Hi,
Assuming your both clusters have the proper cross realm authentication and
ZK and ZooKeeper has the right zookeeper.security.auth_to_local rules
configured (same as the ones from Hadoop) you shouldn't have that problem.
Also, your krb5. should have the proper mappings between hostnames and
realms in the [domain_realm] section.
cheers,
esteban.
--
Cloudera, Inc.
On Mon, Aug 1, 2016 at 11:34 AM, maychau <phuong.c...@thomsonreuters.com>
wrote:
> Hello everyone,
>
> I'm trying to write a Scala application to test HBase replication on
> secured
> (Kerberized) clusters. I'm using Cloudera CDH5.5.2 version. My keytab is
> hbase user. The program did pickup the keytab and is able to log in with it
> based on INFO message, however I'm getting error "KeeperErrorCode = NoAuth
> for /hbase/replication/peers". Does anyone know why it is not able to
> access
> that znode using hbase keytab even though I believe it should be able to as
> that work through hbase zkcli shell client.
>
> def main(args: Array[String]) {
> val conf = HBaseConfiguration.create()
>
> val keytab = "path_to_hbase.keytab"
> val principle = "<actual_hbase_principle_here>"
> System.setProperty("java.security.auth.login.config",
> "path_to_jaas.conf_file");
>
> UserGroupInformation.setConfiguration(conf)
> UserGroupInformation.loginUserFromKeytab(principle, keytab)
>
> val connection = ConnectionFactory.createConnection(conf)
>
> //FAILED HERE WHEN TRYING TO CONNECT TO ZK TO GET CHILDREN NODE
> val replAdmin = new ReplicationAdmin(conf)
> }
>
> [main] INFO org.apache.hadoop.security.UserGroupInformation - Login
> successful for user <KEYTABUSER> using keytab file <path_to_hbase.keytab>
>
> [main-EventThread] INFO org.apache.zookeeper.ClientCnxn - EventThread shut
> down
> Exception in thread "main" java.io.IOException: Error initializing the
> replication admin client.
> at
>
> org.apache.hadoop.hbase.client.replication.ReplicationAdmin.<init>(ReplicationAdmin.java:151)
> at com.thomsonreuters.bigdata.HbaseTest$.main(HbaseTest.scala:201)
> at com.thomsonreuters.bigdata.HbaseTest.main(HbaseTest.scala)
> Caused by: org.apache.hadoop.hbase.replication.ReplicationException: Error
> getting the list of peer clusters.
> at
>
> org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.addExistingPeers(ReplicationPeersZKImpl.java:361)
> at
>
> org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.init(ReplicationPeersZKImpl.java:104)
> at
>
> org.apache.hadoop.hbase.client.replication.ReplicationAdmin.<init>(ReplicationAdmin.java:132)
> ... 2 more
> Caused by: org.apache.zookeeper.KeeperException$NoAuthException:
> KeeperErrorCode = NoAuth for /hbase/replication/peers
> at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
> at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
> at org.apache.zookeeper.ZooKeeper.getChildren(ZooKeeper.java:1472)
> at
>
> org.apache.hadoop.hbase.zookeeper.RecoverableZooKeeper.getChildren(RecoverableZooKeeper.java:296)
> at
>
> org.apache.hadoop.hbase.zookeeper.ZKUtil.listChildrenNoWatch(ZKUtil.java:575)
> at
>
> org.apache.hadoop.hbase.replication.ReplicationPeersZKImpl.addExistingPeers(ReplicationPeersZKImpl.java:359)
> ... 4 more
>
> Thank you
>
>
>
> --
> View this message in context:
> http://apache-hbase.679495.n3.nabble.com/HBase-replication-on-secured-clusters-tp4081486.html
> Sent from the HBase User mailing list archive at Nabble.com.
>
