Java API连接Kerberos认证的HBASE

最新推荐文章于 2024-05-14 18:38:16 发布
最新推荐文章于 2024-05-14 18:38:16 发布
阅读量5.7k 收藏 26
点赞数 5
分类专栏: 大数据 文章标签: hbase kerberos 大数据
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/tonseal/article/details/114500794
版权

网上关于 Java 代码连接启用了Kerberos认证的HBASE资料很多,但是总感觉不够准确,总是出现各种问题。经过整合网上资料和亲自试验,得出连接成功的最小配置项如下:

java.security.krb5.conf

hadoop.security.authentication

hbase.security.authentication

hbase.regionserver.kerberos.principal

hbase.zookeeper.quorum

hbase.zookeeper.property.clientPort

试验发现,如果上述配置项缺少了任一项都会导致HBASE连接读写不成功。先放上获取连接成功的代码:

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.security.UserGroupInformation;

import java.io.IOException;

public class HbaseConnector {

    public static Connection getConnection(String zkQuorum, String clientPort, String keyTabPath, String krbConfPath, String principal) throws IOException {

        // krb5.conf必需
        System.setProperty("java.security.krb5.conf", krbConfPath);

        org.apache.hadoop.conf.Configuration conf = HBaseConfiguration.create();

        // 必需
        conf.set("hadoop.security.authentication", "kerberos");

        // 必需
        conf.set("hbase.security.authentication", "kerberos");
        conf.set("hbase.regionserver.kerberos.principal", "hbase/_HOST@ECLD.COM");
        conf.set("hbase.zookeeper.quorum", zkQuorum);
        conf.set("hbase.zookeeper.property.clientPort", clientPort);
        // (非必需)
        conf.set("hbase.master.kerberos.principal", "hbase/_HOST@ECLD.COM");

        UserGroupInformation.setConfiguration(conf);

        //登陆认证
        UserGroupInformation.loginUserFromKeytab(principal, keyTabPath);

        return ConnectionFactory.createConnection(conf);
    }

    public static void main(String[] args) throws IOException {
        Connection connection = getConnection("node101,node102,node103", "2181", "C:/Users/sysea/Desktop/tonseal.keytab", "C:/Users/sysea/Desktop/krb5.conf", "tonseal@HADOOP.COM");
        Admin admin = connection.getAdmin();
        if (admin.tableExists(TableName.valueOf("tonseal:tonseal_table"))) {
            System.out.println("表tonseal:tonseal_table存在");
        } else {
            System.err.println("表tonseal:tonseal_table不存在");
        }
        admin.close();
        connection.close();
    }
}

hbase.zookeeper.quorumhbase.zookeeper.property.clientPort这两个配置项是必需的,无论是否开启Kerberos认证都需要进行设置的。

krb5.conf这个文件可以在主机的/etc目录下找到:

krb5.conf示例内容如下:

[libdefaults]
default_realm = HADOOP.COM
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts
default_tkt_enctypes = aes256-cts
permitted_enctypes = aes256-cts
udp_preference_limit = 1
kdc_timeout = 3000

[realms]
HADOOP.COM = {
  kdc = node101
  admin_server = node101
}
[domain_realm]

下面贴出缺少上述其他配置项的连接报错信息:

如果缺少了java.security.krb5.conf,提示无法获取realm:

23:14:29.533 [main] DEBUG org.apache.hadoop.security.authentication.util.KerberosName - Kerberos krb5 configuration not found, setting default realm to empty
Exception in thread "main" java.lang.IllegalArgumentException: Can't get Kerberos realm
	at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:65)
	at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:309)
	at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:355)
	at com.seal.HbaseConnector.getConnection(HbaseConnector.java:49)
	at com.seal.Main.createConnectionWithKerberos(Main.java:113)
	at com.seal.Main.main(Main.java:33)
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.hadoop.security.authentication.util.KerberosUtil.getDefaultRealm(KerberosUtil.java:110)
	at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:63)
	... 5 more
Caused by: KrbException: Cannot locate default realm
	at sun.security.krb5.Config.getDefaultRealm(Config.java:1066)
	... 11 more

如果缺少了hadoop.security.authentication,代码会尝试使用本机当前用户名进行认证,认证方式为"SIMPLE",而不是"Kerberos",导致连接失败:

23:16:32.875 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - hadoop login
23:16:32.875 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - hadoop login commit
23:16:32.879 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - using local user:NTUserPrincipal: sysea
23:16:32.879 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - Using user: "NTUserPrincipal: sysea" with name sysea
23:16:32.879 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - User entry: "sysea"
23:16:32.879 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - Assuming keytab is managed externally since logged in from subject.
23:16:32.879 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - UGI loginUser:sysea (auth:SIMPLE)
23:16:32.886 [main] DEBUG org.apache.hadoop.security.UserGroupInformation - PrivilegedAction as:sysea (auth:SIMPLE) from:org.apache.hadoop.hbase.security.User$SecureHadoopUser.runAs(User.java:347)
23:16:42.112 [hconnection-0x59fd97a8-metaLookup-shared--pool4-t1] WARN org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector - No matching SASL authentication provider and supporting token found from providers for user: sysea (auth:SIMPLE)
23:16:42.113 [hconnection-0x59fd97a8-metaLookup-shared--pool4-t1] DEBUG org.apache.hadoop.hbase.client.RpcRetryingCallerImpl - Call exception, tries=6, retries=11, started=4293 ms ago, cancelled=false, msg=Call to node101/192.168.56.101:16020 failed on local exception: java.io.IOException: java.lang.RuntimeException: Found no valid authentication method from options, details=row 'tonseal:tonseal_table,rowkey9-1615130197768,99999999999999' on table 'hbase:meta' at region=hbase:meta,,1.1588230740, hostname=node101,16020,1615095171294, seqNum=-1, see https://s.apache.org/timeout, exception=java.io.IOException: Call to node101/192.168.56.101:16020 failed on local exception: java.io.IOException: java.lang.RuntimeException: Found no valid authentication method from options
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.apache.hadoop.hbase.ipc.IPCUtil.wrapException(IPCUtil.java:225)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.onCallFinished(AbstractRpcClient.java:378)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.access$100(AbstractRpcClient.java:89)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient$3.run(AbstractRpcClient.java:409)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient$3.run(AbstractRpcClient.java:405)
	at org.apache.hadoop.hbase.ipc.Call.callComplete(Call.java:117)
	at org.apache.hadoop.hbase.ipc.Call.setException(Call.java:132)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callMethod(AbstractRpcClient.java:422)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:316)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.access$200(AbstractRpcClient.java:89)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:572)
	at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:45390)
	at org.apache.hadoop.hbase.client.ScannerCallable.openScanner(ScannerCallable.java:332)
	at org.apache.hadoop.hbase.client.ScannerCallable.rpcCall(ScannerCallable.java:242)
	at org.apache.hadoop.hbase.client.ScannerCallable.rpcCall(ScannerCallable.java:58)
	at org.apache.hadoop.hbase.client.RegionServerCallable.call(RegionServerCallable.java:127)
	at org.apache.hadoop.hbase.client.RpcRetryingCallerImpl.callWithoutRetries(RpcRetryingCallerImpl.java:192)
	at org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:396)
	at org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:370)
	at org.apache.hadoop.hbase.client.RpcRetryingCallerImpl.callWithRetries(RpcRetryingCallerImpl.java:107)
	at org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:80)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: java.lang.RuntimeException: Found no valid authentication method from options
	at org.apache.hadoop.hbase.ipc.IPCUtil.toIOE(IPCUtil.java:159)
	... 17 more
Caused by: java.lang.RuntimeException: Found no valid authentication method from options
	at org.apache.hadoop.hbase.ipc.RpcConnection.<init>(RpcConnection.java:112)
	at org.apache.hadoop.hbase.ipc.NettyRpcConnection.<init>(NettyRpcConnection.java:97)
	at org.apache.hadoop.hbase.ipc.NettyRpcClient.createConnection(NettyRpcClient.java:76)
	at org.apache.hadoop.hbase.ipc.NettyRpcClient.createConnection(NettyRpcClient.java:39)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.getConnection(AbstractRpcClient.java:350)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callMethod(AbstractRpcClient.java:419)
	... 16 more

如果缺少了hbase.security.authentication,也会导致连接失败:

23:24:34.930 [RPCClient-NioEventLoopGroup-1-1] DEBUG org.apache.hadoop.hbase.ipc.NettyRpcDuplexHandler - Unknown callId: -1, skipping over this response of 0 bytes
23:24:34.931 [hconnection-0x2cdd0d4b-metaLookup-shared--pool4-t1] DEBUG org.apache.hadoop.hbase.client.RpcRetryingCallerImpl - Call exception, tries=6, retries=16, started=4530 ms ago, cancelled=false, msg=Call to node101/192.168.56.101:16020 failed on local exception: org.apache.hadoop.hbase.exceptions.ConnectionClosedException: Connection closed, details=row 'tonseal:tonseal_table,rowkey4-1615130670351,99999999999999' on table 'hbase:meta' at region=hbase:meta,,1.1588230740, hostname=node101,16020,1615095171294, seqNum=-1, see https://s.apache.org/timeout, exception=org.apache.hadoop.hbase.exceptions.ConnectionClosedException: Call to node101/192.168.56.101:16020 failed on local exception: org.apache.hadoop.hbase.exceptions.ConnectionClosedException: Connection closed
	at org.apache.hadoop.hbase.ipc.IPCUtil.wrapException(IPCUtil.java:206)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.onCallFinished(AbstractRpcClient.java:378)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.access$100(AbstractRpcClient.java:89)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient$3.run(AbstractRpcClient.java:409)
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient$3.run(AbstractRpcClient.java:405)
	at org.apache.hadoop.hbase.ipc.Call.callComplete(Call.java:117)
	at org.apache.hadoop.hbase.ipc.Call.setException(Call.java:132)
	at org.apache.hadoop.hbase.ipc.NettyRpcDuplexHandler.cleanupCalls(NettyRpcDuplexHandler.java:203)
	at org.apache.hadoop.hbase.ipc.NettyRpcDuplexHandler.channelInactive(NettyRpcDuplexHandler.java:211)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:241)
	at org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed(ByteToMessageDecoder.java:386)
	at org.apache.hbase.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.channelInactive(ByteToMessageDecoder.java:351)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:241)
	at org.apache.hbase.thirdparty.io.netty.channel.ChannelInboundHandlerAdapter.channelInactive(ChannelInboundHandlerAdapter.java:81)
	at org.apache.hbase.thirdparty.io.netty.handler.timeout.IdleStateHandler.channelInactive(IdleStateHandler.java:277)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:241)
	at org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive(DefaultChannelPipeline.java:1405)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:262)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:248)
	at org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline.fireChannelInactive(DefaultChannelPipeline.java:901)
	at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannel$AbstractUnsafe$8.run(AbstractChannel.java:818)
	at org.apache.hbase.thirdparty.io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
	at org.apache.hbase.thirdparty.io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
	at org.apache.hbase.thirdparty.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:497)
	at org.apache.hbase.thirdparty.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
	at org.apache.hbase.thirdparty.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at org.apache.hbase.thirdparty.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.hadoop.hbase.exceptions.ConnectionClosedException: Connection closed
	... 26 more

有的连接代码中会使用core-site.xmlhbase-site.xml这些文件添加到Configuration中,这是因为core-site.xmlhbase-site.xml中包含了上述的配置项,如此一来当然可以连接成功了。

core-site.xml中包含了配置项hadoop.security.authentication

如果hbase-site.xml中包含了上述所有hbase相关的配置项,把hbase-site.xml添加到Configuration后,则hbase.security.authenticationhbase.regionserver.kerberos.principalhbase.zookeeper.quorumhbase.zookeeper.property.clientPort都不需要再指定:

使用core-site.xmlhbase-site.xml进行连接的代码如下:

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.security.UserGroupInformation;

import java.io.IOException;

public class HbaseConnector {

    public static Connection getConnectionByFile(String keyTabPath, String krbConfPath, String coreSitePath, String hbaseSitePath, String principal) throws IOException {

        // krb5.conf必需
        System.setProperty("java.security.krb5.conf", krbConfPath);

        org.apache.hadoop.conf.Configuration conf = HBaseConfiguration.create();
        conf.addResource(new Path(coreSitePath));
        conf.addResource(new Path(hbaseSitePath));

        UserGroupInformation.setConfiguration(conf);

        //登陆认证
        UserGroupInformation.loginUserFromKeytab(principal, keyTabPath);
        connection = ConnectionFactory.createConnection(conf);
        return connection;
    }

    public static void main(String[] args) throws IOException {
//        Connection connection = getConnection("node101,node102,node103", "2181", "C:/Users/sysea/Desktop/tonseal.keytab", "C:/Users/sysea/Desktop/krb5.conf", "tonseal@HADOOP.COM");
        Connection connection = getConnectionByFile("C:/Users/sysea/Desktop/tonseal.keytab", "C:/Users/sysea/Desktop/krb5.conf", "C:/Users/sysea/Desktop/core-site.xml", "C:/Users/sysea/Desktop/hbase-site.xml", "tonseal@HADOOP.COM");
        Admin admin = connection.getAdmin();
        if (admin.tableExists(TableName.valueOf("tonseal:tonseal_table"))) {
            System.out.println("表tonseal:tonseal_table存在");
        } else {
            System.err.println("表tonseal:tonseal_table不存在");
        }
        admin.close();
        connection.close();
    }
}

 

其他:Kerberos认证获取的票据时长是有限的,程序运行一段时间后会出现无法读写HBASE的情况,这就需要对票据进行续约。

haha_syseal
关注
  • 5
    点赞
  • 26
    收藏
    觉得还不错? 一键收藏
  • 12
    评论
专栏目录
HBase的配置和使用的一些坑
jyj019的博客
07-01 981
根据需求需要使用HBase做持久化存储,之前知道HBase属于深坑的组件,但基本的入门还是花了一周,先看了一天的存储结构,花了两天完成配置,代码调优,完成性能测试又用了两天。感觉可以挖好几个坑了,哈哈哈。 首先关于存储结构,我也是根据博客上手,自行设计的一个demo表结构,建表。做的迷迷糊糊,等有进一步的感悟后再讲讲吧(挖坑)。 大概讲下集群的Hbase配置和使用遇到的坑。这些坑与组件是互相关...
java api访问kerberos认证hbase
u011460470的博客
12-27 919
java api访问kerberos认证hbase
Java JDBC连接Kerberos认证的HIVE 和 Impala
最新发布
Donnedaen的专栏
05-14 565
JDBC 连接 HIVE 和 Impala
HBase + Kerberos 配置示例(一)
weixin_33829657的博客
05-14 947
用过hbase的朋友可能都有过这样的疑问,我写一个java client,好像就提供了zookeeper quorum地址就连上hbase了,那么是不是存在安全问题?的确是,如何解决?hbase中引入了kerberos认证。我准备用两篇博文介绍hbase + kerberos的相关内容,本篇主要介绍kerberos的配置。 环境准备 kerberos简介 kerberos server配...
HBaseHbase Java api 集成Kerberos权限认证
u013202518的博客
12-23 6986
生产中用了kerberos很长一段时间,大部分其实就是票据过期刷新票据的问题,设置服务器上的crontab定时任务再票据有效期内重新kinit票据一般都能解决问题,也有遇到其他复杂的问题,再此不展开描述。 目录 用keytab登录 用Kerberos账号密码登陆 用keytab登录 // System.setProperty("sun.security.krb5.debug"...
Java连接HBase
邢为栋
08-25 8107
Java连接HBase的方法,包含Kerberos认证。 代码示例: package com.example.hbase.admin; import java.io.IOException; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hba
HBase的用户认证和授权
互联网知识分享
09-06 729
使用这些功能,用户可以确保只有经过授权的用户才能访问和操作。用户认证是确认用户身份的过程,而用户授权是授予用户特定权限以访问和操作数据库的过程。的用户认证和授权功能可以保护数据的机密性和完整性,同时提供灵活的权限管理。用户授权提供了表级别和列族级别的权限管理,通过。的用户认证和授权机制可以保护数据的安全性和完整性。用户授权是授予用户访问和操作数据库的特定权限的过程。类来授予和撤销用户对表的权限,并验证用户的权限。提供了两种级别的用户授权:表级别和列族级别。,可以轻松地进行用户授权的管理。
flink写入带kerberos认证的kudu connector
03-24
此时,Flink作业将使用Kerberos认证连接到Kudu,并进行数据读写操作。请注意,确保Flink作业的运行环境和Kudu集群都已正确配置Kerberos。 总结,配置Flink写入带Kerberos认证的Kudu Connector涉及多个步骤,包括...
hbase-connectors:Apache HBase连接
02-05
- HBase连接器通常支持Hadoop的Kerberos认证,确保数据的安全传输和访问控制。 7. **Bulk Load**: - 通过HBase连接器可以实现批量加载数据,提高大数据导入的效率。 8. **数据模型**: - HBase是基于列族...
在Windows连接HBase实用工具
05-05
如果HBase集群启用了安全性(如Kerberos),需要在Windows客户端上配置相应的认证机制,以便能够安全地连接和操作数据库。 总的来说,连接Windows到HBase涉及多个步骤,包括配置、安装和理解HBase的特性和工作原理...
hbase客户端连接工具winutils-2.2.0.zip
05-16
8. **安全设置**:如果HBase集群启用了Kerberos安全,你还需要在`hbase-site.xml`中配置安全认证的相关参数,并确保Java客户端拥有相应的keytab文件。 9. **错误排查**:在配置过程中可能会遇到各种问题,如网络...
hbase2.2安装文件
10-24
7. **安全配置**:在生产环境中,可能需要配置HBase以支持安全性,如Kerberos认证,以保护数据的安全。 在大数据应用中,HBase常常与其他技术结合使用,如Hadoop MapReduce进行批处理分析,Spark用于实时计算,或者...
windows平台上krb5.conf的位置
shy_snow的专栏
06-16 1980
windows上需要把krb5.conf改为krb5.ini, 寻找krb5.ini的位置按优先级如下: 1.由 java.security.krb5.conf 引用的文件 2.%java.home%/lib/security/krb5.conf 3. c:\winnt\krb5.ini。 推荐还是在jvm参数里设置-Djava.security.krb5.conf=d:/test/krb5.ini 这个亲测有效
Hbase[01]安装Hbase
Toozky的博客
05-30 365
Hbase[01]安装Hbase 以上就是本期总结的全部内容,愿大家相互学习,共同进步!
hbase总结:hbase连接异常
jamin_tan007的专栏
11-26 5112
异常提示: java.io.IOException: Could not locate executable null\bin\winutils.exe in the Hadoop binaries.   分析:出这个错误,是因为win中没有这只HADOOP_HOME,但是win7中怎么会有HADOOP_HOME呢,设置后指向什么位置呢,我的hadoop在服务器端上的啊; 网络上的答案:HAD
Hbase配置项粗解
木子一个Lee的博客
10-30 1227
hbase.client.write.buffer:htable客户端写缓冲区大小,默认是2097152BYTE,这个缓冲区就是为了写数据的临时存放,设置大了,浪费客户端和服务端的存储,设置小了,如果写的数据多,太多的RPC又带来网络开销,官方给的一个服务端存储耗费评估计算是:hbase.client.write.buffer*hbase.regionserver.handler.count,服务端的rs的处理handler个数也很关键;也可以延迟加载,由HTableDescriptor指定;
Java 访问kerberos认证的HDFS文件
杜海的博客
09-17 2565
1、创建Maven项目,导入以下依赖,必须: <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-common</artifactId> <ve...
HBase 开发:使用Java操作HBase
qq_51954214的博客
10-24 4207
HBase 开发:使用Java操作HBase
已解决java.lang.RuntimeException: 运行时异常的正确解决方法,亲测有效!!!
小明的Java问道之路
04-05 7648
已解决java.lang.RuntimeException: 运行时异常的正确解决方法,亲测有效!!!
java api连接kerberos认证的es
05-30
要使用Java API连接使用Kerberos认证的Elasticsearch集群,你需要遵循以下步骤: 1. 首先,你需要为你的Java应用程序配置Kerberos认证。这可以通过在你的应用程序中使用JAAS(Java Authentication and Authorization Service)框架来完成。 2. 然后,你需要在Elasticsearch集群中启用Kerberos认证。这可以通过在elasticsearch.yml配置文件中设置以下属性来完成: ``` xpack.security.authc.realms: kerberos.kerb1: type: kerberos order: 0 krb5_file_path: /path/to/krb5.conf keytab_path: /path/to/elasticsearch.keytab ``` 其中,`krb5_file_path`是指向Kerberos配置文件的路径,`keytab_path`是指向Elasticsearch服务的keytab文件路径。 3. 接下来,你需要使用Java API创建一个Elasticsearch客户端,并使用Kerberos认证进行身份验证。以下是一个示例代码: ``` public class KerberosESClient { public static void main(String[] args) throws Exception { Configuration conf = new Configuration(); conf.setBoolean("hadoop.security.authentication", true); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab("your_principal", "/path/to/your/keytab"); Settings settings = Settings.builder() .put("cluster.name", "your_cluster_name") .put("xpack.security.user", "your_username:your_password") .put("client.transport.sniff", true) .build(); TransportClient client = new PreBuiltXPackTransportClient(settings) .addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName("your_es_host"), 9300)); SearchResponse response = client.prepareSearch().execute().actionGet(); client.close(); } } ``` 在上面的代码中,`UserGroupInformation`类用于从指定的keytab文件中获取Kerberos凭证,然后使用这些凭证创建一个Elasticsearch客户端。`Settings`类用于配置一些连接参数,例如集群名称、节点授权信息等。`TransportClient`类用于实现与Elasticsearch节点的通信,可以使用`prepareSearch`方法发送一个查询请求并获取结果。 希望这个回答能够帮助到你!
评论 12
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值