- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
cant create HBASE table
Created 12-16-2016 03:37 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
since I have installed Ranger I cant create a table in HBASE using the following command, see the error below also.
even though HBASE ranger plugin is not enabled . I have the Kerberos ticket
16/12/16 10:29:56 INFO mapreduce.HBaseImportJob: Creating missing HBase table AUDIT_TOUR 16/12/16 10:29:56 ERROR tool.ImportTool: Encountered IOException running import job: org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=sami@abc.com, scope=default, params=[namespace=default,table=default:AUDIT_TOUR,family=TOUR],action=CREATE) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:624) at org.apache.hadoop.hbase.security.access.AccessController.preCreateTable(AccessController.java:993) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$11.call(MasterCoprocessorHost.java:222)
command issued
sqoop import --connect "jdbc:oracle:thin:@(description=(address=(protocol=tcp)(host=patronQA)(port=1526))(connect_data=(service_name=patron)))" --username PATRON --password XXXX --table PATRON.AUDIT_TOUR_SMALL --hbase-table AUDIT_TOUR --column-family TOUR --hbase-row-key "TOUR_ID" --hbase-create-table --columns "PLAZA_ID,REV_DAY_ID,LANE_ID,HOST_EMP_ID" -m 1
Created 12-16-2016 05:02 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since you have enabled kerberos, you need to grant permissions in HBase. Use hbase shell with grant command for that.
Created 12-16-2016 04:18 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
user "sami@abc.com" does not have permissions to create table in HBase. you need to set these permissions for this user in Ranger.
Created 12-16-2016 04:22 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
but ranger plugin for HBASE is not enabled , why Ranger permissions to be set then ?
and the HBASE security tab in Ranger is disabled for this reason . its not letting me set any privileges .
Created 12-16-2016 06:44 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried to add privileges from HBASE its not letting me .
hbase(main):003:0> [hdfs@hadoop1 ~]$ kinit hive Password for hive@abc.com: [hdfs@hadoop1 ~]$ [hdfs@hadoop1 ~]$ [hdfs@hadoop1 ~]$ hbase shell HBase Shell; enter 'help<RETURN>' for list of supported commands. Type "exit<RETURN>" to leave the HBase Shell Version 1.1.2.2.5.0.0-1245, r53538b8ab6749cbb6fdc0fe448b89aa82495fb3f, Fri Aug 26 01:32:27 UTC 2016 hbase(main):001:0> whoami hive@abc.com (auth:KERBEROS) groups: hadoop hbase(main):002:0> grant 'sami', 'RWXCA' ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=hive@abc.com, scope=GLOBAL, action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:438) at org.apache.hadoop.hbase.security.access.AccessController.grant(AccessController.java:2216) at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.grant(AccessControlProtos.java:9933) at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10097) at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:7716) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:1895) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:1877) at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:32299) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2127) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:107) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:133) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:108) at java.lang.Thread.run(Thread.java:745) Here is some help for this command: Grant users specific rights. Syntax : grant <user> <permissions> [<@namespace> [<table> [<column family> [<column qualifier>]]] permissions is either zero or more letters from the set "RWXCA". READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A') Note: Groups and users are granted access in the same way, but groups are prefixed with an '@' character. In the same way, tables and namespaces are specified, but namespaces are prefixed with an '@' character. For example:
Created 12-16-2016 05:02 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since you have enabled kerberos, you need to grant permissions in HBase. Use hbase shell with grant command for that.
Created 12-16-2016 06:03 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you please give me an example on how ?
also whats the role of HBASE ranger plugin if without it being enabled we still need to grant privileges?
Created 12-16-2016 07:01 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you need to use the same command
grant 'sami', 'RWXCA'
but you need to run hbase shell with hbase kerberos ticket. Ranger is centralized platform to manage security on your cluster at one place.
Created 12-16-2016 06:50 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are not using ranger hbase policies to grant permission then you will have to use hbase shell to grant the permission. Forexample,
- R - represents read privilege.
- W - represents write privilege.
- X - represents execute privilege.
- C - represents create privilege.
- A - represents admin privilege.
hbase(main):018:0> grant 'sami','RWXCA','default'
Created 12-16-2016 09:59 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this did the trick ..
[root@hadoop1 ~]# klist -kte /etc/security/keytabs/hbase.headless.keytab Keytab name: FILE:/etc/security/keytabs/hbase.headless.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 11/30/16 14:40:25 hbase-fdot_hadoop@TOLLS.DOT.STATE.FL.US (arcfour-hmac) 1 11/30/16 14:40:25 hbase-fdot_hadoop@TOLLS.DOT.STATE.FL.US (des3-cbc-sha1) 1 11/30/16 14:40:25 hbase-fdot_hadoop@TOLLS.DOT.STATE.FL.US (aes256-cts-hmac-sha1-96) 1 11/30/16 14:40:25 hbase-fdot_hadoop@TOLLS.DOT.STATE.FL.US (des-cbc-md5) 1 11/30/16 14:40:25 hbase-fdot_hadoop@TOLLS.DOT.STATE.FL.US (aes128-cts-hmac-sha1-96) kinit -kt /etc/security/keytabs/hbase.headless.keytab hbase-fdot_hadoop hbase(main):002:0> grant 'sami', 'RWXCA' 0 row(s) in 0.4040 seconds hbase(main):003:0> exit [root@hadoop1 ~]#
Created 09-15-2017 03:30 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[root@m1 ~]# klist -kte /etc/security/keytabs/hbase.headless.keytab Keytab name: FILE:/etc/security/keytabs/hbase.headless.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 11/16/2016 13:50:23 hbase-tdh@TENDATA.CN (des-cbc-md5) 1 11/16/2016 13:50:23 hbase-tdh@TENDATA.CN (des3-cbc-sha1) 1 11/16/2016 13:50:23 hbase-tdh@TENDATA.CN (arcfour-hmac) 1 11/16/2016 13:50:23 hbase-tdh@TENDATA.CN (aes256-cts-hmac-sha1-96) 1 11/16/2016 13:50:23 hbase-tdh@TENDATA.CN (aes128-cts-hmac-sha1-96) [root@m1 ~]# [root@m1 ~]# kinit -kt /etc/security/keytabs/hbase.headless.keytab hbase-tdh kinit: Password incorrect while getting initial credentials
I did as you did, but there were mistakes.
What am I supposed to do
