hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Khireswar Kalita <khiresh.kal...@gmail.com>
Subject Hbase Thrift server failed on scanning table stage on Kerberized cluster.
Date Wed, 20 Dec 2017 04:59:19 GMT
Dear Hbase team:


I have install a Hbase thrift server on HDP 2.5 kerberized cluster with
following steps and configuration:

*Configuration:*

   1. Check Hbase service principal:

[hbase@ip-10-11-13-118 ~]$ klist -kt
/etc/security/keytabs/hbase.service.keytab

Keytab name: FILE:/etc/security/keytabs/hbase.service.keytab

KVNO Timestamp Principal

---- -----------------
--------------------------------------------------------

1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM

1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM

1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM

1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM

1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM
<hbase/ip-10-11-13-118.zalonilabs.com@HADOOP.ZALONILABS.COM>

   1. Hbase -> Configs -> Advanced -> Custom Hbase-Site.xml check if
   following properties are added already. If not, add missing properties:

hbase.master.kerberos.principal=hbase/_HOST@HADOOP.MYLABS.COM

hbase.master.keytab.file=/etc/security/keytabs/hbase.service.keytab

hadoop.proxyuser.HTTP.groups=*

hadoop.proxyuser.HTTP.hosts

hbase.rest.authentication.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab

hbase.rest.authentication.kerberos.principal=HTTP/_HOST@HADOOP.MYLABS.COM

hbase.rest.authentication.type=kerberos

hbase.rest.kerberos.principal=hbase/_HOST@HADOOP.MYLABS.COM

hbase.rest.keytab.file=/etc/security/keytabs/hbase.service.keytab

hbase.security.authentication=kerberos

hbase.security.authentication.spnego.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab

hbase.security.authentication.spnego.kerberos.principal=HTTP/_HOST@HADOOP.MYLABS.COM

hbase.security.authorization=true

For Hbase thrift server add following properties into Custom Hbase-site.xml
section from ambari:

hbase.thrift.security.qop=auth

hbase.thrift.support.proxyuser=true

hbase.security.authentication=kerberos

hbase.regionserver.thrift.http=true

hbase.thrift.keytab.file=/etc/security/keytabs/spnego.service.keytab

hbase.thrift.kerberos.principal= HTTP/_HOST@HADOOP.MYLABS.COM

In Ambari -> HDFS, make sure that following are set:

hadoop.proxyuser.HTTP.groups=*

hadoop.proxyuser.HTTP.hosts=*

Restart Hbase service.

When I run following command to test the installation it shows following
error:

*[hbase@p-10-11-13-118 ~]$ hbase
org.apache.hadoop.hbase.thrift.HttpDoAsClient ip-10-11-13-118.mylabs.com
<http://ip-10-11-13-118.mylabs.com/> 9090 hbase *true

Debug is true storeKey false useTicketCache true useKeyTab false
doNotPrompt true ticketCache is null isInitiator true KeyTab is null
refreshKrb5Config is true principal is null tryFirstPass is false
useFirstPass is false storePass is false clearPass is false Refreshing
Kerberos configuration Acquire TGT from Cache Principal is
hbase-dev@HADOOP.MYLABS.COM Commit Succeeded Debug is true storeKey false
useTicketCache true useKeyTab false doNotPrompt true ticketCache is null
isInitiator true KeyTab is null refreshKrb5Config is true principal is null
tryFirstPass is false useFirstPass is false storePass is false clearPass is
false Refreshing Kerberos configuration Acquire TGT from Cache Principal is
hbase-dev@HADOOP.MYLABS.COM

Commit Succeeded

scanning tables...

Ticket is: Negotiate
YIIClgYJKoZIhvcSAQICAQBuggKFMIICgaADAgEFoQMCAQ6iBwMFACAAAACjggF+YYIBejCCAXagAwIBBaEfGx1ERVYuSEFET09QLlIxLUNPUkUuUjEuQUlHLk5FVKIbMBmgAwIBAKESMBAbDmhiYXNlLWRldl9nZmF0o4IBLzCCASugAwIBEqEDAgEDooIBHQSCARnxqNrKoykz7X43qGUeq78BMt4QTGMJWU/O2l6/a9SFtuTzOPFITcO5Ba2A3ClKFjnO58evIj/JsHo7Ik+KZQPKEob+KYcVYLNYagZOtwOQ2aa8HUPZIpb0XTfJoNNbNExAxF0Zv42rID1/vZez2Ga9C7lfRm2OU6/fMtPBP2/xClTofFyB3LJK69yiNBomS9bvRl8v2xsOYMbySAPPnZczcKQeu1hYfQ1u2ZAru5Rp0rlNNUnAyueGi1WHPIXiDOJp/PtqW5R6miVrce97eIb4FmNbYuFEBB8PThYwq5l8Uq3Hv66pum2zfpI5+mxD0sTWBJLaLWY44B/PtRE2t5EfgeExRQir4ZK6SB6TCB5qADAgESooHeBIHbA0zsuxuHUo/r2d8hbeB6sfXef3i0f7iGmBhZD1Q44lkgbvCc2+bDJLY5CqB11r4vOy0ZdRf/7AAt5xUs69IiCQpsMgaIzWkWqPCpEI9zSwShDuYpOBepA516MqJKkqZrbB1G8VXtSpsKKmveSW285QjesfFE+ym+vSNWGptP/ZOlYNJQbDUnQtoKVL02xIkAsj3lUAfWXUtToAWEXL4p+skZj4iPEByupprwlbjzSJR5We6in3FFz2G4sBrpJQb7bvJqPO3RrZZ8HGk2o6pEGu4EpPU9EwnUUMOAException
in thread "main" java.security.PrivilegedActionException:
org.apache.thrift.transport.TTransportException: HTTP Response code: 500 at
java.security.AccessController.doPrivileged(Native Method) at
javax.security.auth.Subject.doAs(Subject.java:415) at
org.apache.hadoop.hbase.thrift.HttpDoAsClient.main(HttpDoAsClient.java:88)
Caused by: *org.apache.thrift.transport.TTransportException: HTTP Response
code: 500 at *org.apache.thrift.transport.THttpClient.flush(THttpClient.java:349)
at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73) at
org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62) at
org.apache.hadoop.hbase.thrift.generated.Hbase$Client.send_getTableNames(Hbase.java:901)
at
org.apache.hadoop.hbase.thrift.generated.Hbase$Client.getTableNames(Hbase.java:894)
at
org.apache.hadoop.hbase.thrift.HttpDoAsClient.run(HttpDoAsClient.java:137)
at
org.apache.hadoop.hbase.thrift.HttpDoAsClient.access$000(HttpDoAsClient.java:61)
at
org.apache.hadoop.hbase.thrift.HttpDoAsClient$1.run(HttpDoAsClient.java:92)
at
org.apache.hadoop.hbase.thrift.HttpDoAsClient$1.run(HttpDoAsClient.java:89)
... 3 more



Can any one help me to fix the issue.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message