Hi Sebastien, Can you also add these properties in your configuration and give it a try?
configuration.set("hadoop.security.authentication", "Kerberos"); configuration.set("hbase.security.authentication", "Kerberos"); configuration.set("hbase.master.kerberos.principal", "hbase/_HOST@realm"); <- realm need to be replaced configuration.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@realm"); Also eemove configuration.set("hbase.client.kerberos.principal", "myuser@myDomain"); configuration.set("hbase.client.keytab.file", "/path/to/myuser/keytab"); On Mon, Aug 7, 2017 at 3:55 AM, schausson <schaus...@softera.fr> wrote: > Hi Sean, > > Unfortunately, couldn't solve my issue ... > Below is the code of my utility class in charge of logging in and creating > an HBase connection. I added the AuthUtil stuff as suggested in your > answer, > but probably missed something :( > > My web service basically invokes GetHBaseConnection() method, and uses > returned connection to read/write data from/to HBase. > At application startup, everything is fine : it successfully logs in, > creates the HBase connection and my web service returns proper data. > The problem comes up if I wait for a long while (> ticket lifetime). Then, > when I invoke again my web service, I face the previously mentionned > warnings and get a socket timeout error... > When I look at the AuthUtil.getAuthChore() source code, it invokes > ugi.checkTGTAndReloginFromKeytab() and this is also what I do in the > background thread that I create when logging in (cf > SpawnAutoRenewalThread() > method below) > > Just to make it clear : in your answer, you wrote "you'll need to provide a > keytab that HBase can use to renew kerberos access over time.". Does it > mean > that I have to provide a specific keytab for hbase or can I use a single > keytab for everything ? > > In the end, should I stop trying to reuse my hbase connection and re-create > it every time (whatever the heavy cost of re-creating it) ? > > Sorry about my "newbie" questions, but I feel really confused about all > this > stuff... > > Thanks for your help > > Sebastien > > PS : Note that if I remove hbase requests from my web service and "just" > perform some HDFS operations (listing files from a folder for instance), > everything works fine, even if I wait for a long while, so the point is > hbase related. > > ------------------------------------------------ > > private static Configuration configuration; > private static boolean loggedOnCluster = false; > private static Connection connection = null; > private static ChoreService choreService = null; > > private static Configuration GetConfiguration() throws IOException { > if (configuration == null) { > configuration = HBaseConfiguration.create(); > configuration.set("hbase.client.kerberos.principal", > "myuser@myDomain"); > configuration.set("hbase.client.keytab.file", > "/path/to/myuser/keytab"); > } > return configuration; > } > > > public static Connection GetHbaseConnection() { > try { > if (!loggedOnCluster) { > Configuration conf = GetConfiguration(); > String userAccount = conf.get("hbase.client. > kerberos.principal"); > String keyTabPath = conf.get("hbase.client.keytab. > file"); > UserGroupInformation.setConfiguration(conf); > UserGroupInformation.loginUserFromKeytab(userAccount, > keyTabPath); > loggedOnCluster = true; > SpawnAutoRenewalThread(); > } > } catch (IOException e) { > LOGGER.error("!! Error while login in !!"); > e.printStackTrace(); > } > > if (connection == null || connection.isClosed() || > connection.isAborted()) > { > try { > final Configuration conf = GetConfiguration(); > final ScheduledChore authChore = > AuthUtil.getAuthChore(conf); > if (authChore != null) { > choreService = new > ChoreService("MY_APPLICATION"); > choreService.scheduleChore(authChore); > } > connection = ConnectionFactory. > createConnection(conf); > } catch (IOException ex) { > LOGGER.error("!! Could not obtain connection to > HBase !!"); > ex.printStackTrace(); > connection = null; > } > } > return connection; > } > > private static void SpawnAutoRenewalThread() throws IOException { > Thread t = new Thread(new Runnable() { > @Override > public void run() { > while (true) { > try { > UserGroupInformation. > getLoginUser().checkTGTAndReloginFromKeytab(); > } catch (IOException e1) { > e1.printStackTrace(); > } > try { > Thread.sleep(1800000L); > } catch (InterruptedException e) { > e.printStackTrace(); > } > } > } > }); > t.setDaemon(true); > t.setName("TGT Renewer for current user" + > UserGroupInformation.getLoginUser()); > t.start(); > } > > > > > -- > View this message in context: http://apache-hbase.679495.n3. > nabble.com/HBase-connection-expiration-on-kerberized- > cluster-tp4089493p4089549.html > Sent from the HBase User mailing list archive at Nabble.com. >