hi, Andrew, I didn't setup the keytabs as the current setup is using a firewall instead of kerberos. so only use the authorization feature of hbase, and not authentication at this moment. A long story about why. :-(
Anyway, I got a tip here http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH4/4.3.0/CDH4-Security-Guide/cdh4sg_topic_8_2.html and add this property on hbase-site.xml (I think that is different between 94 and 98) <property> <name>hbase.rpc.engine</name> <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value> </property> And now hbase can start and I am able to grant auth like: ---------- hbase(main):004:0> grant 'dn','R','t1_dn' 0 row(s) in 0.0700 seconds hbase(main):005:0> user_permission 't1_dn' User Table,Family,Qualifier:Permission demai t1_dn,,: [Permission: actions=READ,WRITE] dn t1_dn,,: [Permission: actions=READ] --------- Demai On Fri, Jun 20, 2014 at 10:11 AM, Andrew Purtell <[email protected]> wrote: > Have you set up keytabs for the server processes? > > > On Thu, Jun 19, 2014 at 9:40 PM, Demai Ni <[email protected]> wrote: > > > hi, folks, > > > > I am able to recreate the same error on another single node cluster. > > > > RS log pasted here: http://pastebin.com/iP9Mrz2T > > and > > hbase-site.xml is here: http://pastebin.com/ppnqfwGR > > > > the only thing changes is by adding the following property per > > http://hbase.apache.org/book/hbase.accesscontrol.configuration.html > > <property> > > <name>hbase.coprocessor.master.classes</name> > > > > <value>org.apache.hadoop.hbase.security.access.AccessController</value> > > </property> > > <property> > > <name>hbase.coprocessor.region.classes</name> > > <value>org.apache.hadoop.hbase.security.token.TokenProvider, > > > org.apache.hadoop.hbase.security.access.AccessController</value> > > </property> > > > > the same setting works on another hbase 98.2 cluster. So I am wondering > > what's missing here. > > > > BTW, I didn't follow the instruction here: > > http://hbase.apache.org/book/zk.sasl.auth.html for zookeeper as no > > Authentication is needed on this cluster. > > > > Any suggestion or pointers? > > > > Demai > > > > > > On Thu, Jun 19, 2014 at 2:59 PM, Enoch Hsu <[email protected]> wrote: > > > > > > > > > > > Hi All, > > > > > > I am running HBase 0.94.3 and trying to get ACL working on a single > node > > > cluster. I followed the steps in > > > http://hbase.apache.org/book/hbase.accesscontrol.configuration.html > step > > > 8.4.3 and added those 2 properties to my hbase-site.xml > > > After stopping and starting hbase, my regionserver is dying with > > following > > > error/stack trace > > > > > > 2014-06-19 14:51:00,430 WARN > > > org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler: > Exception > > > running postOpenDeployTasks; region=1028785192 > > > org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException: > > Failed > > > 1 action: org.apache.hadoop.hbase.security.AccessDeniedException: > > > Insufficient permissions (table=-ROOT-, family: info, action=WRITE) > > > at > > > > > > org.apache.hadoop.hbase.security.access.AccessController.requirePermission > > > (AccessController.java:471) > > > at > > org.apache.hadoop.hbase.security.access.AccessController.prePut > > > (AccessController.java:878) > > > at > > > org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.prePut > > > (RegionCoprocessorHost.java:800) > > > at > org.apache.hadoop.hbase.regionserver.HRegion.doPreMutationHook > > > (HRegion.java:2046) > > > at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate > > > (HRegion.java:2022) > > > at org.apache.hadoop.hbase.regionserver.HRegionServer.multi > > > (HRegionServer.java:3573) > > > at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source) > > > at sun.reflect.DelegatingMethodAccessorImpl.invoke > > > (DelegatingMethodAccessorImpl.java:37) > > > at java.lang.reflect.Method.invoke(Method.java:611) > > > at org.apache.hadoop.hbase.ipc.WritableRpcEngine$Server.call > > > (WritableRpcEngine.java:364) > > > at org.apache.hadoop.hbase.ipc.HBaseServer$Handler.run > > > (HBaseServer.java:1426) > > > : 1 time, servers with issues: bdvm081.svl.ibm.com:60020, > > > at org.apache.hadoop.hbase.client.HConnectionManager > > > $HConnectionImplementation.processBatchCallback > > > (HConnectionManager.java:1624) > > > at org.apache.hadoop.hbase.client.HConnectionManager > > > $HConnectionImplementation.processBatch(HConnectionManager.java:1400) > > > at org.apache.hadoop.hbase.client.HTable.flushCommits > > > (HTable.java:915) > > > at org.apache.hadoop.hbase.client.HTable.doPut(HTable.java:771) > > > at org.apache.hadoop.hbase.client.HTable.put(HTable.java:746) > > > at org.apache.hadoop.hbase.catalog.MetaEditor.put > > > (MetaEditor.java:99) > > > at org.apache.hadoop.hbase.catalog.MetaEditor.putToCatalogTable > > > (MetaEditor.java:89) > > > at org.apache.hadoop.hbase.catalog.MetaEditor.updateLocation > > > (MetaEditor.java:260) > > > at > org.apache.hadoop.hbase.catalog.MetaEditor.updateMetaLocation > > > (MetaEditor.java:222) > > > at > > > org.apache.hadoop.hbase.regionserver.HRegionServer.postOpenDeployTasks > > > (HRegionServer.java:1757) > > > at > org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler > > > $PostOpenDeployTasksThread.run(OpenRegionHandler.java:242) > > > > > > Any ideas on what is causing this and how to fix? > > > > > > I also tried adding hbase.superuser but that also did not work. > > > > > > Thanks, > > > Enoch Hsu > > > > > > -- > Best regards, > > - Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White) >
