我们有一个在Liberty IBM WebSphere服务器上运行的Java应用程序,并尝试连接到HDP集群上的HBase以保留一些数据 .
现在我们面临着在HDP集群上连接到HBase(kerberized)的问题 .
我们已经能够通过Spark,Storm或在集群中运行的应用程序连接到HBase,但由于我们正处于集群外部而面临问题 .
我们尝试了多种方法并遵循这些链接https://community.hortonworks.com/articles/120858/connecting-to-kerberos-secured-hbase-cluster-from.html
基本上,我们已将conf从Hbase(hbase-site.xml,hdfs-site.xml和core-site.xml)复制到我们的应用程序类路径,并为我们的服务帐户用户复制了Keytab . 我们尝试了4种不同的方法
1)
使用了hbase.zookeeper.quorum和hbase.zookeeper.property.clientPort
和
我们的服务帐户用户原则名称和Keytab forUserGroupInformation.loginUserFromKeytab(principal,keytabLocation);
2)
使用了hbase.zookeeper.quorum和hbase.zookeeper.property.clientPort
和
HBASE主原则名称和Keytab forUserGroupInformation.loginUserFromKeytab(principal,keytabLocation);
3)
使用了hbase-site.xml,hdfs-site.xml和core-site.xml
和我们的
服务帐户用户原则名称和Keytab forUserGroupInformation.loginUserFromKeytab(principal,keytabLocation)
;
4)
使用了hbase-site.xml,hdfs-site.xml和core-site.xml clientPort
和
HBASE主服务帐户用户原则名称和Keytab forUserGroupInformation.loginUserFromKeytab(principal,keytabLocation);
附上以下代码段
public Connection getHBaseConnection() throws IOException, InterruptedException {
final Configuration configuration = HBaseConfiguration.create();
//configuration.set(HBASE_ZOOKEEPER_PROPERTY_CLIENT_PORT, environment.getProperty(HBASE_ZOOKEEPER_PROPERTY_CLIENT_PORT));
//configuration.set(HBASE_ZOOKEEPER_QUORUM, environment.getProperty(HBASE_ZOOKEEPER_QUORUM));
//configuration.set(ZOOKEEPER_ZNODE_PARENT, environment.getProperty(ZOOKEEPER_ZNODE_PARENT)); */
configuration.addResource(getClass().getResourceAsStream(CORE_SITE_PATH));
configuration.addResource(getClass().getResourceAsStream(HBASE_SITE_PATH));
configuration.addResource(getClass().getResourceAsStream(HDFS_SITE_PATH));
configuration.set("hadoop.security.authentication", "kerberos");
configuration.set("hbase.security.authentication", "kerberos");
configuration.set("hbase.cluster.distributed", "true");
configuration.set("hbase.rpc.protection", "authentication");
//System.setProperty("java.security.auth.login.config", "src/main/resources/sbx/hbase_client_jaas.conf");
//System.setProperty("java.security.krb5.conf","src/main/resources/sbx/krb5.conf");
//System.setProperty("sun.security.krb5.debug", "false");
//System.setProperty("java.security.krb5.realm", "HDP.SANDBOX.LOCAL");
//System.setProperty("java.security.krb5.kdc", "shared-serverbox-01.sandbox.local");
configuration.set("hbase.master.kerberos.principal", "hbase/_HOST@HDP.SANDBOX.LOCAL");
configuration.set("hbase.master.keytab.file", "src/main/resources/sbx/hbase.service.keytab");
configuration.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@HDP.SANDBOX.LOCAL");
configuration.set("hbase.regionserver.keytab.file", "src/main/resources/sbx/hbase.service.keytab");
String keyTab = "src/main/resources/pasusr.keytab";
String principle = environment.getProperty(PRINCIPAL);
String keyTabHbase = "src/main/resources/sbx/hbase.service.keytab" ;
String principleHbase = "hbase/shared-serverbox-01.sandbox.localT@HDP.SANDBOX.LOCAL";
UserGroupInformation.setConfiguration(configuration);
UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principleHbase, keyTabHbase);
UserGroupInformation.setLoginUser(ugi);
return ugi.doAs(new PrivilegedExceptionAction<Connection>() {
@Override
public Connection run() throws IOException {
Connection connection = ConnectionFactory.createConnection(configuration);
System.out.println("Connected " + connection);
return connection;
}
});
}