Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
Cloudera Employee

Short Description:

This sample code helps to connect to Kerberos enabled HBase cluster from Java program.

Github location:

https://github.com/kartik-dev/HBase-Example.git

Code Walkthrough:

Create HBaseConfiguration and pass HBase cluster parameters.

Configuration configuration = HBaseConfiguration.create();
configuration.set("hbase.zookeeper.quorum", "node01.hortonworks.com,node02.hortonworks.com");
configuration.set("hbase.zookeeper.property.clientPort", "2181");
configuration.set("hadoop.security.authentication", "kerberos");
configuration.set("hbase.security.authentication", "kerberos");
configuration.set("hbase.cluster.distributed", "true");

// check this setting on HBase side
configuration.set("hbase.rpc.protection", "authentication"); 

Specify HBase master and regionserver principal and keytab file names. Please make sure keytab files are in respective folder.

// this is needed even if you connect over rpc/zookeeper
configuration.set("hbase.master.kerberos.principal", "hbase/_HOST@FIELD.HORTONWORKS.COM"); 
configuration.set("hbase.master.keytab.file", "src/hbase.service.keytab");
		
//what principal the master/region. servers use.
configuration.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@FIELD.HORTONWORKS.COM"); 
configuration.set("hbase.regionserver.keytab.file", "src/hbase.service.keytab"); 

Add java.security.krb5.conf to system property or you could also pass it using -djava.security.krb5.conf=src/krb5.conf

System.setProperty("java.security.krb5.conf","src/krb5.conf");
// Enable/disable krb5 debugging 
System.setProperty("sun.security.krb5.debug", "false");

String principal = System.getProperty("kerberosPrincipal","hbase/hdp1.field.hortonworks.com@FIELD.HORTONWORKS.COM");
String keytabLocation = System.getProperty("kerberosKeytab","src/hbase.service.keytab");

login user from keytab file:

UserGroupInformation.setConfiguration(configuration);
UserGroupInformation.loginUserFromKeytab(principal, keytabLocation); 

Well, you are good to go now.

6,496 Views
0 Kudos
Comments
New Contributor

Why use _HOST as opposed to hdp1.field.hortonworks.com?

Is this to handle failovers?

New Contributor

Why the difference _HOST and hdp1.field.hortonworks.com for PRINCIPAL?

This:

  1. configuration.set("hbase.master.kerberos.principal","hbase/_HOST@FIELD.HORTONWORKS.COM");
  2. configuration.set("hbase.regionserver.kerberos.principal","hbase/_HOST@FIELD.HORTONWORKS.COM");

Vs this:

  1. String principal =System.getProperty("kerberosPrincipal","hbase/hdp1.field.hortonworks.com@FIELD.HORTONWORKS.COM");
New Contributor

Do we have to manually add actual hostname in place of _HOST here

configuration.set("hbase.regionserver.kerberos.principal","hbase/_HOST@FIELD.HORTONWORKS.COM");

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎08-04-2017 09:08 PM
Updated by:
 
Contributors
Top Kudoed Authors