Command Line Installation
Also available as:
PDF
loading table of contents...

Set Up the Configuration Files

[Note]Note

To enable Kerberos for clusters with dual home network setting, each HBase RegionServer must have its own key. See Setting Up Security for Manual Installs.

You must set up several configuration files for HBase and ZooKeeper. Hortonworks provides a set of configuration files that represent a working ZooKeeper configuration. (See Download Companion Files). You can use these files as a reference point, however, you need to modify them to match your own cluster environment.

If you choose to use the provided configuration files to set up your ZooKeeper environment, complete the following steps:

  1. Extract the HBase configuration files to a temporary directory.

    The files are located in the configuration_files/hbase directory in the companion files.

  2. Modify the configuration files.

    In the respective temporary directories, locate the following files and modify the properties based on your environment.

    • Review the zoo.cfg file and locate the ZooKeeper servers.

      dataDir=$zk.data.directory.path
      server.1=$zk.server1.full.hostname:2888:3888
      server.2=$zk.server2.full.hostname:2888:3888
      server.3=$zk.server3.full.hostname:2888:3888
    • Edit hbase-site.xml and modify the following properties:

      <property>
            <name>hbase.rootdir</name>
            <value>hdfs://$hbase.namenode.full.hostname:8020/apps/hbase/data</value>
            <description>Enter the HBase NameNode server hostname</description>
       </property>
      
      <property>
            <name>hbase.zookeeper.quorum</name>
            <value>$zk.server1.full.hostname,$zk.server2.full.hostname,$zk.server3.full.hostname</value>
            <description>Comma separated list of ZooKeeper servers (match to what is specified in zoo.cfg but without portnumbers)</description>
      </property>
    • If you are using a REST server to connect to HBase secured by Kerberos:

      • You must also add the following properties to hbase-site.xml:

        <property>
             <name>hbase.rest.authentication.type</name>
             <value>kerberos</value>
             <description>Enter the authentication method for the REST server.</description>
        </property>
        
        <property>
             <name>hbase.rest.kerberos.principal</name>
             <value>hbase/_HOST@EXAMPLE.COM</value>
             <description>Enter the Kerberos principal for the REST server to use to interact with HBase.</description>
        </property>
        
        <property>
             <name>hbase.rest.keytab.file</name>
             <value>/etc/security/keytabs/hbase.service.keytab</value>
             <description>Enter the location of the keytab file for the REST server to use to interact with HBase.</description>
        </property>
        
        <property>
             <name>hbase.rest.authentication.kerberos.principal</name>
             <value>HTTP/_HOST@EXAMPLE.COM</value>
             <description>Enter the Kerberos principal for accepting SPNEGO-authenticated REST requests.</description>
        </property>
        
        <property>
             <name>hbase.rest.authentication.kerberos.keytab</name>
             <value>/etc/security/keytabs/spnego.service.keytab</value>
             <description>Enter the location of the keytab file for accepting SPNEGO-authenticated REST requests.</description>
        </property>
        
        [Important]Important

        You must set the primary component part of the value for hbase.rest.authentication.kerberos.principal to HTTP. SPNEGO authentication requires that the Kerberos principal's primary component (the first element, up to the forward-slash ("/") or at-symbol ("@") to be HTTP.

      • After adding these properties to the hbase-site.xml file, you must grant HBase permissions to the user specified by the value of the hbase.rest.kerberos.principal property:

        grant '<user-name>', '<permissions>', '<table>' [, '<column-family>' [, '<column-qualifier>']]

        For example, if user = HTTP, permissions = RWXCA, table = sales, and column = 1:

        grant 'hbase', 'RWXCA', 'sales', '1'
      • Ensure that the core-site.xml file also contains the corresponding proxy user configuration properties for the configured REST server user.

        <property>
            <name>hadoop.proxyuser.USER.hosts</name>
            <value>*</value>
        </property>
        
        <property>
            <name>hadoop.proxyuser.USER.groups</name>
            <value>*</value>
        </property>
        
        <property>
            <name>hadoop.proxyuser.USER.users</name>
            <value>*</value>
        </property>
        

        For example, if user = hbase and we wanted to allow the users alice and bob to be impersonated only from the REST server host 10.0.0.1

        <property>
            <name>hadoop.proxyuser.hbase.hosts</name>
            <value>10.0.0.1</value>
        </property>
        
        <property>
            <name>hadoop.proxyuser.hbase.users</name>
            <value>alice,bob</value>
        </property>
    • Edit the regionservers file and list all the RegionServers hostnames (separated by newline character) in your environment. For example, see the sample regionservers file with hostnames RegionServer1 through RegionServer9. Use full host names (FQDNs).

      RegionServer1
      RegionServer2
      RegionServer3
      RegionServer4
      RegionServer5
      RegionServer6
      RegionServer7
      RegionServer8
      RegionServer9
  3. Copy the configuration files.

    • On all hosts create the config directory:

      rm -r $HBASE_CONF_DIR;
      mkdir -p $HBASE_CONF_DIR;
      
    • Copy all of the HBase configuration files to the $HBASE_CONF_DIR.

    • Set appropriate permissions:

      chmod a+x $HBASE_CONF_DIR/;
      chown -R $HBASE_USER:$HADOOP_GROUP $HBASE_CONF_DIR/../;
      chmod -R 755 $HBASE_CONF_DIR/../

      where:

      • $HBASE_CONF_DIR is the directory to store the HBase configuration files. For example,/etc/hbase/conf.

      • $HBASE_USER is the user owning the HBase services. For example, hbase.

  4. Review hbase-site.xml and hbase-env.sh. In the hbase-env.sh file, check the Java heap size for HBase master and Region servers (Xms and Xmx settings in HBASE_MASTER_OPTS and HBASE_REGIONSERVER_OPTS). Compare the Region server heap size with the recommended HBase memory values listed in Table 1.6 in Determine HDP Memory Configuration Settings.