Security Reference
Also available as:
PDF
loading table of contents...

Configure HBase Master

How to configure HBase Master when setting up Kerberos for non-Ambari clusters.

Edit the $HBASE_CONF_DIR/hbase-site.xml file on your HBase Master server to add the following information.
$HBASE_CONF_DIR is the directory to store the HBase configuration files. For example, /etc/hbase/conf

HBase Master Configuration (Kerberos, non-Ambari)

There are no default values. The following are all examples.

<property>    
        <name>hbase.master.keytab.file</name>    
        <value>/etc/security/keytabs/hbase.service.keytab</value>    
        <description>Full path to the Kerberos keytab file to use 
                     for logging in the configured HMaster server principal.    
        </description>  
</property> 
<property>    
        <name>hbase.master.kerberos.principal</name>    
        <value>hbase/_HOST@EXAMPLE.COM</value>    
        <description>Ex. "hbase/_HOST@EXAMPLE.COM". 
        The Kerberos principal name that should be used to run the HMaster process.  
        The principal name should be in the form: user/hostname@DOMAIN.  If "_HOST" is used as the hostname portion, 
        it will be replaced with the actual hostname of the running instance.    
        </description>  
</property> 
<property>    
        <name>hbase.regionserver.keytab.file</name>    
        <value>/etc/security/keytabs/hbase.service.keytab</value>    
        <description>Full path to the Kerberos keytab file to use for logging
        in the configured HRegionServer server principal.    
        </description>  
</property>
<property>    
        <name>hbase.regionserver.kerberos.principal</name>    
        <value>hbase/_HOST@EXAMPLE.COM</value>    
        <description>Ex. "hbase/_HOST@EXAMPLE.COM".The Kerberos principal name thatshould be used to run the HRegionServer process. 
The principal name should be in the form: user/hostname@DOMAIN.  
If _HOSTis used as the hostname portion, it will be replaced with the actual hostname of the runninginstance.  
An entry for this principal must existin the file specified in hbase.regionserver.keytab.file    
        </description>  
</property>
<!--Additional configuration specific to HBase security -->
  
<property>    
        <name>hbase.superuser</name>    
        <value>hbase</value>    
        <description>List of users or groups (comma-separated), who are allowed full privileges, regardless of stored ACLs, across the cluster. 
Only used when HBase security is enabled.    
        </description>  
</property>    
<property>    
        <name>hbase.coprocessor.region.classes</name>    
        <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController </value>    
        <description>A comma-separated list of Coprocessors that are loaded by default on all tables. 
        </description>  
</property>
<property>    
        <name>hbase.security.authentication</name>    
        <value>kerberos</value>    
        
</property>  
<property>    
        <name>hbase.rpc.engine</name>    
        <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>    
        
</property>   
<property>    
        <name>hbase.security.authorization</name>    
        <value>true</value>  
        <description>Enables HBase authorization. Set the value of this property to false to disable HBase authorization.
        </description>  
        
</property>
<property>    
        <name>hbase.coprocessor.master.classes</name>    
        <value>org.apache.hadoop.hbase.security.access.AccessController</value>    
        
</property> 
<property>    
        <name>hbase.bulkload.staging.dir</name>    
        <value>/apps/hbase/staging</value>    
        <description>Directory in the default filesystem, owned by the hbase user, and has permissions(-rwx--x--x, 711) </description>  
        
</property>