Support Questions

Find answers, ask questions, and share your expertise

cant create HBASE table

avatar
Super Collaborator

since I have installed Ranger I cant create a table in HBASE using the following command, see the error below also.

even though HBASE ranger plugin is not enabled . I have the Kerberos ticket

16/12/16 10:29:56 INFO mapreduce.HBaseImportJob: Creating missing HBase table AUDIT_TOUR
16/12/16 10:29:56 ERROR tool.ImportTool: Encountered IOException running import job: org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=sami@abc.com, scope=default, params=[namespace=default,table=default:AUDIT_TOUR,family=TOUR],action=CREATE)
        at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:624)
        at org.apache.hadoop.hbase.security.access.AccessController.preCreateTable(AccessController.java:993)
        at org.apache.hadoop.hbase.master.MasterCoprocessorHost$11.call(MasterCoprocessorHost.java:222)

command issued

sqoop import --connect "jdbc:oracle:thin:@(description=(address=(protocol=tcp)(host=patronQA)(port=1526))(connect_data=(service_name=patron)))" --username PATRON --password XXXX --table PATRON.AUDIT_TOUR_SMALL --hbase-table AUDIT_TOUR --column-family TOUR --hbase-row-key "TOUR_ID" --hbase-create-table --columns "PLAZA_ID,REV_DAY_ID,LANE_ID,HOST_EMP_ID" -m 1
1 ACCEPTED SOLUTION

avatar
Super Collaborator

Since you have enabled kerberos, you need to grant permissions in HBase. Use hbase shell with grant command for that.

View solution in original post

11 REPLIES 11

avatar
New Contributor

I looked at the other blog and compared it and found the difference.

After the new operation, it can be operated

HBase SQL statement fails with Insufficient permissions for user

[root@m1 ~]# klist -ket /etc/security/keytabs/hbase.service.keytab 
Keytab name: FILE:/etc/security/keytabs/hbase.service.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (des-cbc-md5) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (des3-cbc-sha1) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (arcfour-hmac) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (aes256-cts-hmac-sha1-96) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (aes128-cts-hmac-sha1-96) 
[root@m1 ~]# kinit -kt /etc/security/keytabs/hbase.service.keytab hbase/m1.node.hadoop@TENDATA.CN
[root@m1 ~]# klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hbase/m1.node.hadoop@TENDATA.CN
Valid starting       Expires              Service principal
09/20/2017 16:23:53  09/21/2017 16:23:53  krbtgt/TENDATA.CN@TENDATA.CN
[root@m1 ~]# 
[root@m1 ~]# hbase shell
HBase Shell; enter 'help<RETURN>' for list of supported commands.
Type "exit<RETURN>" to leave the HBase Shell
Version 1.1.2.2.5.3.0-37, rcb8c969d1089f1a34e9df11b6eeb96e69bcf878d, Tue Nov 29 18:48:22 UTC 2016
hbase(main):001:0> 
hbase(main):002:0* 
hbase(main):003:0* create 't1', 'f1'
0 row(s) in 2.5960 seconds
=> Hbase::Table - t1
hbase(main):004:0> list
TABLE                                                                                                    
t1                                                                                                            
1 row(s) in 0.0200 seconds
=> ["t1"]
hbase(main):005:0> 

The key is to get the KGT without domain and result in failure

kinit -kt /etc/security/keytabs/hbase.service.keytab hbase/m1.node.hadoop@TENDATA.CN

avatar
New Contributor

I looked at the other blog and compared it and found the difference.

After the new operation, it can be operated

HBase SQL statement fails with Insufficient permissions for user

[root@m1 ~]# klist -ket /etc/security/keytabs/hbase.service.keytab 
Keytab name: FILE:/etc/security/keytabs/hbase.service.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (des-cbc-md5) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (des3-cbc-sha1) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (arcfour-hmac) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (aes256-cts-hmac-sha1-96) 
   1 11/16/2016 13:50:24 hbase/m1.node.hadoop@TENDATA.CN (aes128-cts-hmac-sha1-96) 
[root@m1 ~]# kinit -kt /etc/security/keytabs/hbase.service.keytab hbase/m1.node.hadoop@TENDATA.CN
[root@m1 ~]# klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hbase/m1.node.hadoop@TENDATA.CN




Valid starting       Expires              Service principal
09/20/2017 16:23:53  09/21/2017 16:23:53  krbtgt/TENDATA.CN@TENDATA.CN
[root@m1 ~]# 




[root@m1 ~]# hbase shell
HBase Shell; enter 'help<RETURN>' for list of supported commands.
Type "exit<RETURN>" to leave the HBase Shell
Version 1.1.2.2.5.3.0-37, rcb8c969d1089f1a34e9df11b6eeb96e69bcf878d, Tue Nov 29 18:48:22 UTC 2016




hbase(main):001:0> 
hbase(main):002:0* 
hbase(main):003:0* create 't1', 'f1'
0 row(s) in 2.5960 seconds




=> Hbase::Table - t1
hbase(main):004:0> list
TABLE                                                                                                    
t1                                                                                                            
1 row(s) in 0.0200 seconds




=> ["t1"]
hbase(main):005:0> 



The key is to get the KGT without domain and result in failure

kinit -kt /etc/security/keytabs/hbase.service.keytab hbase/m1.node.hadoop@TENDATA.CN