Hi Sean,
Unfortunately, couldn't solve my issue ...
Below is the code of my utility class in charge of logging in and creating
an HBase connection. I added the AuthUtil stuff as suggested in your answer,
but probably missed something :(
My web service basically invokes GetHBaseConnection() method, and uses
returned connection to read/write data from/to HBase.
At application startup, everything is fine : it successfully logs in,
creates the HBase connection and my web service returns proper data.
The problem comes up if I wait for a long while (> ticket lifetime). Then,
when I invoke again my web service, I face the previously mentionned
warnings and get a socket timeout error...
When I look at the AuthUtil.getAuthChore() source code, it invokes
ugi.checkTGTAndReloginFromKeytab() and this is also what I do in the
background thread that I create when logging in (cf SpawnAutoRenewalThread()
method below)
Just to make it clear : in your answer, you wrote "you'll need to provide a
keytab that HBase can use to renew kerberos access over time.". Does it mean
that I have to provide a specific keytab for hbase or can I use a single
keytab for everything ?
In the end, should I stop trying to reuse my hbase connection and re-create
it every time (whatever the heavy cost of re-creating it) ?
Sorry about my "newbie" questions, but I feel really confused about all this
stuff...
Thanks for your help
Sebastien
PS : Note that if I remove hbase requests from my web service and "just"
perform some HDFS operations (listing files from a folder for instance),
everything works fine, even if I wait for a long while, so the point is
hbase related.
------------------------------------------------
private static Configuration configuration;
private static boolean loggedOnCluster = false;
private static Connection connection = null;
private static ChoreService choreService = null;
private static Configuration GetConfiguration() throws IOException {
if (configuration == null) {
configuration = HBaseConfiguration.create();
configuration.set("hbase.client.kerberos.principal",
"myuser@myDomain");
configuration.set("hbase.client.keytab.file",
"/path/to/myuser/keytab");
}
return configuration;
}
public static Connection GetHbaseConnection() {
try {
if (!loggedOnCluster) {
Configuration conf = GetConfiguration();
String userAccount =
conf.get("hbase.client.kerberos.principal");
String keyTabPath =
conf.get("hbase.client.keytab.file");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(userAccount,
keyTabPath);
loggedOnCluster = true;
SpawnAutoRenewalThread();
}
} catch (IOException e) {
LOGGER.error("!! Error while login in !!");
e.printStackTrace();
}
if (connection == null || connection.isClosed() ||
connection.isAborted())
{
try {
final Configuration conf = GetConfiguration();
final ScheduledChore authChore =
AuthUtil.getAuthChore(conf);
if (authChore != null) {
choreService = new
ChoreService("MY_APPLICATION");
choreService.scheduleChore(authChore);
}
connection = ConnectionFactory.createConnection(conf);
} catch (IOException ex) {
LOGGER.error("!! Could not obtain connection to HBase
!!");
ex.printStackTrace();
connection = null;
}
}
return connection;
}
private static void SpawnAutoRenewalThread() throws IOException {
Thread t = new Thread(new Runnable() {
@Override
public void run() {
while (true) {
try {
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
} catch (IOException e1) {
e1.printStackTrace();
}
try {
Thread.sleep(1800000L);
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
});
t.setDaemon(true);
t.setName("TGT Renewer for current user" +
UserGroupInformation.getLoginUser());
t.start();
}
--
View this message in context:
http://apache-hbase.679495.n3.nabble.com/HBase-connection-expiration-on-kerberized-cluster-tp4089493p4089549.html
Sent from the HBase User mailing list archive at Nabble.com.
