hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reid Chan <reidddc...@outlook.com>
Subject Re: Unable to read from Kerberised HBase
Date Fri, 13 Jul 2018 03:01:53 GMT
I think there's possibility that some of the clients login failed.

Have you tried checking your krb5kdc.log to see login audit, or turn on -Dsun.security.krb5.debug=true?

And based on your situation, i suggest to use UPN(User Principal Name) with format "name@REALM"
instead of SPN.



R.C



________________________________________
From: Lalit Jadhav <lalit.jadhav@nciportal.com>
Sent: 12 July 2018 19:41:03
To: user@hbase.apache.org
Subject: Re: Unable to read from Kerberised HBase

Yes, Reid, every machine has specific keytab and corresponding principal.


On Wed, Jul 11, 2018 at 3:29 PM, Reid Chan <reidddchan@outlook.com> wrote:

> Does every machine where hbase client runs has your specific keytab and
> corresponding principal?
>
> From snippet, i can tell that you're using service principal to login
> (with name/hostname@REALM format), and each principal should be different
> due to their different hostname.
>
>
>
> R.C
>
>
>
> ________________________________________
> From: Lalit Jadhav <lalit.jadhav@nciportal.com>
> Sent: 11 July 2018 17:45:22
> To: user@hbase.apache.org
> Subject: Re: Unable to read from Kerberised HBase
>
> Yes.
>
> On Wed, Jul 11, 2018 at 2:58 PM, Reid Chan <reidddchan@outlook.com> wrote:
>
> > Does your hbase client run on multiple machines?
> >
> > R.C
> >
> >
> > ________________________________________
> > From: Lalit Jadhav <lalit.jadhav@nciportal.com>
> > Sent: 11 July 2018 14:31:40
> > To: user@hbase.apache.org
> > Subject: Re: Unable to read from Kerberised HBase
> >
> > Tried with given snippet,
> >
> > It works when a table placed on single RegionServer. But when Table is
> > distributed across the cluster, I am not able to scan table, Let me know
> if
> > I am going wrong somewhere.
> >
> > On Tue, Jul 10, 2018 at 2:13 PM, Reid Chan <reidddchan@outlook.com>
> wrote:
> >
> > > Try this way:
> > >
> > >
> > > Connection connection = ugi.doAs(new PrivilegedAction<Connection>() {
> > >
> > >         @Override
> > >         public Connection run() {
> > >           return ConnectionFactory.createConnection(configuration);
> > >         }
> > >       });
> > >
> > >
> > >
> > > R.C
> > >
> > >
> > >
> > > ________________________________
> > > From: Lalit Jadhav <lalit.jadhav@nciportal.com>
> > > Sent: 10 July 2018 16:35:15
> > > To: user@hbase.apache.org
> > > Subject: Re: Unable to read from Kerberised HBase
> > >
> > > Code Snipper:
> > >
> > > Configuration configuration = HBaseConfiguration.create();
> > > configuration.set("hbase.zookeeper.quorum",  "QUARAM");
> > >     configuration.set("hbase.master", "MASTER");
> > >     configuration.set("hbase.zookeeper.property.clientPort", "2181");
> > >     configuration.set("hadoop.security.authentication", "kerberos");
> > >     configuration.set("hbase.security.authentication", "kerberos");
> > >     configuration.set("zookeeper.znode.parent", "/hbase-secure");
> > >     configuration.set("hbase.cluster.distributed", "true");
> > >     configuration.set("hbase.rpc.protection", "authentication");
> > >     configuration.set("hbase.regionserver.kerberos.principal",
> > > "hbase/Principal@realm");
> > >     configuration.set("hbase.regionserver.keytab.file",
> > > "/home/developers/Desktop/hbase.service.keytab3");
> > >     configuration.set("hbase.master.kerberos.principal",
> > > "hbase/HbasePrincipal@realm");
> > >     configuration.set("hbase.master.keytab.file",
> > > "/etc/security/keytabs/hbase.service.keytab");
> > >
> > >     System.setProperty("java.security.krb5.conf","/etc/krb5.conf");
> > >
> > >     String principal = System.getProperty("kerberosPrincipal",
> > > "hbase/HbasePrincipal@realm");
> > >     String keytabLocation = System.getProperty("kerberosKeytab",
> > > "/etc/security/keytabs/hbase.service.keytab");
> > >     UserGroupInformation.set    configuration(    configuration);
> > >     UserGroupInformation.loginUserFromKeytab(principal,
> keytabLocation);
> > >     UserGroupInformation userGroupInformation = UserGroupInformation.
> > > loginUserFromKeytabAndReturnUGI("hbase/HbasePrincipal@realm",
> > > "/etc/security/keytabs/hbase.service.keytab");
> > >     UserGroupInformation.setLoginUser(userGroupInformation);
> > >
> > >    Connection connection =
> > > ConnectionFactory.createConnection(configuration);
> > >
> > >
> > > Any more logs about login failure or success or related? - No, I only
> got
> > > above logs.
> > >
> > >
> > > On Tue, Jul 10, 2018 at 1:58 PM, Reid Chan <reidddchan@outlook.com>
> > wrote:
> > >
> > > > Any more logs about login failure or success or related?
> > > >
> > > > And can you show the code snippet of connection creation?
> > > > ________________________________
> > > > From: Lalit Jadhav <lalit.jadhav@nciportal.com>
> > > > Sent: 10 July 2018 16:06:32
> > > > To: user@hbase.apache.org
> > > > Subject: Re: Unable to read from Kerberised HBase
> > > >
> > > > Table only contains 100 rows. Still not able to scan.
> > > >
> > > > On Tue, Jul 10, 2018, 12:21 PM anil gupta <anilgupta84@gmail.com>
> > wrote:
> > > >
> > > > > As per error message, your scan ran for more than 1 minute but the
> > > > timeout
> > > > > is set for 1 minute. Hence the error. Try doing smaller scans or
> > > > increasing
> > > > > timeout.(PS: HBase is mostly good for short scan not for full table
> > > > scans.)
> > > > >
> > > > > On Mon, Jul 9, 2018 at 8:37 PM, Lalit Jadhav <
> > > lalit.jadhav@nciportal.com
> > > > >
> > > > > wrote:
> > > > >
> > > > > > While connecting to remote HBase cluster, I can create Table
and
> > get
> > > > > Table
> > > > > > Listing.  But unable to scan Table using Java API. Below is
code
> > > > > >
> > > > > >     configuration.set("hbase.zookeeper.quorum", "QUARAM");
> > > > > >     configuration.set("hbase.master", "MASTER");
> > > > > >     configuration.set("hbase.zookeeper.property.clientPort",
> > > "2181");
> > > > > >     configuration.set("hadoop.security.authentication",
> > "kerberos");
> > > > > >     configuration.set("hbase.security.authentication",
> > "kerberos");
> > > > > >     configuration.set("zookeeper.znode.parent",
> "/hbase-secure");
> > > > > >     configuration.set("hbase.cluster.distributed", "true");
> > > > > >     configuration.set("hbase.rpc.protection", "authentication");
> > > > > >     configuration.set("hbase.regionserver.kerberos.principal",
> > > > > > "hbase/Principal@realm");
> > > > > >     configuration.set("hbase.regionserver.keytab.file",
> > > > > > "/home/developers/Desktop/hbase.service.keytab3");
> > > > > >     configuration.set("hbase.master.kerberos.principal",
> > > > > > "hbase/HbasePrincipal@realm");
> > > > > >     configuration.set("hbase.master.keytab.file",
> > > > > > "/etc/security/keytabs/hbase.service.keytab");
> > > > > >
> > > > > >     System.setProperty("java.security.krb5.conf","/etc/
> > krb5.conf");
> > > > > >
> > > > > >     String principal = System.getProperty("kerberosPrincipal",
> > > > > > "hbase/HbasePrincipal@realm");
> > > > > >     String keytabLocation = System.getProperty("kerberosKeytab",
> > > > > > "/etc/security/keytabs/hbase.service.keytab");
> > > > > >     UserGroupInformation.set    configuration(    configuration);
> > > > > >     UserGroupInformation.loginUserFromKeytab(principal,
> > > > keytabLocation);
> > > > > >     UserGroupInformation userGroupInformation =
> > > > > > UserGroupInformation.loginUserFromKeytabAndReturnUG
> > > > > > I("hbase/HbasePrincipal@realm",
> > > > > > "/etc/security/keytabs/hbase.service.keytab");
> > > > > >     UserGroupInformation.setLoginUser(userGroupInformation);
> > > > > >
> > > > > > I am getting bellow errors,
> > > > > >
> > > > > >     org.apache.hadoop.hbase.client.RetriesExhaustedException:
> > Failed
> > > > > after
> > > > > > attempts=36, exceptions: Mon Jul 09 18:45:57 IST 2018, null,
> > > > > > java.net.SocketTimeoutException: callTimeout=60000,
> > > > callDuration=64965:
> > > > > > row
> > > > > > '' on table 'DEMO_TABLE' at
> > > > > > region=DEMO_TABLE,,1529819280641.40f0e7dc4159937619da237915be8b
> > 11.,
> > > > > > hostname=dn1-devup.mstorm.com,60020,1531051433899, seqNum=526190
> > > > > >
> > > > > >     Exception : java.io.IOException: Failed to get result within
> > > > timeout,
> > > > > > timeout=60000ms
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Regards,
> > > > > > Lalit Jadhav
> > > > > > Network Component Private Limited.
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Thanks & Regards,
> > > > > Anil Gupta
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Regards,
> > > Lalit Jadhav
> > > Network Component Private Limited.
> > >
> >
> >
> >
> > --
> > Regards,
> > Lalit Jadhav
> > Network Component Private Limited.
> >
>
>
>
> --
> Regards,
> Lalit Jadhav
> Network Component Private Limited.
>



--
Regards,
Lalit Jadhav
Network Component Private Limited.

Mime
View raw message