Hi, Assuming your both clusters have the proper cross realm authentication and ZK and ZooKeeper has the right zookeeper.security.auth_to_local rules configured (same as the ones from Hadoop) you shouldn't have that problem. Also, your krb5. should have the proper mappings between hostnames and realms in the [domain_realm] section.
cheers, esteban. -- Cloudera, Inc. On Mon, Aug 1, 2016 at 11:34 AM, maychau <phuong.c...@thomsonreuters.com> wrote: > Hello everyone, > > I'm trying to write a Scala application to test HBase replication on > secured > (Kerberized) clusters. I'm using Cloudera CDH5.5.2 version. My keytab is > hbase user. The program did pickup the keytab and is able to log in with it > based on INFO message, however I'm getting error "KeeperErrorCode = NoAuth > for /hbase/replication/peers". Does anyone know why it is not able to > access > that znode using hbase keytab even though I believe it should be able to as > that work through hbase zkcli shell client. > > def main(args: Array[String]) { > val conf = HBaseConfiguration.create() > > val keytab = "path_to_hbase.keytab" > val principle = "<actual_hbase_principle_here>" > System.setProperty("java.security.auth.login.config", > "path_to_jaas.conf_file"); > > UserGroupInformation.setConfiguration(conf) > UserGroupInformation.loginUserFromKeytab(principle, keytab) > > val connection = ConnectionFactory.createConnection(conf) > > //FAILED HERE WHEN TRYING TO CONNECT TO ZK TO GET CHILDREN NODE > val replAdmin = new ReplicationAdmin(conf) > } > > [main] INFO org.apache.hadoop.security.UserGroupInformation - Login > successful for user <KEYTABUSER> using keytab file <path_to_hbase.keytab> > > [main-EventThread] INFO org.apache.zookeeper.ClientCnxn - EventThread shut > down > Exception in thread "main" java.io.IOException: Error initializing the > replication admin client. > at > > org.apache.hadoop.hbase.client.replication.ReplicationAdmin.<init>(ReplicationAdmin.java:151) > at com.thomsonreuters.bigdata.HbaseTest$.main(HbaseTest.scala:201) > at com.thomsonreuters.bigdata.HbaseTest.main(HbaseTest.scala) > Caused by: org.apache.hadoop.hbase.replication.ReplicationException: Error > getting the list of peer clusters. > at > > org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.addExistingPeers(ReplicationPeersZKImpl.java:361) > at > > org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.init(ReplicationPeersZKImpl.java:104) > at > > org.apache.hadoop.hbase.client.replication.ReplicationAdmin.<init>(ReplicationAdmin.java:132) > ... 2 more > Caused by: org.apache.zookeeper.KeeperException$NoAuthException: > KeeperErrorCode = NoAuth for /hbase/replication/peers > at > org.apache.zookeeper.KeeperException.create(KeeperException.java:113) > at > org.apache.zookeeper.KeeperException.create(KeeperException.java:51) > at org.apache.zookeeper.ZooKeeper.getChildren(ZooKeeper.java:1472) > at > > org.apache.hadoop.hbase.zookeeper.RecoverableZooKeeper.getChildren(RecoverableZooKeeper.java:296) > at > > org.apache.hadoop.hbase.zookeeper.ZKUtil.listChildrenNoWatch(ZKUtil.java:575) > at > > org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.addExistingPeers(ReplicationPeersZKImpl.java:359) > ... 4 more > > Thank you > > > > -- > View this message in context: > http://apache-hbase.679495.n3.nabble.com/HBase-replication-on-secured-clusters-tp4081486.html > Sent from the HBase User mailing list archive at Nabble.com. >