hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anil gupta <anilgupt...@gmail.com>
Subject Re: Problem with HBase + Kerberos
Date Thu, 27 Aug 2015 16:24:02 GMT
Maybe, this is related to some Ambari setup? Can you also ask on Ambari
mailing list.
IMO, secure HBase cluster connectivity has been working in HBase for a very
long time.

On Thu, Aug 27, 2015 at 12:48 AM, Loïc Chanel <loic.chanel@telecomnancy.net>
wrote:

> I did not, but as I Kerberized my cluster with Ambari, it did the mandatory
> modifications.
>
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
>
> 2015-08-27 1:17 GMT+02:00 Laurent H <laurent.hatier@gmail.com>:
>
> > Do you change some stuff in your hbase-site.xml when you've installed
> > Kerberos ?
> >
> > --
> > Laurent HATIER - Consultant Big Data & Business Intelligence chez
> CapGemini
> > fr.linkedin.com/pub/laurent-hatier/25/36b/a86/
> > <http://fr.linkedin.com/pub/laurent-h/25/36b/a86/>
> >
> > 2015-08-21 9:44 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net>:
> >
> > > Sorry if I didn't mention that, but yeah, I ran kinit before invoking
> > hbase
> > > shell, and klists command says that my user has a ticket.
> > > [root@host /]# klist
> > > Ticket cache: FILE:/tmp/krb5cc_0
> > > Default principal: testuser@REALM
> > >
> > > Valid starting     Expires            Service principal
> > > 08/21/15 09:39:33  08/22/15 09:39:33  krbtgt/REALM@REALM
> > >         renew until 08/21/15 09:39:33
> > >
> > >
> > > Loïc CHANEL
> > > Engineering student at TELECOM Nancy
> > > Trainee at Worldline - Villeurbanne
> > >
> > > 2015-08-21 6:12 GMT+02:00 anil gupta <anilgupta84@gmail.com>:
> > >
> > > > Did you run kinit command before invoking "hbase shell"? What does
> > klist
> > > > command says?
> > > >
> > > > On Thu, Aug 20, 2015 at 6:47 AM, Loïc Chanel <
> > > loic.chanel@telecomnancy.net
> > > > >
> > > > wrote:
> > > >
> > > > > By the way, as this may help to find my issue, I just tested typing
> > > > *whoami
> > > > > *in HBase shell : this returned me exactly what it should :
> > > > > testuser@REALM (auth:KERBEROS)
> > > > >     groups: nobody, toast
> > > > >
> > > > > Loïc CHANEL
> > > > > Engineering student at TELECOM Nancy
> > > > > Trainee at Worldline - Villeurbanne
> > > > >
> > > > > 2015-08-20 15:17 GMT+02:00 Loïc Chanel <
> loic.chanel@telecomnancy.net
> > >:
> > > > >
> > > > > > Nothing more with your option :/
> > > > > >
> > > > > > Loïc CHANEL
> > > > > > Engineering student at TELECOM Nancy
> > > > > > Trainee at Worldline - Villeurbanne
> > > > > >
> > > > > > 2015-08-20 15:04 GMT+02:00 Loïc Chanel <
> > loic.chanel@telecomnancy.net
> > > >:
> > > > > >
> > > > > >> I'm using HDP 2.2.4.2, with HBase 0.98.4.2.2.
> > > > > >> I have unlimited strength JCE installed.
> > > > > >>
> > > > > >> I'll try to have more clues with this option.
> > > > > >>
> > > > > >> Loïc CHANEL
> > > > > >> Engineering student at TELECOM Nancy
> > > > > >> Trainee at Worldline - Villeurbanne
> > > > > >>
> > > > > >> 2015-08-20 14:58 GMT+02:00 Ted Yu <yuzhihong@gmail.com>:
> > > > > >>
> > > > > >>> Which hbase / hadoop release are you using ?
> > > > > >>>
> > > > > >>> Running with -Dsun.security.krb5.debug=true will provide
more
> > clue.
> > > > > >>>
> > > > > >>> Do you have unlimited strength JCE installed ?
> > > > > >>>
> > > > > >>> Cheers
> > > > > >>>
> > > > > >>> On Thu, Aug 20, 2015 at 5:46 AM, Loïc Chanel <
> > > > > >>> loic.chanel@telecomnancy.net>
> > > > > >>> wrote:
> > > > > >>>
> > > > > >>> > Hi all,
> > > > > >>> >
> > > > > >>> > Since I kerberized my cluster, it seems like I
can't use
> HBase
> > > > > anymore
> > > > > >>> ...
> > > > > >>> > For example, executing  create 'toto','titi' on
HBase shell
> > > results
> > > > > in
> > > > > >>> the
> > > > > >>> > printing of this line endlessly :
> > > > > >>> > WARN  [main] security.UserGroupInformation: Not
attempting to
> > > > > re-login
> > > > > >>> > since the last re-login was attempted less than
600 seconds
> > > before.
> > > > > >>> >
> > > > > >>> > And nothing else happens.
> > > > > >>> > I tried to restart HDFS and HBase, and to re-generate
> > credentials
> > > > and
> > > > > >>> > keytabs, but nothing changed.
> > > > > >>> > As for the logs, they are not very explicits, as
the only
> thing
> > > > they
> > > > > >>> say
> > > > > >>> > (and keep saying) is :
> > > > > >>> >
> > > > > >>> > 2015-08-20 13:50:12,697 DEBUG [RpcServer.reader=2,port=60000]
> > > > > >>> > ipc.RpcServer: Created SASL server with mechanism
= GSSAPI
> > > > > >>> > 2015-08-20 13:50:12,698 DEBUG [RpcServer.reader=2,port=60000]
> > > > > >>> > ipc.RpcServer: Have read input token of size 650
for
> processing
> > > by
> > > > > >>> > saslServer.evaluateResponse()
> > > > > >>> > 2015-08-20 13:50:12,704 DEBUG [RpcServer.reader=2,port=60000]
> > > > > >>> > ipc.RpcServer: Will send token of size 108 from
saslServer.
> > > > > >>> > 2015-08-20 13:50:12,706 DEBUG [RpcServer.reader=2,port=60000]
> > > > > >>> > ipc.RpcServer: Have read input token of size 0
for processing
> > by
> > > > > >>> > saslServer.evaluateResponse()
> > > > > >>> > 2015-08-20 13:50:12,707 DEBUG [RpcServer.reader=2,port=60000]
> > > > > >>> > ipc.RpcServer: Will send token of size 32 from
saslServer.
> > > > > >>> > 2015-08-20 13:50:12,708 DEBUG [RpcServer.reader=2,port=60000]
> > > > > >>> > ipc.RpcServer: RpcServer.listener,port=60000: DISCONNECTING
> > > client
> > > > > >>> > 192.168.6.148:43014 because read count=-1. Number
of active
> > > > > >>> connections: 3
> > > > > >>> >
> > > > > >>> > Do anyone has an idea about where this might come
from, or
> how
> > to
> > > > > >>> solve it
> > > > > >>> > ? Because I couldn't find much documentation about
this.
> > > > > >>> > Thanks in advance for your help !
> > > > > >>> >
> > > > > >>> >
> > > > > >>> > Loïc
> > > > > >>> >
> > > > > >>> > Loïc CHANEL
> > > > > >>> > Engineering student at TELECOM Nancy
> > > > > >>> > Trainee at Worldline - Villeurbanne
> > > > > >>> >
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Thanks & Regards,
> > > > Anil Gupta
> > > >
> > >
> >
>



-- 
Thanks & Regards,
Anil Gupta

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message