hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gaurav Thakur <gaurav2...@gmail.com>
Subject Java Secure Client : Hbase
Date Thu, 08 May 2014 11:52:57 GMT
Hi I have a secure java client which fails to connect to hbase.

Using the same keytab and principal I`m able to use hbase from shell.

Please see below the code.

public static void main(String [] args) {
        try {
            System.setProperty(CommonConstants.KRB_REALM,
ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm"));
            System.setProperty(CommonConstants.KRB_KDC,
ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc"));
            System.setProperty(CommonConstants.KRB_DEBUG, "true");



            final Configuration config = HBaseConfiguration.create();


config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
AUTH_KRB);

config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
AUTHORIZATION);

config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY,
AUTO_CLOSE);
            config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY,
defaultFS);
            config.set("hbase.zookeeper.quorum",
ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host"));
            config.set("hbase.zookeeper.property.clientPort",
ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port"));
            config.set("hbase.client.retries.number", Integer.toString(0));
            config.set("zookeeper.session.timeout", Integer.toString(6000));
            config.set("zookeeper.recovery.retry", Integer.toString(0));
            config.set("hbase.master",
"gauravt-namenode.pbi.global.pvt:60000");
            config.set("zookeeper.znode.parent", "/hbase-secure");
            config.set("hbase.rpc.engine",
"org.apache.hadoop.hbase.ipc.SecureRpcEngine");
            config.set("hbase.security.authentication", AUTH_KRB);
            config.set("hbase.security.authorization", AUTHORIZATION);
            config.set("hbase.master.kerberos.principal",
"hbase/gauravt-namenode.pbi.global.pvt@pbi.global.pvt");
            config.set("hbase.master.keytab.file",
"D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
            config.set("hbase.regionserver.kerberos.principal",
"hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt");
            config.set("hbase.regionserver.keytab.file",
"D:/var/lib/bda/secure/keytabs/hbase.service.keytab");

            UserGroupInformation.setConfiguration(config);
            UserGroupInformation userGroupInformation =
UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt",
"D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
            UserGroupInformation.setLoginUser(userGroupInformation);

            User user = User.create(userGroupInformation);

            user.runAs(new PrivilegedExceptionAction<Object>() {

                @Override
                public Object run() throws Exception {
                    HBaseAdmin admins = new HBaseAdmin(config);

                    if(admins.isTableAvailable("ambarismoketest")) {
                        System.out.println("Table is available");
                    };

                    HConnection connection =
HConnectionManager.createConnection(config);

                    HTableInterface table =
connection.getTable("ambarismoketest");

                    byte [] family = Bytes.toBytes("fammily");

                    byte [] col01 = Bytes.toBytes("col01");

                    Scan scan = new Scan();
                    scan.addColumn(family, col01);

                    ResultScanner rs = table.getScanner(scan);

                    for (Result r = rs.next(); r != null; r = rs.next()) {
                        byte[] valueObj = r.getValue(family, col01);
                        String value = new String(valueObj);
                        System.out.println(value);
                    }

                    admins.close();
                    System.out.println(table.get(new Get(null)));
                    return table.get(new Get(null));
                }
            });

System.out.println(UserGroupInformation.getLoginUser().getUserName());



            /*HbaseTemplate template = client.getHbaseTemplate();

            template.find("ambarismoketest", new Scan(), new
ResultsExtractor() {

                @Override
                public Object extractData(ResultScanner results)
                        throws Exception {
                    // TODO Auto-generated method stub
                    return results;
                }

            });*/

        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

I get an exception :

Caused by:
org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException):
GSS initiate failed
    at
org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
    at
org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
    at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762)
    at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354)
    at
org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883)
    at
org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:396)
    at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
    at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message