Dear Hbase team:
I have install a Hbase thrift server on HDP 2.5 kerberized cluster with following steps and configuration: *Configuration:* 1. Check Hbase service principal: [hbase@ip-10-11-13-118 ~]$ klist -kt /etc/security/keytabs/hbase.service.keytab Keytab name: FILE:/etc/security/keytabs/hbase.service.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 02/06/17 17:40:53 hbase/[email protected] 1 02/06/17 17:40:53 hbase/[email protected] 1 02/06/17 17:40:53 hbase/[email protected] 1 02/06/17 17:40:53 hbase/[email protected] 1 02/06/17 17:40:53 hbase/[email protected] <hbase/[email protected]> 1. Hbase -> Configs -> Advanced -> Custom Hbase-Site.xml check if following properties are added already. If not, add missing properties: hbase.master.kerberos.principal=hbase/[email protected] hbase.master.keytab.file=/etc/security/keytabs/hbase.service.keytab hadoop.proxyuser.HTTP.groups=* hadoop.proxyuser.HTTP.hosts hbase.rest.authentication.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab hbase.rest.authentication.kerberos.principal=HTTP/[email protected] hbase.rest.authentication.type=kerberos hbase.rest.kerberos.principal=hbase/[email protected] hbase.rest.keytab.file=/etc/security/keytabs/hbase.service.keytab hbase.security.authentication=kerberos hbase.security.authentication.spnego.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab hbase.security.authentication.spnego.kerberos.principal=HTTP/[email protected] hbase.security.authorization=true For Hbase thrift server add following properties into Custom Hbase-site.xml section from ambari: hbase.thrift.security.qop=auth hbase.thrift.support.proxyuser=true hbase.security.authentication=kerberos hbase.regionserver.thrift.http=true hbase.thrift.keytab.file=/etc/security/keytabs/spnego.service.keytab hbase.thrift.kerberos.principal= HTTP/[email protected] In Ambari -> HDFS, make sure that following are set: hadoop.proxyuser.HTTP.groups=* hadoop.proxyuser.HTTP.hosts=* Restart Hbase service. When I run following command to test the installation it shows following error: *[hbase@p-10-11-13-118 ~]$ hbase org.apache.hadoop.hbase.thrift.HttpDoAsClient ip-10-11-13-118.mylabs.com <http://ip-10-11-13-118.mylabs.com/> 9090 hbase *true Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration Acquire TGT from Cache Principal is [email protected] Commit Succeeded Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration Acquire TGT from Cache Principal is [email protected] Commit Succeeded scanning tables... Ticket is: Negotiate YIIClgYJKoZIhvcSAQICAQBuggKFMIICgaADAgEFoQMCAQ6iBwMFACAAAACjggF+YYIBejCCAXagAwIBBaEfGx1ERVYuSEFET09QLlIxLUNPUkUuUjEuQUlHLk5FVKIbMBmgAwIBAKESMBAbDmhiYXNlLWRldl9nZmF0o4IBLzCCASugAwIBEqEDAgEDooIBHQSCARnxqNrKoykz7X43qGUeq78BMt4QTGMJWU/O2l6/a9SFtuTzOPFITcO5Ba2A3ClKFjnO58evIj/JsHo7Ik+KZQPKEob+KYcVYLNYagZOtwOQ2aa8HUPZIpb0XTfJoNNbNExAxF0Zv42rID1/vZez2Ga9C7lfRm2OU6/fMtPBP2/xClTofFyB3LJK69yiNBomS9bvRl8v2xsOYMbySAPPnZczcKQeu1hYfQ1u2ZAru5Rp0rlNNUnAyueGi1WHPIXiDOJp/PtqW5R6miVrce97eIb4FmNbYuFEBB8PThYwq5l8Uq3Hv66pum2zfpI5+mxD0sTWBJLaLWY44B/PtRE2t5EfgeExRQir4ZK6SB6TCB5qADAgESooHeBIHbA0zsuxuHUo/r2d8hbeB6sfXef3i0f7iGmBhZD1Q44lkgbvCc2+bDJLY5CqB11r4vOy0ZdRf/7AAt5xUs69IiCQpsMgaIzWkWqPCpEI9zSwShDuYpOBepA516MqJKkqZrbB1G8VXtSpsKKmveSW285QjesfFE+ym+vSNWGptP/ZOlYNJQbDUnQtoKVL02xIkAsj3lUAfWXUtToAWEXL4p+skZj4iPEByupprwlbjzSJR5We6in3FFz2G4sBrpJQb7bvJqPO3RrZZ8HGk2o6pEGu4EpPU9EwnUUMOAException in thread "main" java.security.PrivilegedActionException: org.apache.thrift.transport.TTransportException: HTTP Response code: 500 at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.hbase.thrift.HttpDoAsClient.main(HttpDoAsClient.java:88) Caused by: *org.apache.thrift.transport.TTransportException: HTTP Response code: 500 at *org.apache.thrift.transport.THttpClient.flush(THttpClient.java:349) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62) at org.apache.hadoop.hbase.thrift.generated.Hbase$Client.send_getTableNames(Hbase.java:901) at org.apache.hadoop.hbase.thrift.generated.Hbase$Client.getTableNames(Hbase.java:894) at org.apache.hadoop.hbase.thrift.HttpDoAsClient.run(HttpDoAsClient.java:137) at org.apache.hadoop.hbase.thrift.HttpDoAsClient.access$000(HttpDoAsClient.java:61) at org.apache.hadoop.hbase.thrift.HttpDoAsClient$1.run(HttpDoAsClient.java:92) at org.apache.hadoop.hbase.thrift.HttpDoAsClient$1.run(HttpDoAsClient.java:89) ... 3 more Can any one help me to fix the issue.
