Have you looked at http://hbase.apache.org/book.html#security ?
I noticed that DEBUG logging was not on in the log you posted earlier. Is it possible to turn on DEBUG logging and repeat the operation ? Thanks On Wed, Jun 15, 2016 at 2:12 AM, kumar r <kumarc...@gmail.com> wrote: > Hi Ted, > > Thanks for your reply. > > I cannot find anything in configuration. Can you tell me what might be root > cause for this issue? > > What will be major cause for acl command taking more than 30 seconds to > process. I cannot find anything other than this in hbase log. Is there any > documentation available to secure zookeeper and hbase with kerberos > properly? > > The same log occurs in normal cluster also and i have enabled > authorization. The same authorization command runs in 5 to 6 seconds. > > Thanks, > Kumar > > On Tue, Jun 14, 2016 at 7:59 PM, Ted Yu <yuzhih...@gmail.com> wrote: > > > bq. Opening socket connection to server machine2/192.168.60.3:2181. > Will > > not attempt to authenticate using SASL (unknown error) > > > > It seems connection to zookeeper might have some issue. > > Can you double check configuration ? > > > > On Mon, Jun 13, 2016 at 11:56 PM, kumar r <kumarc...@gmail.com> wrote: > > > > > Hi, > > > > > > Thanks for the reply. > > > > > > Please find the command and time took to process it, > > > > > > > > > > > > > > > > > > *hbase(main):006:0> grant 'Selva','RW','@default'0 row(s) in 11.8830 > > > secondshbase(main):007:0> revoke 'Selva','@default'0 row(s) in 32.4330 > > > seconds* > > > > > > Find my HBase log in below pastebin > > > > > > http://pastebin.com/MHMjhHuF > > > > > > > > > Thanks, > > > > > > Kumar > > > > > > > > > On Mon, Jun 13, 2016 at 7:42 PM, Ted Yu <yuzhih...@gmail.com> wrote: > > > > > > > Can you inspect master log for the corresponding 40 seconds to see if > > > there > > > > was some clue ? > > > > > > > > Feel free to pastebin the log snippet for this period if you cannot > > > > determine the cause. > > > > > > > > Cheers > > > > > > > > On Sun, Jun 12, 2016 at 10:19 PM, kumar r <kumarc...@gmail.com> > wrote: > > > > > > > > > Hi, > > > > > > > > > > I have configured secure HBase-1.1.3. Hadoop version using 2.7.2. > > > > > > > > > > I have enabled authorization in HBase. > > > > > > > > > > When executing any authorization command like user_permission, > grant, > > > > > revoke, > > > > > etc. > > > > > > > > > > Its getting more than 40 seconds to display the result. > > > > > > > > > > Below are hbase-site.xml configuration properties > > > > > > > > > > > > > > > <property> > > > > > <name>hbase.master</name> > > > > > <value>IP:60000</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.rootdir</name> > > > > > <value>hdfs://IP:9000/HBase</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.cluster.distributed</name> > > > > > <value>true</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.zookeeper.quorum</name> > > > > > <value>IP1:2181,IP2:2181,IP3:2181</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.master.port</name> > > > > > <value>60000</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.master.info.port</name> > > > > > <value>60010</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.regionserver.port</name> > > > > > <value>60020</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.regionserver.info.port</name> > > > > > <value>60030</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.security.authentication</name> > > > > > <value>KERBEROS</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.master.keytab.file</name> > > > > > <value>masterkeytab</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.regionserver.keytab.file</name> > > > > > <value>regionserverkeytab</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.master.kerberos.principal</name> > > > > > <value>masterprincipal</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.regionserver.kerberos.principal</name> > > > > > <value>regionserverprincipal</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.rpc.engine</name> > > > > > <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.ssl.enabled</name> > > > > > <value>true</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.superuser</name> > > > > > <value>@HadoopUser</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.security.authorization</name> > > > > > <value>true</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.coprocessor.master.classes</name> > > > > > > > > > > > <value>org.apache.hadoop.hbase.security.access.AccessController</value> > > > > > </property> > > > > > <property> > > > > > <name>hbase.coprocessor.region.classes</name> > > > > > > > > > > > > > > > > > > > > <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value> > > > > > </property> > > > > > > > > > > Find my stack overflow question here > > > > > > > > > > > > > > > http://stackoverflow.com/questions/37782043/hbase-acl-commands-are-too-slow > > > > > > > > > > Thanks, > > > > > > > > > > Kumar > > > > > > > > > > > > > > >