Configure HBase Master
How to configure HBase Master when setting up Kerberos for non-Ambari clusters.
Edit the $HBASE_CONF_DIR/hbase-site.xml
file on your HBase Master server to add the following
information.
$HBASE_CONF_DIR is the directory to
store the HBase configuration files. For example,
/etc/hbase/conf
HBase Master Configuration (Kerberos, non-Ambari)
There are no default values. The following are all examples.
<property>
<name>hbase.master.keytab.file</name>
<value>/etc/security/keytabs/hbase.service.keytab</value>
<description>Full path to the Kerberos keytab file to use
for logging in the configured HMaster server principal.
</description>
</property>
<property>
<name>hbase.master.kerberos.principal</name>
<value>hbase/_HOST@EXAMPLE.COM</value>
<description>Ex. "hbase/_HOST@EXAMPLE.COM".
The Kerberos principal name that should be used to run the HMaster process.
The principal name should be in the form: user/hostname@DOMAIN. If "_HOST" is used as the hostname portion,
it will be replaced with the actual hostname of the running instance.
</description>
</property>
<property>
<name>hbase.regionserver.keytab.file</name>
<value>/etc/security/keytabs/hbase.service.keytab</value>
<description>Full path to the Kerberos keytab file to use for logging
in the configured HRegionServer server principal.
</description>
</property>
<property>
<name>hbase.regionserver.kerberos.principal</name>
<value>hbase/_HOST@EXAMPLE.COM</value>
<description>Ex. "hbase/_HOST@EXAMPLE.COM".The Kerberos principal name thatshould be used to run the HRegionServer process.
The principal name should be in the form: user/hostname@DOMAIN.
If _HOSTis used as the hostname portion, it will be replaced with the actual hostname of the runninginstance.
An entry for this principal must existin the file specified in hbase.regionserver.keytab.file
</description>
</property><!--Additional configuration specific to HBase security -->
<property>
<name>hbase.superuser</name>
<value>hbase</value>
<description>List of users or groups (comma-separated), who are allowed full privileges, regardless of stored ACLs, across the cluster.
Only used when HBase security is enabled.
</description>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController </value>
<description>A comma-separated list of Coprocessors that are loaded by default on all tables.
</description>
</property>
<property>
<name>hbase.security.authentication</name>
<value>kerberos</value>
</property>
<property>
<name>hbase.rpc.engine</name>
<value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>
</property>
<property>
<name>hbase.security.authorization</name>
<value>true</value>
<description>Enables HBase authorization. Set the value of this property to false to disable HBase authorization.
</description>
</property>
<property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.bulkload.staging.dir</name>
<value>/apps/hbase/staging</value>
<description>Directory in the default filesystem, owned by the hbase user, and has permissions(-rwx--x--x, 711) </description>
</property>