嗨,我正在尝试为安全的hbase编写一个java客户端.我想从代码本身做kinit,因为我使用的是用户组信息类.任何人都可以指出我在哪里错了吗?
这是我试图连接o hbase的主要方法.
我必须在CONfiguration对象中添加配置而不是使用xml,因为客户端可以位于任何位置.
请参阅以下代码:
public static void main(String [] args) { try { System.setProperty(CommonConstants.KRB_REALM, ConfigUtil.getProperty(CommonConstants.HADOOP_CONF, "krb.realm")); System.setProperty(CommonConstants.KRB_KDC, ConfigUtil.getProperty(CommonConstants.HADOOP_CONF,"krb.kdc")); System.setProperty(CommonConstants.KRB_DEBUG, "true"); final Configuration config = HBaseConfiguration.create(); config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, AUTH_KRB); config.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, AUTHORIZATION); config.set(CommonConfigurationKeysPublic.FS_AUTOMATIC_CLOSE_KEY, AUTO_CLOSE); config.set(CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY, defaultFS); config.set("hbase.zookeeper.quorum", ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.host")); config.set("hbase.zookeeper.property.clientPort", ConfigUtil.getProperty(CommonConstants.HBASE_CONF, "hbase.port")); config.set("hbase.client.retries.number", Integer.toString(0)); config.set("zookeeper.session.timeout", Integer.toString(6000)); config.set("zookeeper.recovery.retry", Integer.toString(0)); config.set("hbase.master", "gauravt-namenode.pbi.global.pvt:60000"); config.set("zookeeper.znode.parent", "/hbase-secure"); config.set("hbase.rpc.engine", "org.apache.hadoop.hbase.ipc.SecureRpcEngine"); config.set("hbase.security.authentication", AUTH_KRB); config.set("hbase.security.authorization", AUTHORIZATION); config.set("hbase.master.kerberos.principal", "hbase/gauravt-namenode.pbi.global.pvt@pbi.global.pvt"); config.set("hbase.master.keytab.file", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab"); config.set("hbase.regionserver.kerberos.principal", "hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt"); config.set("hbase.regionserver.keytab.file", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab"); UserGroupInformation.setConfiguration(config); UserGroupInformation userGroupInformation = UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/gauravt-datanode2.pbi.global.pvt@pbi.global.pvt", "D:/var/lib/bda/secure/keytabs/hbase.service.keytab"); UserGroupInformation.setLoginUser(userGroupInformation); User user = User.create(userGroupInformation); user.runAs(new PrivilegedExceptionAction
我得到以下异常:
Caused by: org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:110) at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:146) at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762) at org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354) at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883) at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:396) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491) at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880) ... 33 more
任何指针都会有所帮助.