从 Windows 连接到 Kerberized HBase:无法指定服务器的 Kerberos 主体名称
Connecting to Kerberized HBase from Windows: Failed to specify server's Kerberos principal name
这是我使用 kerberos 连接到 HBase 的代码:
Configuration conf = HBaseConfiguration.create();
conf.set("hbase.zookeeper.quorum", "20.20.100.1");
conf.set("hbase.zookeeper.property.clientPort", "2181");
final String USER_KEY = "appuser.principal";
final String KEYTAB_KEY = "appuser.keytab.filename";
final String Key_user = Config.getProperties().getString("kerberos_keyuser");
final String Key_tab = Config.getProperties().getString("kerberos_keytab");
conf.set("hadoop.security.authentication", "kerberos");
conf.set("hbase.security.authentication", "kerberos");
conf.set(USER_KEY, Key_user);
conf.set(KEYTAB_KEY, Key_tab);
SecurityUtil.login(conf, KEYTAB_KEY, USER_KEY);
Connection connection = ConnectionFactory.createConnection(conf);
try (Table table = connection.getTable(TableName.valueOf("newssentiment:test"))) {
Scan scan = new Scan();
ResultScanner scanner = table.getScanner(scan);
Iterator<Result> iterator = scanner.iterator();
System.out.println();
while(iterator.hasNext()) {
System.out.println(iterator.next());
}
}
catch (Exception e){
System.out.print(e.getMessage());
}
HBaseAdmin.checkHBaseAvailable(conf);
connection.close();
System.out.println("HBase is running!");
但我收到以下错误:
org.apache.hadoop.security.UserGroupInformation - PriviledgedActionException as:u8000 (auth:SIMPLE) cause:java.io.IOException: Failed to specify server's Kerberos principal name
org.apache.hadoop.hbase.ipc.AbstractRpcClient - Exception encountered while connecting to the server : java.io.IOException: Failed to specify server's Kerberos principal name
org.apache.hadoop.security.UserGroupInformation - PriviledgedActionException as:u8000 (auth:SIMPLE) cause:java.io.IOException: java.io.IOException: Failed to specify server's Kerberos principal name
相同的代码可以 运行 在 Linux 上成功,但总是在 Windows 上失败。
只需将 SecurityUtil.login(conf, KEYTAB_KEY, USER_KEY); 替换为
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("USER_KEY", KEYTAB_KEY);
为简单起见,您可以编写如下代码:
Configuration conf = HBaseConfiguration.create();
conf.addResource(new Path("D:\core-site.xml");
conf.addResource(new Path("D:\hbase-site.xml");
System.setProperty( "java.security.krb5.conf", "D:\krb5.conf");
// give the path of krb5.conf file
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("Dummy@EXAMPLE.COM", "D:\farooque.keytab");
// Dummy@EXAMPLE.COM is the principal name, give the path of keytab file
Connection connection = ConnectionFactory.createConnection(conf);
try (Table table = connection.getTable(TableName.valueOf("newssentiment:test"))) {
Scan scan = new Scan();
ResultScanner scanner = table.getScanner(scan);
Iterator<Result> iterator = scanner.iterator();
System.out.println();
while(iterator.hasNext()) {
System.out.println(iterator.next());
}
}
catch (Exception e){
System.out.print(e.getMessage());
}
HBaseAdmin.checkHBaseAvailable(conf);
connection.close();
System.out.println("HBase is running!");
如果以上代码运行成功,您可以用变量替换固定值。
这是我使用 kerberos 连接到 HBase 的代码:
Configuration conf = HBaseConfiguration.create();
conf.set("hbase.zookeeper.quorum", "20.20.100.1");
conf.set("hbase.zookeeper.property.clientPort", "2181");
final String USER_KEY = "appuser.principal";
final String KEYTAB_KEY = "appuser.keytab.filename";
final String Key_user = Config.getProperties().getString("kerberos_keyuser");
final String Key_tab = Config.getProperties().getString("kerberos_keytab");
conf.set("hadoop.security.authentication", "kerberos");
conf.set("hbase.security.authentication", "kerberos");
conf.set(USER_KEY, Key_user);
conf.set(KEYTAB_KEY, Key_tab);
SecurityUtil.login(conf, KEYTAB_KEY, USER_KEY);
Connection connection = ConnectionFactory.createConnection(conf);
try (Table table = connection.getTable(TableName.valueOf("newssentiment:test"))) {
Scan scan = new Scan();
ResultScanner scanner = table.getScanner(scan);
Iterator<Result> iterator = scanner.iterator();
System.out.println();
while(iterator.hasNext()) {
System.out.println(iterator.next());
}
}
catch (Exception e){
System.out.print(e.getMessage());
}
HBaseAdmin.checkHBaseAvailable(conf);
connection.close();
System.out.println("HBase is running!");
但我收到以下错误:
org.apache.hadoop.security.UserGroupInformation - PriviledgedActionException as:u8000 (auth:SIMPLE) cause:java.io.IOException: Failed to specify server's Kerberos principal name
org.apache.hadoop.hbase.ipc.AbstractRpcClient - Exception encountered while connecting to the server : java.io.IOException: Failed to specify server's Kerberos principal name
org.apache.hadoop.security.UserGroupInformation - PriviledgedActionException as:u8000 (auth:SIMPLE) cause:java.io.IOException: java.io.IOException: Failed to specify server's Kerberos principal name
相同的代码可以 运行 在 Linux 上成功,但总是在 Windows 上失败。
只需将 SecurityUtil.login(conf, KEYTAB_KEY, USER_KEY); 替换为
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("USER_KEY", KEYTAB_KEY);
为简单起见,您可以编写如下代码:
Configuration conf = HBaseConfiguration.create();
conf.addResource(new Path("D:\core-site.xml");
conf.addResource(new Path("D:\hbase-site.xml");
System.setProperty( "java.security.krb5.conf", "D:\krb5.conf");
// give the path of krb5.conf file
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("Dummy@EXAMPLE.COM", "D:\farooque.keytab");
// Dummy@EXAMPLE.COM is the principal name, give the path of keytab file
Connection connection = ConnectionFactory.createConnection(conf);
try (Table table = connection.getTable(TableName.valueOf("newssentiment:test"))) {
Scan scan = new Scan();
ResultScanner scanner = table.getScanner(scan);
Iterator<Result> iterator = scanner.iterator();
System.out.println();
while(iterator.hasNext()) {
System.out.println(iterator.next());
}
}
catch (Exception e){
System.out.print(e.getMessage());
}
HBaseAdmin.checkHBaseAvailable(conf);
connection.close();
System.out.println("HBase is running!");
如果以上代码运行成功,您可以用变量替换固定值。