoop,并为主体生成了密钥选项卡test@example.com 并在执行kinit-k-t test.keytab时使用hbase shell-grant命令提供测试用户rx(read-execute)权限test@example.com
一切正常,我正在尝试做同样的事情,比如使用下面的代码通过java代码/java客户机读取表

System.setProperty("java.security.krb5.realm", "EXAMPLE.COM");
        System.setProperty("java.security.krb5.kdc", "D-9539.mydomain.com");
        //System.setProperty("sun.security.krb5.debug", "true");

    Configuration config = HBaseConfiguration.create();
    config.set("hadoop.security.authentication", "Kerberos");
    config.set("hbase.security.authentication", "kerberos");
    UserGroupInformation.setConfiguration(config);
    config.set("hbase.zookeeper.quorum", "D-9539.mydomain.com");
    config.setInt("zookeeper.recovery.retry",1);
    config.set("zookeeper.znode.parent","/hbase-secure");
    config.set("hbase.client.retries.number", Integer.toString(2));
    config.set("zookeeper.session.timeout", Integer.toString(60000));
      UserGroupInformation userGroupInformation = UserGroupInformation.loginUserFromKeytabAndReturnUGI("mohanv@EXAMPLE.COM", "D:\\mohanv.keytab" );
      //UserGroupInformation userGroupInformation = UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase-D9539@EXAMPLE.COM", "/Users/guest/Work/workspace/hbase.headless.keytab" );
    UserGroupInformation.setLoginUser(userGroupInformation);
    Connection conn = ConnectionFactory.createConnection(config);
    TableName tablename=TableName.valueOf("tweetTest2");
    Table table = conn.getTable(tablename);
    Get get=new Get(Bytes.toBytes("row1")) ;
    get.addFamily(Bytes.toBytes("twt"));

    System.out.println(Bytes.toString(table.get(get).getRow()));

但是得到

org.apache.hadoop.hbase.client.RetriesExhaustedException:

然后

clientClosingConnectionException
djmepvbi

djmepvbi1#

您需要在配置中设置以下属性。区域服务器和主服务器的exat值可以从conf/hbase-site.xml获得。检查相关属性

//what principal the master/region. servers use.
    config.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@FIELD.HORTONWORKS.COM"); 
    config.set("hbase.regionserver.keytab.file", "src/hbase.service.keytab"); 

    // this is needed even if you connect over rpc/zookeeper
    config.set("hbase.master.kerberos.principal", "hbase/_HOST@FIELD.HORTONWORKS.COM"); 
    config.set("hbase.master.keytab.file", "src/hbase.service.keytab");

请参阅此处

f4t66c6m

f4t66c6m2#

我相信您还需要在hbase配置中设置服务主体。必须存在以下属性,并为您的hbase主服务器和区域服务器配置服务主体: hbase.master.kerberos.principal hbase.regionserver.kerberos.principal 另一种方法是将hbase-site.xml添加到类路径,该类路径应该设置这些属性。

相关问题