Hi Sean,

Unfortunately, couldn't solve my issue ... 
Below is the code of my utility class in charge of logging in and creating
an HBase connection. I added the AuthUtil stuff as suggested in your answer,
but probably missed something :(

My web service basically invokes GetHBaseConnection() method, and uses
returned connection to read/write data from/to HBase.
At application startup, everything is fine : it successfully logs in,
creates the HBase connection and my web service returns proper data.
The problem comes up if I wait for a long while (> ticket lifetime). Then,
when I invoke again my web service, I face the previously mentionned
warnings and get a socket timeout error...
When I look at the AuthUtil.getAuthChore() source code, it invokes
ugi.checkTGTAndReloginFromKeytab() and this is also what I do in the
background thread that I create when logging in (cf SpawnAutoRenewalThread()
method below)

Just to make it clear : in your answer, you wrote "you'll need to provide a
keytab that HBase can use to renew kerberos access over time.". Does it mean
that I have to provide a specific keytab for hbase or can I use a single
keytab for everything ?

In the end, should I stop trying to reuse my hbase connection and re-create
it every time (whatever the heavy cost of re-creating it) ? 

Sorry about my "newbie" questions, but I feel really confused about all this
stuff...

Thanks for your help

Sebastien

PS : Note that if I remove hbase requests from my web service and "just"
perform some HDFS operations (listing files from a folder for instance),
everything works fine, even if I wait for a long while, so the point is
hbase related.

------------------------------------------------

private static Configuration configuration;
private static boolean loggedOnCluster = false;
private static Connection connection = null;
private static ChoreService choreService = null;
        
private static Configuration GetConfiguration() throws IOException {
        if (configuration == null) {
                configuration = HBaseConfiguration.create();
                configuration.set("hbase.client.kerberos.principal", 
"myuser@myDomain");
                configuration.set("hbase.client.keytab.file", 
"/path/to/myuser/keytab");
        }
        return configuration;
}


public static Connection GetHbaseConnection() {
        try {
                if (!loggedOnCluster) {
                        Configuration conf = GetConfiguration();
                        String userAccount = 
conf.get("hbase.client.kerberos.principal");
                        String keyTabPath = 
conf.get("hbase.client.keytab.file");
                        UserGroupInformation.setConfiguration(conf);
                        UserGroupInformation.loginUserFromKeytab(userAccount, 
keyTabPath);
                        loggedOnCluster = true;
                        SpawnAutoRenewalThread();
                }
        } catch (IOException e) {
                LOGGER.error("!! Error while login in !!");
                e.printStackTrace();
        }

        if (connection == null || connection.isClosed() || 
connection.isAborted())
{
                try {
                        final Configuration conf = GetConfiguration();
                        final ScheduledChore authChore = 
AuthUtil.getAuthChore(conf);
                        if (authChore != null) {
                                choreService = new 
ChoreService("MY_APPLICATION");
                                choreService.scheduleChore(authChore);
                        }
                        connection = ConnectionFactory.createConnection(conf);
                } catch (IOException ex) {
                        LOGGER.error("!! Could not obtain connection to HBase 
!!");
                        ex.printStackTrace();
                        connection = null;
                }
        }       
        return connection;
}

private static void SpawnAutoRenewalThread() throws IOException {
        Thread t = new Thread(new Runnable() {
                @Override
                public void run() {
                        while (true) {
                                try {
                                        
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
                                } catch (IOException e1) {
                                        e1.printStackTrace();
                                }
                                try {
                                        Thread.sleep(1800000L);
                                } catch (InterruptedException e) {
                                        e.printStackTrace();
                                }
                        }
                }
        });
        t.setDaemon(true);
        t.setName("TGT Renewer for current user" +
UserGroupInformation.getLoginUser());
        t.start();
}




--
View this message in context: 
http://apache-hbase.679495.n3.nabble.com/HBase-connection-expiration-on-kerberized-cluster-tp4089493p4089549.html
Sent from the HBase User mailing list archive at Nabble.com.

Reply via email to