问题描述
您好,我正在尝试为安全hbase编写一个java客户端。
我也想从代码本身做kinit,因为我使用的是用户组信息类。
任何人都可以指出我在哪里出错了吗?
这是Im试图连接obase的主要方法。
我必须在CONfiguration对象中添加配置,而不是使用xml,因为客户端可以位于任何位置。
请参阅以下代码:
public static void main(String [] args){
try {
System .setProperty(CommonConstants.KRB_REALM,ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,krb.realm));
System.setProperty(CommonConstants.KRB_KDC,ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,krb.kdc));
System.setProperty(CommonConstants.KRB_DEBUG,true);
final配置config = HBaseConfiguration.create();
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,AUTH_KRB);
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,AUTHORIZATION);
config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY,AUTO_CLOSE);
config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY,defaultFS);
config.set(hbase.zookeeper.quorum,ConfigUtil.getProperty(CommonConstants.HBASE_CONF,hbase.host));
config.set(hbase.zookeeper.property.clientPort,ConfigUtil.getProperty(CommonConstants.HBASE_CONF,hbase.port));
config.set(hbase.client.retries.number,Integer.toString(0));
config.set(zookeeper.session.timeout,Integer.toString(6000));
config.set(zookeeper.recovery.retry,Integer.toString(0));
config.set(hbase.master,gauravt-namenode.pbi.global.pvt:60000);
config.set(zookeeper.znode.parent,/ hbase-secure);
config.set(hbase.rpc.engine,org.apache.hadoop.hbase.ipc.SecureRpcEngine);
config.set(hbase.security.authentication,AUTH_KRB);
config.set(hbase.security.authorization,AUTHORIZATION);
config.set(hbase.master.kerberos.principal,hbase / [email protected]);
config.set(hbase.master.keytab.file,D:/var/lib/bda/secure/keytabs/hbase.service.keytab);
config.set(hbase.regionserver.kerberos.principal,hbase / [email protected]);
config.set(hbase.regionserver.keytab.file,D:/var/lib/bda/secure/keytabs/hbase.service.keytab);
UserGroupInformation.setConfiguration(config);
UserGroupInformation userGroupInformation = UserGroupInformation.loginUserFromKeytabAndReturnUGI(hbase / [email protected],D:/var/lib/bda/secure/keytabs/hbase.service.keytab );
UserGroupInformation.setLoginUser(userGroupInformation);
User user = User.create(userGroupInformation);
$ b $ user.runAs(new PrivilegedExceptionAction< Object>(){
$ b $ @Override
public Object run()抛出Exception {
HBaseAdmin admins = new HBaseAdmin(config);
if(admins.isTableAvailable(ambarismoketest)){
System.out.println(Table is available);
};
HConnection connection = HConnectionManager.createConnection(config);
HTableInterface table = connection.getTable(ambarismoketest);
admins.close();
System.out.println(table.get(new Get(null)));
return table.get(new Get(null));
}
});
System.out.println(UserGroupInformation.getLoginUser()。getUserName());
$ b} catch(Exception e){
// TODO自动生成的catch块
e.printStackTrace();
}
我收到以下异常:
原因:org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException):GSS在org.apache处启动失败
。 hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
位于org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
位于org.apache。 hadoop.hbase.ipc.RpcClient $ Connection.setupSaslConnection(RpcClient.java:762)
at org.apache.hadoop.hbase.ipc.RpcClient $ Connection.access $ 600(RpcClient.java:354)
在org.apache.hadoop.hbase.ipc.RpcClient $ Connection $ 2.run(RpcClient.java:883)
at org.apache.hadoop.hbase.ipc.RpcClient $ Connection $ 2.run(RpcClient.java: 880)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at org.apache.hadoop。 security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
at org .apache.hadoop.hbase.ipc.RpcClient $ Connection.setupIOstreams(RpcClient.java:880)
... 33 more
任何指针都会有帮助。
不确定您是否仍然需要帮助。我认为设置hadoop.security.authentication属性缺少您的代码段。
我使用以下代码片段连接到安全HBase(在CDH5上)。您可以试一下。
config.set(hbase.zookeeper.quorum,zookeeperHosts);
config.set(hbase.zookeeper.property.clientPort,zookeeperPort);
config.set(hadoop.security.authentication,kerberos);
config.set(hbase.security.authentication,kerberos);
config.set(hbase.master.kerberos.principal,HBASE_MASTER_PRINCIPAL);
config.set(hbase.regionserver.kerberos.principal,HBASE_RS_PRINCIPAL);
UserGroupInformation.setConfiguration(config);
用户组信息。
HBaseAdmin admins = new HBaseAdmin(config);
TableName [] tables = admins.listTableNames(); (TableName table:tables)
{
System.out.println(table.toString());
}
Hi I am trying to write a java client for secure hbase.I want to do kinit also from code itself for that i`m using the usergroup information class.Can anyone point out where am I going wrong here?
this is the main method that Im trying to connect o hbase from.
I have to add the configuration in the CONfiguration object rather than using the xml, because the client can be located anywhere.
Please see the code below:
public static void main(String [] args) {
try {
System.setProperty(CommonConstants.KRB_REALM, ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm"));
System.setProperty(CommonConstants.KRB_KDC, ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc"));
System.setProperty(CommonConstants.KRB_DEBUG, "true");
final Configuration config = HBaseConfiguration.create();
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, AUTH_KRB);
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, AUTHORIZATION);
config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY, AUTO_CLOSE);
config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY, defaultFS);
config.set("hbase.zookeeper.quorum", ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host"));
config.set("hbase.zookeeper.property.clientPort", ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port"));
config.set("hbase.client.retries.number", Integer.toString(0));
config.set("zookeeper.session.timeout", Integer.toString(6000));
config.set("zookeeper.recovery.retry", Integer.toString(0));
config.set("hbase.master", "gauravt-namenode.pbi.global.pvt:60000");
config.set("zookeeper.znode.parent", "/hbase-secure");
config.set("hbase.rpc.engine", "org.apache.hadoop.hbase.ipc.SecureRpcEngine");
config.set("hbase.security.authentication", AUTH_KRB);
config.set("hbase.security.authorization", AUTHORIZATION);
config.set("hbase.master.kerberos.principal", "hbase/[email protected]");
config.set("hbase.master.keytab.file", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
config.set("hbase.regionserver.kerberos.principal", "hbase/[email protected]");
config.set("hbase.regionserver.keytab.file", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
UserGroupInformation.setConfiguration(config);
UserGroupInformation userGroupInformation = UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/[email protected]", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
UserGroupInformation.setLoginUser(userGroupInformation);
User user = User.create(userGroupInformation);
user.runAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
HBaseAdmin admins = new HBaseAdmin(config);
if(admins.isTableAvailable("ambarismoketest")) {
System.out.println("Table is available");
};
HConnection connection = HConnectionManager.createConnection(config);
HTableInterface table = connection.getTable("ambarismoketest");
admins.close();
System.out.println(table.get(new Get(null)));
return table.get(new Get(null));
}
});
System.out.println(UserGroupInformation.getLoginUser().getUserName());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
I`m getting the following exception:
Caused by: org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed
at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)
... 33 more
Any pointers would be helpful.
Not sure if you still need help. I think setting the "hadoop.security.authentication" property is missing from your snippet.
I am using following code snippet to connect to secure HBase (on CDH5). You can give a try.
config.set("hbase.zookeeper.quorum", zookeeperHosts);
config.set("hbase.zookeeper.property.clientPort", zookeeperPort);
config.set("hadoop.security.authentication", "kerberos");
config.set("hbase.security.authentication", "kerberos");
config.set("hbase.master.kerberos.principal", HBASE_MASTER_PRINCIPAL);
config.set("hbase.regionserver.kerberos.principal", HBASE_RS_PRINCIPAL);
UserGroupInformation.setConfiguration(config);
UserGroupInformation.loginUserFromKeytab(ZOOKEEPER_PRINCIPAL,ZOOKEEPER_KEYTAB);
HBaseAdmin admins = new HBaseAdmin(config);
TableName[] tables = admins.listTableNames();
for(TableName table: tables){
System.out.println(table.toString());
}
这篇关于用于安全Hbase的Java客户端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!