You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hbase.apache.org by Gaurav Thakur <ga...@gmail.com> on 2014/05/08 13:52:57 UTC
Java Secure Client : Hbase
Hi I have a secure java client which fails to connect to hbase.
Using the same keytab and principal I`m able to use hbase from shell.
Please see below the code.
public static void main(String [] args) {
try {
System.setProperty(CommonConstants.KRB_REALM,
ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm"));
System.setProperty(CommonConstants.KRB_KDC,
ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc"));
System.setProperty(CommonConstants.KRB_DEBUG, "true");
final Configuration config = HBaseConfiguration.create();
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
AUTH_KRB);
config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
AUTHORIZATION);
config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY,
AUTO_CLOSE);
config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY,
defaultFS);
config.set("hbase.zookeeper.quorum",
ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host"));
config.set("hbase.zookeeper.property.clientPort",
ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port"));
config.set("hbase.client.retries.number", Integer.toString(0));
config.set("zookeeper.session.timeout", Integer.toString(6000));
config.set("zookeeper.recovery.retry", Integer.toString(0));
config.set("hbase.master",
"gauravt-namenode.pbi.global.pvt:60000");
config.set("zookeeper.znode.parent", "/hbase-secure");
config.set("hbase.rpc.engine",
"org.apache.hadoop.hbase.ipc.SecureRpcEngine");
config.set("hbase.security.authentication", AUTH_KRB);
config.set("hbase.security.authorization", AUTHORIZATION);
config.set("hbase.master.kerberos.principal",
"hbase/gauravt-namenode.pbi.global.pvt@pbi.global.pvt");
config.set("hbase.master.keytab.file",
"D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
config.set("hbase.regionserver.kerberos.principal",
"hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt");
config.set("hbase.regionserver.keytab.file",
"D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
UserGroupInformation.setConfiguration(config);
UserGroupInformation userGroupInformation =
UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt",
"D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
UserGroupInformation.setLoginUser(userGroupInformation);
User user = User.create(userGroupInformation);
user.runAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
HBaseAdmin admins = new HBaseAdmin(config);
if(admins.isTableAvailable("ambarismoketest")) {
System.out.println("Table is available");
};
HConnection connection =
HConnectionManager.createConnection(config);
HTableInterface table =
connection.getTable("ambarismoketest");
byte [] family = Bytes.toBytes("fammily");
byte [] col01 = Bytes.toBytes("col01");
Scan scan = new Scan();
scan.addColumn(family, col01);
ResultScanner rs = table.getScanner(scan);
for (Result r = rs.next(); r != null; r = rs.next()) {
byte[] valueObj = r.getValue(family, col01);
String value = new String(valueObj);
System.out.println(value);
}
admins.close();
System.out.println(table.get(new Get(null)));
return table.get(new Get(null));
}
});
System.out.println(UserGroupInformation.getLoginUser().getUserName());
/*HbaseTemplate template = client.getHbaseTemplate();
template.find("ambarismoketest", new Scan(), new
ResultsExtractor() {
@Override
public Object extractData(ResultScanner results)
throws Exception {
// TODO Auto-generated method stub
return results;
}
});*/
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
I get an exception :
Caused by:
org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException):
GSS initiate failed
at
org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
at
org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)
Re: Java Secure Client : Hbase
Posted by Anil Gupta <an...@gmail.com>.
Hi Gaurav,
Please check my last reply.
Please don't send multiple emails for the same issue.
Sent from my iPhone
> On May 8, 2014, at 4:52 AM, Gaurav Thakur <ga...@gmail.com> wrote:
>
> Hi I have a secure java client which fails to connect to hbase.
>
> Using the same keytab and principal I`m able to use hbase from shell.
>
> Please see below the code.
>
> public static void main(String [] args) {
> try {
> System.setProperty(CommonConstants.KRB_REALM,
> ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm"));
> System.setProperty(CommonConstants.KRB_KDC,
> ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc"));
> System.setProperty(CommonConstants.KRB_DEBUG, "true");
>
>
>
> final Configuration config = HBaseConfiguration.create();
>
>
> config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
> AUTH_KRB);
>
> config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
> AUTHORIZATION);
>
> config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY,
> AUTO_CLOSE);
> config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY,
> defaultFS);
> config.set("hbase.zookeeper.quorum",
> ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host"));
> config.set("hbase.zookeeper.property.clientPort",
> ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port"));
> config.set("hbase.client.retries.number", Integer.toString(0));
> config.set("zookeeper.session.timeout", Integer.toString(6000));
> config.set("zookeeper.recovery.retry", Integer.toString(0));
> config.set("hbase.master",
> "gauravt-namenode.pbi.global.pvt:60000");
> config.set("zookeeper.znode.parent", "/hbase-secure");
> config.set("hbase.rpc.engine",
> "org.apache.hadoop.hbase.ipc.SecureRpcEngine");
> config.set("hbase.security.authentication", AUTH_KRB);
> config.set("hbase.security.authorization", AUTHORIZATION);
> config.set("hbase.master.kerberos.principal",
> "hbase/gauravt-namenode.pbi.global.pvt@pbi.global.pvt");
> config.set("hbase.master.keytab.file",
> "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
> config.set("hbase.regionserver.kerberos.principal",
> "hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt");
> config.set("hbase.regionserver.keytab.file",
> "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
>
> UserGroupInformation.setConfiguration(config);
> UserGroupInformation userGroupInformation =
> UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt",
> "D:/var/lib/bda/secure/keytabs/hbase.service.keytab");
> UserGroupInformation.setLoginUser(userGroupInformation);
>
> User user = User.create(userGroupInformation);
>
> user.runAs(new PrivilegedExceptionAction<Object>() {
>
> @Override
> public Object run() throws Exception {
> HBaseAdmin admins = new HBaseAdmin(config);
>
> if(admins.isTableAvailable("ambarismoketest")) {
> System.out.println("Table is available");
> };
>
> HConnection connection =
> HConnectionManager.createConnection(config);
>
> HTableInterface table =
> connection.getTable("ambarismoketest");
>
> byte [] family = Bytes.toBytes("fammily");
>
> byte [] col01 = Bytes.toBytes("col01");
>
> Scan scan = new Scan();
> scan.addColumn(family, col01);
>
> ResultScanner rs = table.getScanner(scan);
>
> for (Result r = rs.next(); r != null; r = rs.next()) {
> byte[] valueObj = r.getValue(family, col01);
> String value = new String(valueObj);
> System.out.println(value);
> }
>
> admins.close();
> System.out.println(table.get(new Get(null)));
> return table.get(new Get(null));
> }
> });
>
> System.out.println(UserGroupInformation.getLoginUser().getUserName());
>
>
>
> /*HbaseTemplate template = client.getHbaseTemplate();
>
> template.find("ambarismoketest", new Scan(), new
> ResultsExtractor() {
>
> @Override
> public Object extractData(ResultScanner results)
> throws Exception {
> // TODO Auto-generated method stub
> return results;
> }
>
> });*/
>
> } catch (Exception e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
> I get an exception :
>
> Caused by:
> org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException):
> GSS initiate failed
> at
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110)
> at
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:396)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)