hbase集成Kerberos

2019年6月9日 274次阅读 来源: xuefly

隶属于文章系列:大数据安全实战 https://www.jianshu.com/p/76627fd8399c

过程

  • 部署zookeeper集成Kerberos
  • 创建Kerberos的principle
  • 修改hbase-site.xml
  • 分发文件
  • 启动hbase

zookeeper集成Kerberos

在本文之前已经部署了zookeeper集成Kerberos。参考:zookeeper集成Kerberos

zookeeper集成Kerberos

kadmin.local -q "addprinc -randkey hbase/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "addprinc -randkey hbase/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey hbase/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey hbase/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "addprinc -randkey hbase/v-hadoop5-kbds.sz.kingdee.net "

kadmin.local -q "ktadd -k /etc/hadoop/conf/hbase-service.keytab  hbase/v-hadoop-kbds.sz.kingdee.net"
kadmin.local -q "ktadd -k /etc/hadoop/conf/hbase-service.keytab  hbase/v-hadoop2-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/hbase-service.keytab  hbase/v-hadoop3-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/hbase-service.keytab  hbase/v-hadoop4-kbds.sz.kingdee.net "
kadmin.local -q "ktadd -k /etc/hadoop/conf/hbase-service.keytab  hbase/v-hadoop5-kbds.sz.kingdee.net "

修改hbase-site.xml

<property>
  <name>hbase.security.authorization</name>
  <value>true</value>
  </property>
<property>
 <name>hbase.security.authentication</name>
 <value>kerberos</value>
</property>
<property>
 <name>hbase.rpc.engine</name>
 <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>
</property>

<property>
<name>hbase.regionserver.kerberos.principal</name>
<value>hbase/_HOST@TT.COM</value>
</property>

<property>
<name>hbase.regionserver.keytab.file</name>
<value>/etc/hadoop/conf/hbase-service.keytab</value>
</property>

<property>
<name>hbase.master.kerberos.principal</name>
<value>hbase/_HOST@TT.COM</value>
</property>

<property>
<name>hbase.master.keytab.file</name>
<value>/etc/hadoop/conf/hbase-service.keytab</value>
</property>

分发文件

  • 分发keytab文件
ansible hadoop --become -m copy -a “src=/etc/hadoop/conf/hbase-service.keytab dest=/etc/hadoop/conf/hbase-service.keytab”
  • 分发 hadoop的core-site.xml hdfs-site.xml 到hbase的conf下
    如果hdfs配置了ha,则hbase-site.xml 中需配置:
<property>
  <name>hbase.rootdir</name>
  <value>hdfs://cluster:8020/hbase</value>
</property>

这样需要hadoop的配置文件才能知道cluster代表什么。

ansible hadoop -m copy  -a "src=/mnt/kbdsproject/hadoop/etc/hadoop/core-site.xml  dest=/mnt/kbdsproject/hbase/conf/core-site.xml "
ansible hadoop -m copy  -a "src=/mnt/kbdsproject/hadoop/etc/hadoop/hdfs-site.xml  dest=/mnt/kbdsproject/hbase/conf/hdfs-site.xml "
  • 修改 hbase-env.sh
export HBASE_PID_DIR=/var/hbase/pids

ansible hadoop -m shell --become -a "mkdir -p /var/hbase/pids "
ansible hadoop -m shell --become -a "chown hadoop:hadoop /var/hbase/pids "

ansible hadoop -m copy  -a "src=/mnt/kbdsproject/hbase/conf/hbase-env.sh  dest=/mnt/kbdsproject/hbase/conf/hbase-env.sh  "

启动

/mnt/kbdsproject/hbase/bin/start-hbase.sh
/mnt/kbdsproject/hbase/bin/stop-hbase.sh

#启动所有regionserver
/mnt/kbdsproject/hbase/bin/hbase-daemons.sh  start regionserver
# 启动单个regionserver
/mnt/kbdsproject/hbase/bin/hbase-daemon.sh  start regionserver

/mnt/kbdsproject/hbase/bin/hbase-daemon.sh  start HMaster
    原文作者:xuefly
    原文地址: https://www.jianshu.com/p/60a6895ec093
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞