最近公司大数据集群统一升级了 kerberos,那原先 的opentsdb就不能使用了,需要使用keytab方式登陆验证。
在百度找了好久没找到解决方案,还是组里勇哥看opentsdb源码才发现opentsdb怎么验证keytab.
下面是具体代码片断:
未使用kerberos 时候,直接使用下面的旧代码:
HBaseClient hbaseClient = new HBaseClient(zookeeper); 激活了kerberos需要:
System.setProperty("java.security.auth.login.config", "D:/kbs/ksm_jaas.conf"); System.setProperty("zookeeper.sasl.client", "false"); //下面行只在本地打开 System.setProperty("java.security.krb5.conf", "D:/kbs/krb5.conf"); org.hbase.async.Config asyncConfig = new org.hbase.async.Config(); asyncConfig.overrideConfig("hbase.zookeeper.quorum", zookeeper); asyncConfig.overrideConfig("hbase.security.auth.enable", "true"); asyncConfig.overrideConfig("hbase.security.authentication", "kerberos"); asyncConfig.overrideConfig("hbase.sasl.clientconfig", "Client"); asyncConfig.overrideConfig("hbase.kerberos.regionserver.principal", "hbase/[email protected]"); HBaseClient hbaseClient = new HBaseClient(asyncConfig); //认证 KerberosClientAuthProvider authProvider = new KerberosClientAuthProvider(hbaseClient); 需要注意的是maven jar包,低版本的opentsdb的确不支持kerberos
<dependency> <groupId>net.opentsdb</groupId> <artifactId>opentsdb</artifactId> <version>2.3.0-RC1</version> </dependency>
<dependency> <groupId>org.hbase</groupId> <artifactId>asynchbase</artifactId> <version>1.7.2</version> </dependency>