Edit hbase-site.xml
file on your HBase Master server
to add the following information:
Note | |
---|---|
There are no default values; the following are all only examples. |
<property> <name>hbase.master.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> <description>Full path to the kerberos keytab file to use for logging in the configured HMaster server principal. </description> </property>
<property> <name>hbase.master.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> <description>Ex. "hbase/_HOST@EXAMPLE.COM". The kerberos principal name that should be used to run the HMaster process. The principal name should be in the form: user/hostname@DOMAIN. If "_HOST" is used as the hostname portion, it will be replaced with the actual hostname of the running instance. </description> </property>
<property> <name>hbase.regionserver.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> <description>Full path to the kerberos keytab file to use for logging in the configured HRegionServer server principal. </description> </property>
<property> <name>hbase.regionserver.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> <description>Ex. "hbase/_HOST@EXAMPLE.COM".The kerberos principal name thatshould be used to run the HRegionServer process. The principal name should be in the form: user/hostname@DOMAIN. If _HOSTis used as the hostname portion, it will be replaced with the actual hostname of the runninginstance. An entry for this principal must existin the file specified in hbase.regionserver.keytab.file </description> </property>
<!--Additional configuration specific to HBase security --> <property> <name>hbase.superuser</name> <value>hbase</value> <description>List of users or groups (comma-separated), who are allowed full privileges, regardless of stored ACLs, across the cluster. Only used when HBase security is enabled. </description> </property>
<property> <name>hbase.coprocessor.region.classes</name> <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController </value> <description>A comma-separated list of Coprocessors that are loaded by default on all tables. </description> </property>
<property> <name>hbase.security.authentication</name> <value>kerberos</value> </property>
<property> <name>hbase.rpc.engine</name> <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value> </property>
<property> <name>hbase.security.authorization</name> <value>true</value> <description>Enables HBase authorization. Set the value of this property to false to disable HBase authorization. </description> </property>
<property> <name>hbase.coprocessor.master.classes</name> <value>org.apache.hadoop.hbase.security.access.AccessController</value> </property>
<property> <name>hbase.bulkload.staging.dir</name> <value>/apps/hbase/staging</value> <description>Directory in the default filesystem, owned by the hbase user, and has permissions(-rwx--x--x, 711) </description> </property>
For
more information on bulk loading in secure mode, see HBase Secure BulkLoad. Note that the
hbase.bulkload.staging.dir
is created by
HBase.