Community Articles

PROBLEM: There are multiple issues connecting Windows clients such as Squirrel client to Phoenix / Hbase on a cluster enabled with Kerberos.

SOLUTION: Please follow below working steps.

1. Create Jaas configuration file hbase.jaas on client machine.

Client { com.sun.security.auth.module.Krb5LoginModule required   
useKeyTab=false useTicketCache=true   
renewTicket=true serviceName="zookeeper"; 
keytab="" principal="" }; 

2. Copy kerberos config file from cluster nodes to local client machine (krb5.conf/krb5.ini)

3. Add below java options in Squirrel launcher script. [/Applications/SQuirreLSQL.app/Contents/MacOS/squirrel-sql.sh ]

-Djava.security.auth.login.config="/Users/gsharma/hbase/hbase.jaas" 
-Djava.security.krb5.conf="/Users/gsharma/hbase/krb5.conf" 

e.g

$JAVACMD -Xmx256m -cp "$CP" -Djava.security.auth.login.config="/Users/gsharma/hbase/hbase.jaas" -Djava.security.krb5.conf="/Users/gsharma/hbase/krb5.conf" $MACOSX_SQUIRREL_PROPS -splash:"$SQUIRREL_SQL_HOME/icons/splash.jpg" net.sourceforge.squirrel_sql.client.Main --log-config-file "$UNIX_STYLE_HOME"/log4j.properties --squirrel-home "$UNIX_STYLE_HOME" $NATIVE_LAF_PROP $SCRIPT_ARGS 

4. Download phoenix driver jar file [phoenix-version-client.jar] .

5. Download hdfs-site.xml,hbase-site.xml,core-site.xml files from hbase server to local client folder.

7. Open Squirrel UI and register Phoenix driver. (Put example url - jdbc:phoenix:1.openstacklocal:2181:/hbase-secure:hbase/5.openstacklocal@EXAMPLE.COM:/Users/gsharma/hbase/hbase.service.keytab)

8. Now create alias to connect to Hbase in squirrel UI using registered driver.

jdbc url example : jdbc:phoenix:1.openstacklocal:2181:/hbasesecure:hbase/5.openstacklocal@EXAMPLE.COM:/Users/gsharma/hbase/hbase.service.keytab 

Please note phoenix does not support windows path in keytab file path. So if we have keytab file under C:\Users\Hbase\hbase.service.keytab, we can use "/Users/Hbase/hbase.service.keytab" in JDBC URL.

9. Check if connection is successful.