28787
DISCUSSIONS
102102
MEMBERS
3161
ARTICLES
Created 08-24-2017 05:09 AM
I'm using Cloudera v5.4.9 enterprise edition.
I've enabled Kerberos on HBase, Kafka and Zookeeper and it's working great. I've created an HBase coprocessor that uses KafkaProducer to send events to a Kafka topic. Once again I got it working but I had to add a 'KafkaClient' block in the jaas.conf file to allow the HBase coprocessor to connect to Kafka using Kerberos.
ie.
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="hbase.keytab"
principal="hbase/<node>";
};
I had to manually add this on each HBase node and point HBase to use this jaas.conf file rather than use the generated one located in /var/run/cloudera/process/<HBase process directory>/jaas.conf.
ie. Add the following to Java Configuration Options for HBase Master and Region
-Djava.security.auth.login.config=/etc/hbase/jaasClientAndKafkaClient.conf
Is there a way to hook into when the jaas.conf file is generated and add this 'KafkaClient' into the jaas.conf file automatically?