Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Error accessing Hbase with java on kerberized cluster,Having issue acessing Hbase in java

Labels:
koffitse
Explorer

Created ‎05-22-2018 07:31 PM

Hi,

i'm trying to acces hbase table with java on a secured hadoop cluster.

I used all the instructions from this URL: kerberized cluster.

When i run the application, everything is ok until i start scanning a table. I get the following errors:

2018-05-22 18:45:44.240 ERROR 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : PriviledgedActionException as:hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]
2018-05-22 18:45:44.249  INFO 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : Initiating logout for hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL
2018-05-22 18:45:44.251  INFO 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : Initiating re-login for hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL
2018-05-22 18:45:49.810 ERROR 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : PriviledgedActionException as:hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
2018-05-22 18:45:49.815  WARN 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 600 seconds before.

I don't know what is wrong in my code.

Here is the configuration code:

Configuration config = HBaseConfiguration.create();

        //config.set("hbase.zookeeper.quorum", "bigdata02.orangemali.local,bigdata04.orangemali.local,bigdata03.orangemali.local,bigdatamaster.orangemali.local");
        config.set("hbase.zookeeper.quorum", "bigdatamaster02.orangemali.local,bigdatamaster01.orangemali.local,bigdataedge01.orangemali.local");
        config.set("hbase.zookeeper.property.clientPort", "2181");
        config.set("hbase.cluster.distributed", "true");
        config.set("zookeeper.znode.parent", "/hbase-secure");
        config.set("hbase.client.scanner.timeout.period", "600000");
        //config.set("hadoop.http.staticuser.user", "srv_bigdata_bp");
        config.set("hbase.rpc.timeout", "600000");

        // Zookeeper quorum
        //config.set("hbase.zookeeper.quorum", "bigdatamaster02.orangemali.local,bigdatamaster01.orangemali.local,bigdataedge01.orangemali.local");
        //configuration.set("hbase.zookeeper.quorum", "node01.hortonworks.com,node02.hortonworks.com,node03.hortonworks.com");
     //   config.set("hbase.zookeeper.property.clientPort", "2181");
        config.set("hadoop.security.authentication", "kerberos");
        config.set("hbase.security.authentication", "kerberos");
        config.set("hbase.cluster.distributed", "true");

        // check this setting on HBase side
        config.set("hbase.rpc.protection", "authentication");

        //what principal the master/region. servers use.
        config.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@ORANGEMALI.LOCAL");
        config.set("hbase.regionserver.keytab.file", "src/main/resources/hbase.service.keytab");

        // this is needed even if you connect over rpc/zookeeper
        config.set("hbase.master.kerberos.principal", "hbase/_HOST@ORANGEMALI.LOCAL");
        config.set("hbase.master.keytab.file", "src/main/resources/hbase.service.keytab");

        System.setProperty("java.security.krb5.conf", "src/main/resources/krb5.conf");
        // Enable/disable krb5 debugging 
        System.setProperty("sun.security.krb5.debug", "false");

       String principal = System.getProperty("kerberosPrincipal", "hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL");
       String keytabLocation = System.getProperty("kerberosKeytab", "src/main/resources/hbase.service.keytab");

        // kinit with principal and keytab
        UserGroupInformation.setConfiguration(config);
         try {
        UserGroupInformation.loginUserFromKeytab(principal, keytabLocation);
   
            
        } catch (Exception e) {
            //Logger.getRootLogger().setLevel(Level.DEBUG);
             System.out.println(e.getMessage());
        }

A help will be really appreciated.

,

Hi,

i'm trying to acces hbase table with java on a secured hadoop cluster.

I used all the instructions from this URL: kerberized cluster.

When i run the application, everything is ok until i start scanning a table. I get the following errors:

2018-05-22 18:45:44.240 ERROR 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : PriviledgedActionException as:hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]
2018-05-22 18:45:44.249  INFO 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : Initiating logout for hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL
2018-05-22 18:45:44.251  INFO 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : Initiating re-login for hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL
2018-05-22 18:45:49.810 ERROR 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : PriviledgedActionException as:hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
2018-05-22 18:45:49.815  WARN 3896 --- [nio-7070-exec-1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 600 seconds before.

I don't know what is wrong in my code.

Here is the configuration code:

Configuration config = HBaseConfiguration.create();

        //config.set("hbase.zookeeper.quorum", "bigdata02.orangemali.local,bigdata04.orangemali.local,bigdata03.orangemali.local,bigdatamaster.orangemali.local");
        config.set("hbase.zookeeper.quorum", "bigdatamaster02.orangemali.local,bigdatamaster01.orangemali.local,bigdataedge01.orangemali.local");
        config.set("hbase.zookeeper.property.clientPort", "2181");
        config.set("hbase.cluster.distributed", "true");
        config.set("zookeeper.znode.parent", "/hbase-secure");
        config.set("hbase.client.scanner.timeout.period", "600000");
        //config.set("hadoop.http.staticuser.user", "srv_bigdata_bp");
        config.set("hbase.rpc.timeout", "600000");

        // Zookeeper quorum
        //config.set("hbase.zookeeper.quorum", "bigdatamaster02.orangemali.local,bigdatamaster01.orangemali.local,bigdataedge01.orangemali.local");
        //configuration.set("hbase.zookeeper.quorum", "node01.hortonworks.com,node02.hortonworks.com,node03.hortonworks.com");
     //   config.set("hbase.zookeeper.property.clientPort", "2181");
        config.set("hadoop.security.authentication", "kerberos");
        config.set("hbase.security.authentication", "kerberos");
        config.set("hbase.cluster.distributed", "true");

        // check this setting on HBase side
        config.set("hbase.rpc.protection", "authentication");

        //what principal the master/region. servers use.
        config.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@ORANGEMALI.LOCAL");
        config.set("hbase.regionserver.keytab.file", "src/main/resources/hbase.service.keytab");

        // this is needed even if you connect over rpc/zookeeper
        config.set("hbase.master.kerberos.principal", "hbase/_HOST@ORANGEMALI.LOCAL");
        config.set("hbase.master.keytab.file", "src/main/resources/hbase.service.keytab");

        System.setProperty("java.security.krb5.conf", "src/main/resources/krb5.conf");
        // Enable/disable krb5 debugging 
        System.setProperty("sun.security.krb5.debug", "false");

       String principal = System.getProperty("kerberosPrincipal", "hbase/bigdatamaster01.orangemali.local@ORANGEMALI.LOCAL");
       String keytabLocation = System.getProperty("kerberosKeytab", "src/main/resources/hbase.service.keytab");

        // kinit with principal and keytab
        UserGroupInformation.setConfiguration(config);
         try {
        UserGroupInformation.loginUserFromKeytab(principal, keytabLocation);
   
            
        } catch (Exception e) {
            //Logger.getRootLogger().setLevel(Level.DEBUG);
             System.out.println(e.getMessage());
        }

A help will be really appreciated.

1,312 Views
0 Kudos
1 REPLY 1

elserj
Guru

Created ‎05-23-2018 02:00 PM 

GSS initiate failed [CausedbyGSSException:No valid credentials provided (Mechanism level:Server not found in Kerberos database (7))]

You need to check the forward and reverse DNS lookups for the hosts in your cluster, in addition to the names you provided in the HBase service principals (e.g. hbase/<host>@REALM).

This is saying that the hostname of the server your client is trying to talk to doesn't exist. This happens commonly when your forward and reverse DNS lookups are inconsistent.

971 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
What's New @ Cloudera
Cloudera Machine Learning launches "Add Data" feature to simplify data ingestion
What's New @ Cloudera
Simplify Data Access with Custom Connection Support in CML
View More Announcements