Hi Sebastien,
Can you also add these properties in your configuration and give it a
try?
configuration.set("hadoop.security.authentication", "Kerberos");
configuration.set("hbase.security.authentication", "Kerberos");
configuration.set("hbase.master.kerberos.principal", "hbase/_HOST@realm");
<- realm need to be replaced
configuration.set("hbase.regionserver.kerberos.principal",
"hbase/_HOST@realm");
Also eemove
configuration.set("hbase.client.kerberos.principal",
"myuser@myDomain");
configuration.set("hbase.client.keytab.file",
"/path/to/myuser/keytab");
On Mon, Aug 7, 2017 at 3:55 AM, schausson <[email protected]> wrote:
> Hi Sean,
>
> Unfortunately, couldn't solve my issue ...
> Below is the code of my utility class in charge of logging in and creating
> an HBase connection. I added the AuthUtil stuff as suggested in your
> answer,
> but probably missed something :(
>
> My web service basically invokes GetHBaseConnection() method, and uses
> returned connection to read/write data from/to HBase.
> At application startup, everything is fine : it successfully logs in,
> creates the HBase connection and my web service returns proper data.
> The problem comes up if I wait for a long while (> ticket lifetime). Then,
> when I invoke again my web service, I face the previously mentionned
> warnings and get a socket timeout error...
> When I look at the AuthUtil.getAuthChore() source code, it invokes
> ugi.checkTGTAndReloginFromKeytab() and this is also what I do in the
> background thread that I create when logging in (cf
> SpawnAutoRenewalThread()
> method below)
>
> Just to make it clear : in your answer, you wrote "you'll need to provide a
> keytab that HBase can use to renew kerberos access over time.". Does it
> mean
> that I have to provide a specific keytab for hbase or can I use a single
> keytab for everything ?
>
> In the end, should I stop trying to reuse my hbase connection and re-create
> it every time (whatever the heavy cost of re-creating it) ?
>
> Sorry about my "newbie" questions, but I feel really confused about all
> this
> stuff...
>
> Thanks for your help
>
> Sebastien
>
> PS : Note that if I remove hbase requests from my web service and "just"
> perform some HDFS operations (listing files from a folder for instance),
> everything works fine, even if I wait for a long while, so the point is
> hbase related.
>
> ------------------------------------------------
>
> private static Configuration configuration;
> private static boolean loggedOnCluster = false;
> private static Connection connection = null;
> private static ChoreService choreService = null;
>
> private static Configuration GetConfiguration() throws IOException {
> if (configuration == null) {
> configuration = HBaseConfiguration.create();
> configuration.set("hbase.client.kerberos.principal",
> "myuser@myDomain");
> configuration.set("hbase.client.keytab.file",
> "/path/to/myuser/keytab");
> }
> return configuration;
> }
>
>
> public static Connection GetHbaseConnection() {
> try {
> if (!loggedOnCluster) {
> Configuration conf = GetConfiguration();
> String userAccount = conf.get("hbase.client.
> kerberos.principal");
> String keyTabPath = conf.get("hbase.client.keytab.
> file");
> UserGroupInformation.setConfiguration(conf);
> UserGroupInformation.loginUserFromKeytab(userAccount,
> keyTabPath);
> loggedOnCluster = true;
> SpawnAutoRenewalThread();
> }
> } catch (IOException e) {
> LOGGER.error("!! Error while login in !!");
> e.printStackTrace();
> }
>
> if (connection == null || connection.isClosed() ||
> connection.isAborted())
> {
> try {
> final Configuration conf = GetConfiguration();
> final ScheduledChore authChore =
> AuthUtil.getAuthChore(conf);
> if (authChore != null) {
> choreService = new
> ChoreService("MY_APPLICATION");
> choreService.scheduleChore(authChore);
> }
> connection = ConnectionFactory.
> createConnection(conf);
> } catch (IOException ex) {
> LOGGER.error("!! Could not obtain connection to
> HBase !!");
> ex.printStackTrace();
> connection = null;
> }
> }
> return connection;
> }
>
> private static void SpawnAutoRenewalThread() throws IOException {
> Thread t = new Thread(new Runnable() {
> @Override
> public void run() {
> while (true) {
> try {
> UserGroupInformation.
> getLoginUser().checkTGTAndReloginFromKeytab();
> } catch (IOException e1) {
> e1.printStackTrace();
> }
> try {
> Thread.sleep(1800000L);
> } catch (InterruptedException e) {
> e.printStackTrace();
> }
> }
> }
> });
> t.setDaemon(true);
> t.setName("TGT Renewer for current user" +
> UserGroupInformation.getLoginUser());
> t.start();
> }
>
>
>
>
> --
> View this message in context: http://apache-hbase.679495.n3.
> nabble.com/HBase-connection-expiration-on-kerberized-
> cluster-tp4089493p4089549.html
> Sent from the HBase User mailing list archive at Nabble.com.
>
