Support Questions
Find answers, ask questions, and share your expertise

how to resolve Hbase Client Kerberos expired every day

Expert Contributor

there is an application to connect kerberos hbase  , but the hbase client won't connect hbase after one day cause client kerberos connection expired .

 

the java code is below:

 

 

System.setProperty("java.security.krb5.conf", "/tmp/krb5.conf");
        Configuration conf = HBaseConfiguration.create();
        conf.set("hadoop.security.authentication", "kerberos");
        conf.set("hbase.security.authentication", "kerberos");
        conf.setInt("hbase.client.retries.number", 3);
        conf.set("hbase.zookeeper.quorum", "10.203.0.26,10.203.0.27,10.203.3.76");
        conf.set("hbase.zookeeper.property.clientPort", "2181");
        conf.set("hbase.master.kerberos.principal", "hbase/_HOST@OYOHOTELS.CN");
        conf.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@OYOHOTELS.CN");
        UserGroupInformation.setConfiguration(conf);
        UserGroupInformation.loginUserFromKeytab("hbase@OYOHOTELS.CN", "/tmp/hbase.keytab");
        Connection conn = ConnectionFactory.createConnection(conf);

 

 

 

developer has checked the hbase client code, and find there is a parameter : hadoop.kerberos.keytab.login.autorenewal.enabled, if this parameter set true in core-site.xml , then it will re-login after the kerberos expired. 

 

 

 

/**
 * 
 * <a href="{@docRoot}/../hadoop-project-dist/hadoop-common/core-default.xml">
 * core-default.xml</a>
 */
public static final String HADOOP_KERBEROS_KEYTAB_LOGIN_AUTORENEWAL_ENABLED =
        "hadoop.kerberos.keytab.login.autorenewal.enabled";
/** Default value for HADOOP_KERBEROS_KEYTAB_LOGIN_AUTORENEWAL_ENABLED. */
public static final boolean
        HADOOP_KERBEROS_KEYTAB_LOGIN_AUTORENEWAL_ENABLED_DEFAULT = false;

 

my question is : I haven't found this parameter in hbase documents or CDH documents , this parameter can resolve  this issue or not ?

 

if not, how to resolve hbase client kerberos connection issue?

0 REPLIES 0