Edit /etc/hbase/conf/hbase-site.xml
file on your
HBase Master server to add the following information:
Note | |
---|---|
There are no default values; the following are all only examples. |
<property> <name>hbase.master.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> <description>Full path to the kerberos keytab file to use for logging in the configured HMaster server principal. </description> </property>
<property> <name>hbase.master.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> <description>Ex. "hbase/_HOST@EXAMPLE.COM". The kerberos principal name that should be used to run the HMaster process. The principal name should be in the form: user/hostname@DOMAIN. If "_HOST" is used as the hostname portion, it will be replaced with the actual hostname of the running instance. </description> </property>
<property> <name>hbase.regionserver.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> <description>Full path to the kerberos keytab file to use for logging in the configured HRegionServer server principal. </description> </property>
<property> <name>hbase.regionserver.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> <description>Ex. "hbase/_HOST@EXAMPLE.COM".The kerberos principal name that should be used to run the HRegionServer process. The principal name should be in the form: user/hostname@DOMAIN. If _HOSTis used as the hostname portion, it will be replaced with the actual hostname of the running instance. An entry for this principal must exist in the file specified in hbase.regionserver.keytab.file </description> </property>
<!--Additional configuration specific to HBase security --> <property> <name>hbase.superuser</name> <value>hbase</value> <description>List of users or groups (comma-separated), who are allowed full privileges, regardless of stored ACLs, across the cluster. Used only when HBase security is enabled. </description> </property>
<property> <name>hbase.coprocessor.region.classes</name> <value>org.apache.hadoop.hbase.security.token.TokenProvider, org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint, org.apache.hadoop.hbase.security.access.AccessController </value> <description>A comma-separated list of Coprocessors that are loaded by default on all tables. </description> </property>
<property> <name>hbase.security.authentication</name> <value>kerberos</value> </property>
<property> <name>hbase.rpc.engine</name> <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value> </property>
<property> <name>hbase.security.authorization</name> <value>true</value> <description>Enables HBase authorization. Set the value of this property to false to disable HBase authorization. </description> </property>
<property> <name>hbase.coprocessor.master.classes</name> <value>org.apache.hadoop.hbase.security.access.AccessController</value> </property>
<property> <name>hbase.bulkload.staging.dir</name> <value>/apps/hbase/staging</value> <description>Directory in the default filesystem, owned by the hbase user, and has permissions(-rwx--x--x, 711) </description> </property>
For
more information on bulk loading in secure mode, see HBase Secure BulkLoad. Note that the
hbase.bulkload.staging.dir
is created by
HBase.