Configure HBase Master
Edit
file on your HBase Master server to add the following information
($HBASE_CONF_DIR
/hbase-site.xml$HBASE_CONF_DIR
is the directory to store
the HBase configuration files. For example,
/etc/hbase/conf
) :
Note | |
---|---|
There are no default values. The following are all examples. |
<property> <name>hbase.master.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> <description>Full path to the Kerberos keytab file to use for logging in the configured HMaster server principal. </description> </property>
<property> <name>hbase.master.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> <description>Ex. "hbase/_HOST@EXAMPLE.COM". The Kerberos principal name that should be used to run the HMaster process. The principal name should be in the form: user/hostname@DOMAIN. If "_HOST" is used as the hostname portion, it will be replaced with the actual hostname of the running instance. </description> </property>
<property> <name>hbase.regionserver.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> <description>Full path to the Kerberos keytab file to use for logging in the configured HRegionServer server principal. </description> </property>
<property> <name>hbase.regionserver.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> <description>Ex. "hbase/_HOST@EXAMPLE.COM". The Kerberos principal name that should be used to run the HRegionServer process. The principal name should be in the form: user/hostname@DOMAIN. If _HOST is used as the hostname portion, it will be replaced with the actual hostname of the running instance. An entry for this principal must exist in the file specified in hbase.regionserver.keytab.file </description> </property>
<!--Additional configuration specific to HBase security --> <property> <name>hbase.superuser</name> <value>hbase</value> <description>List of users or groups (comma-separated), who are allowed full privileges, regardless of stored ACLs, across the cluster. Only used when HBase security is enabled. </description> </property>
<property> <name>hbase.coprocessor.region.classes</name> <value>org.apache.hadoop.hbase.security.token.TokenProvider, org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint, org.apache.hadoop.hbase.security.access.AccessController </value> <description>A comma-separated list of Coprocessors that are loaded by default on all tables. </description> </property>
<property> <name>hbase.security.authentication</name> <value>kerberos</value> </property>
<property> <name>hbase.rpc.engine</name> <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value> </property>
<property> <name>hbase.security.authorization</name> <value>true</value> <description>Enables HBase authorization. Set the value of this property to false to disable HBase authorization. </description> </property>
<property> <name>hbase.coprocessor.master.classes</name> <value>org.apache.hadoop.hbase.security.access.AccessController</value> </property>
<property> <name>hbase.bulkload.staging.dir</name> <value>/apps/hbase/staging</value> <description>Directory in the default filesystem, owned by the hbase user, and has permissions(-rwx--x--x, 711) </description> </property>
For
more information on bulk loading in secure mode, see HBase Secure BulkLoad. Note that the
hbase.bulkload.staging.dir
is created by
HBase.