DocsHortonworks Data Platform

 

 3.2. Create JAAS configuration files

  1. Create the following JAAS configuration files on the HBase Master, RegionServer, and HBase client host machines.

    These files must be created under the $HBASE_CONF_DIR directory:

    where $HBASE_CONF_DIR is the directory to store the HBase configuration files. For example, /etc/hbase/conf.

    • On your HBase Master host machine, create the hbase-server.jaas file under the /etc/hbase/conf directory and add the following content:

      Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/hbase.service.keytab"
principal="hbase/$HBase.Master.hostname";
};

    • On each of your RegionServer host machine, create the regionserver.jaas file under the /etc/hbase/conf directory and add the following content:

      Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/hbase.service.keytab"
principal="hbase/$RegionServer.hostname";
};

    • On HBase client machines, create the hbase-client.jaas file under the /etc/hbase/conf directory and add the following content:

      Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};

  2. Create the following JAAS configuration files on the ZooKeeper Server and client host machines.

    These files must be created under the $ZOOKEEPER_CONF_DIR directory, where $ZOOKEEPER_CONF_DIR is the directory to store the HBase configuration files. For example, /etc/zookeeper/conf:

    • On ZooKeeper server host machines, create the zookeeper-server.jaas file under the /etc/zookeeper/conf directory and add the following content: 

      Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/zookeeper.service.keytab"
principal="zookeeper/$ZooKeeper.Server.hostname";
};

    • On ZooKeeper client host machines, create the zookeeper-client.jaas file under the /etc/zookeeper/conf directory and add the following content: 

      Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};

  3. Edit the hbase-env.sh file on your HBase server to add the following information: 

    export HBASE_OPTS ="-Djava.security.auth.login.config=$HBASE_CONF_DIR/hbase-client.jaas"
export HBASE_MASTER_OPTS ="-Djava.security.auth.login.config=$HBASE_CONF_DIR/hbase-server.jaas"
export HBASE_REGIONSERVER_OPTS="-Djava.security.auth.login.config=$HBASE_CONF_DIR/regionserver.jaas"

    where HBASE_CONF_DIR is the HBase configuration directory. For example, /etc/hbase/conf.

  4. Edit zoo.cfg file on your ZooKeeper server to add the following information: 

    authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
kerberos.removeHostFromPrincipal=true
kerberos.removeRealmFromPrincipal=true   

  5. Edit zookeeper-env.sh file on your ZooKeeper server to add the following information:

    export SERVER_JVMFLAGS ="-Djava.security.auth.login.config=$ZOOKEEPER_CONF_DIR/zookeeper-server.jaas"
export CLIENT_JVMFLAGS ="-Djava.security.auth.login.config=$ZOOKEEPER_CONF_DIR/zookeeper-client.jaas"

    where $ZOOKEEPER_CONF_DIR is the ZooKeeper configuration directory. For example, /etc/zookeeper/conf.

Legal notices
loading table of contents...