Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Replication from insecure HBase cluster to a secure HBase cluster(using Kerberos)

Replication from insecure HBase cluster to a secure HBase cluster(using Kerberos)

New Contributor

Hello all,

       

          Recentlly I met a problem about HBase replication configuration. Is it possible to replicate data from a normal HBase(authentication = simple) to a secure HBase (authentication = kerberos).   ?

 

          I`m using HBase (hbase-0.94.2-cdh4.2.0) on Hadoop (hadoop-2.0.0-cdh4.2.0). I have two HBase cluster--A, B, they are on different Hadoop cluster, using different namenode and zookeeper.quorum. 

 

         Now, the Cluster A is a insecure Cluster ,which means the hbase.security.authentication is default. But Cluster B is a secure HBase, it is using kerberos for hbase.security.authentication. 

 

        Now my problem is, I hope A can replicate its table to B, using HBase Replication. Is is possible to make it ?

 

       By the way, I saw the "Configuring Secure HBase Replication" chapter in CDH4 Security Guide, but I found that guide is talking about  "two realms". Now I have only one HBase cluster with Kerberos, the other one is an insecure HBase with simple authentification. I want to make a master-slave replication with the insecure HBase as the master, and the secure HBase as slave. How can I do that?

 

 

 

        

2 REPLIES 2

Re: Replication from insecure HBase cluster to a secure HBase cluster(using Kerberos)

Master Guru
This is currently not possible to do today. For the replication RPCs to reach the secured destination, authentication via kerberos would be required, which the unsecured source will not attempt cause it is not configured to do so.
Highlighted

Re: Replication from insecure HBase cluster to a secure HBase cluster(using Kerberos)

Explorer

Is it possible now?

 

We have two unsecured HBase clusters with replication set up between them (active-active replication). They're in different data centers (thus different Hadoop and Zookeeper clusters). We want to enable Kerberos on both of them. However, we can only upgrade them one by one. So there's a time range that one becomes secured and the other one is still unsecured.

 

To mitigate the impact on users, I think we need this feature.