hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Yu <yuzhih...@gmail.com>
Subject Re: Hbase Thrift server failed on scanning table stage on Kerberized cluster.
Date Thu, 21 Dec 2017 22:42:15 GMT
Since you're using a vendor's distro, please ask on their community page.

Thanks

On Tue, Dec 19, 2017 at 8:59 PM, Khireswar Kalita <khiresh.kalita@gmail.com>
wrote:

> Dear Hbase team:
>
>
> I have install a Hbase thrift server on HDP 2.5 kerberized cluster with
> following steps and configuration:
>
> *Configuration:*
>
>    1. Check Hbase service principal:
>
> [hbase@ip-10-11-13-118 ~]$ klist -kt
> /etc/security/keytabs/hbase.service.keytab
>
> Keytab name: FILE:/etc/security/keytabs/hbase.service.keytab
>
> KVNO Timestamp Principal
>
> ---- -----------------
> --------------------------------------------------------
>
> 1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM
>
> 1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM
>
> 1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM
>
> 1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM
>
> 1 02/06/17 17:40:53 hbase/ip-10-11-13-118.mylabs.com@HADOOP.MYLABS.COM
> <hbase/ip-10-11-13-118.zalonilabs.com@HADOOP.ZALONILABS.COM>
>
>    1. Hbase -> Configs -> Advanced -> Custom Hbase-Site.xml check if
>    following properties are added already. If not, add missing properties:
>
> hbase.master.kerberos.principal=hbase/_HOST@HADOOP.MYLABS.COM
>
> hbase.master.keytab.file=/etc/security/keytabs/hbase.service.keytab
>
> hadoop.proxyuser.HTTP.groups=*
>
> hadoop.proxyuser.HTTP.hosts
>
> hbase.rest.authentication.kerberos.keytab=/etc/security/
> keytabs/spnego.service.keytab
>
> hbase.rest.authentication.kerberos.principal=HTTP/_HOST@HADOOP.MYLABS.COM
>
> hbase.rest.authentication.type=kerberos
>
> hbase.rest.kerberos.principal=hbase/_HOST@HADOOP.MYLABS.COM
>
> hbase.rest.keytab.file=/etc/security/keytabs/hbase.service.keytab
>
> hbase.security.authentication=kerberos
>
> hbase.security.authentication.spnego.kerberos.keytab=/etc/
> security/keytabs/spnego.service.keytab
>
> hbase.security.authentication.spnego.kerberos.principal=HTTP/_
> HOST@HADOOP.MYLABS.COM
>
> hbase.security.authorization=true
>
> For Hbase thrift server add following properties into Custom Hbase-site.xml
> section from ambari:
>
> hbase.thrift.security.qop=auth
>
> hbase.thrift.support.proxyuser=true
>
> hbase.security.authentication=kerberos
>
> hbase.regionserver.thrift.http=true
>
> hbase.thrift.keytab.file=/etc/security/keytabs/spnego.service.keytab
>
> hbase.thrift.kerberos.principal= HTTP/_HOST@HADOOP.MYLABS.COM
>
> In Ambari -> HDFS, make sure that following are set:
>
> hadoop.proxyuser.HTTP.groups=*
>
> hadoop.proxyuser.HTTP.hosts=*
>
> Restart Hbase service.
>
> When I run following command to test the installation it shows following
> error:
>
> *[hbase@p-10-11-13-118 ~]$ hbase
> org.apache.hadoop.hbase.thrift.HttpDoAsClient ip-10-11-13-118.mylabs.com
> <http://ip-10-11-13-118.mylabs.com/> 9090 hbase *true
>
> Debug is true storeKey false useTicketCache true useKeyTab false
> doNotPrompt true ticketCache is null isInitiator true KeyTab is null
> refreshKrb5Config is true principal is null tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false Refreshing
> Kerberos configuration Acquire TGT from Cache Principal is
> hbase-dev@HADOOP.MYLABS.COM Commit Succeeded Debug is true storeKey false
> useTicketCache true useKeyTab false doNotPrompt true ticketCache is null
> isInitiator true KeyTab is null refreshKrb5Config is true principal is null
> tryFirstPass is false useFirstPass is false storePass is false clearPass is
> false Refreshing Kerberos configuration Acquire TGT from Cache Principal is
> hbase-dev@HADOOP.MYLABS.COM
>
> Commit Succeeded
>
> scanning tables...
>
> Ticket is: Negotiate
> YIIClgYJKoZIhvcSAQICAQBuggKFMIICgaADAgEFoQMCAQ6iBwMFACAAAACjggF+
> YYIBejCCAXagAwIBBaEfGx1ERVYuSEFET09QLlIxLUNPUkUuUjEuQUlHLk5F
> VKIbMBmgAwIBAKESMBAbDmhiYXNlLWRldl9nZmF0o4IBLzCCASugAwIBEqED
> AgEDooIBHQSCARnxqNrKoykz7X43qGUeq78BMt4QTGMJWU/O2l6/
> a9SFtuTzOPFITcO5Ba2A3ClKFjnO58evIj/JsHo7Ik+KZQPKEob+
> KYcVYLNYagZOtwOQ2aa8HUPZIpb0XTfJoNNbNExAxF0Zv42rID1/
> vZez2Ga9C7lfRm2OU6/fMtPBP2/xClTofFyB3LJK69yiNBomS9bvRl8v2
> xsOYMbySAPPnZczcKQeu1hYfQ1u2ZAru5Rp0rlNNUnAyueGi1WHPIXiDOJp/
> PtqW5R6miVrce97eIb4FmNbYuFEBB8PThYwq5l8Uq3Hv66pum2zfpI5+mxD0sTWBJLaLWY44B/
> PtRE2t5EfgeExRQir4ZK6SB6TCB5qADAgESooHeBIHbA0zsuxuHUo/
> r2d8hbeB6sfXef3i0f7iGmBhZD1Q44lkgbvCc2+bDJLY5CqB11r4vOy0ZdRf/
> 7AAt5xUs69IiCQpsMgaIzWkWqPCpEI9zSwShDuYpOBepA516MqJKkqZrbB1G
> 8VXtSpsKKmveSW285QjesfFE+ym+vSNWGptP/ZOlYNJQbDUnQtoKVL02xIkAsj3lUAf
> WXUtToAWEXL4p+skZj4iPEByupprwlbjzSJR5We6in3FFz2G4sBrpJQb7bvJqPO3RrZZ8HGk2o
> 6pEGu4EpPU9EwnUUMOAException
> in thread "main" java.security.PrivilegedActionException:
> org.apache.thrift.transport.TTransportException: HTTP Response code: 500
> at
> java.security.AccessController.doPrivileged(Native Method) at
> javax.security.auth.Subject.doAs(Subject.java:415) at
> org.apache.hadoop.hbase.thrift.HttpDoAsClient.main(HttpDoAsClient.java:88)
> Caused by: *org.apache.thrift.transport.TTransportException: HTTP Response
> code: 500 at *org.apache.thrift.transport.THttpClient.flush(THttpClient.
> java:349)
> at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73) at
> org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62) at
> org.apache.hadoop.hbase.thrift.generated.Hbase$Client.
> send_getTableNames(Hbase.java:901)
> at
> org.apache.hadoop.hbase.thrift.generated.Hbase$Client.
> getTableNames(Hbase.java:894)
> at
> org.apache.hadoop.hbase.thrift.HttpDoAsClient.run(HttpDoAsClient.java:137)
> at
> org.apache.hadoop.hbase.thrift.HttpDoAsClient.access$
> 000(HttpDoAsClient.java:61)
> at
> org.apache.hadoop.hbase.thrift.HttpDoAsClient$1.run(
> HttpDoAsClient.java:92)
> at
> org.apache.hadoop.hbase.thrift.HttpDoAsClient$1.run(
> HttpDoAsClient.java:89)
> ... 3 more
>
>
>
> Can any one help me to fix the issue.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message