Hbase無法給用戶賦權
阿新 • • 發佈:2018-03-19
hbase fail grant Hbase無法給用戶賦權,並報錯。
問題背景描述:
測試環境,hdfs被format過。很多基於hdfs的環境都受到了影響。hbase也受到了影響。但是hbase在master啟動的過程中,只要hdfs上有/hbase目錄
建表之後,在賦權的時候,發現有錯誤
hbase(main):001:0> user_permission User Namespace,Table,Family,Qualifier:Permission ERROR: DISABLED: Security features are not available hbase(main):001:0> grant 'test_user', 'RWXCA' , 'test_table' ERROR: DISABLED: Security features are not available Here is some help for this command: Grant users specific rights. Syntax : grant <user>, <permissions> [, <@namespace> [, <table> [, <column family> [, <column qualifier>]]] hbase(main):002:0> hbase:acl NoMethodError: undefined method `hbase' for #<Object:0x2a37210>
2.以開始以為語法有錯誤,不會啊,很簡單的語法。經過測試幾個命令發現,但凡和權限相關的命令,都失敗了
百度到一些建議,需要檢查參數,在確認下面幾個參數都設置正確的情況下,問題依舊
hbase.master.keytab.file hbase.master.kerberos.principal hbase.regionserver.keytab.file hbase.regionserver.kerberos.principal hbase.coprocessor.master.classes hbase.coprocessor.region.classes hbase.security.authorization
3.百度到以下鏈接,其中有介紹:
參考鏈接
https://community.hortonworks.com/questions/50984/security-features-not-available-in-hbase-kerberize.html It seems your hbase:acl table is not created. can you check hbase-site.xml at master side as well it should have:- <property> <name>hbase.coprocessor.master.classes</name> <value>org.apache.hadoop.hbase.security.access.AccessController</value> </property> try restarting your cluster as postStartMaster step should create this table, once you are able to do scan 'hbase:acl' , you will not see above error "ERROR: DISABLED:Security features are not available"
4.下面這句話,提醒了我,是不是hbase:acl丟失了?
try restarting your cluster as postStartMaster step should create this table, once you are able to do scan 'hbase:acl'
5.一檢查,發現真沒了
6.正常的情況應該是
7.問題原因找到了,開始找解決辦法吧。繼續百度(search技術文檔,特別懷念google)
如何重建hbase:acl呢?安裝過程中hbase並沒有任何特殊設置,只要在hdfs上創建一個/hbase目錄,啟動hbase master就會自動創建需要的文件。為什麽重啟幾次,都沒有重新創建這個acl表呢?
查看hbase master log,可以看到錯誤“The table hbase:acl does not exist in meta but has a znode. run hbck to fix inconsistencies.” 通過命令hbase hbck檢查,沒有錯誤。問題也沒有解決
2018-02-24 16:41:40,011 INFO [testserver:16000.activeMasterManager] master.HMaster: Master has completed initialization
2018-02-24 16:41:40,016 INFO [testserver:16000.activeMasterManager] quotas.MasterQuotaManager: Quota support disabled
2018-02-24 16:41:40,062 INFO [testserver:16000.activeMasterManager] master.HMaster: Client=null/null create 'hbase:acl', {NAME => 'l', DATA_BLOCK_ENCODING => 'NONE', BLOOMFILTER => 'NONE', REPLICATION_SCOPE => '0', COMPRESSION => 'NONE', VERSIONS => '1', TTL => 'FOREVER', MIN_VERSIONS => '0', CACHE_DATA_IN_L1 => 'true', KEEP_DELETED_CELLS => 'FALSE', BLOCKSIZE => '8192', IN_MEMORY => 'true', BLOCKCACHE => 'true'}
2018-02-24 16:41:40,200 WARN [ProcedureExecutorThread-1] procedure.CreateTableProcedure: The table hbase:acl does not exist in meta but has a znode. run hbck to fix inconsistencies.
2018-02-24 16:41:40,202 ERROR [testserver:16000.activeMasterManager] master.HMaster: Coprocessor postStartMaster() hook failed
org.apache.hadoop.hbase.TableExistsException: hbase:acl
at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.prepareCreate(CreateTableProcedure.java:300)
at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.executeFromState(CreateTableProcedure.java:107)
at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.executeFromState(CreateTableProcedure.java:58)
at org.apache.hadoop.hbase.procedure2.StateMachineProcedure.execute(StateMachineProcedure.java:107)
at org.apache.hadoop.hbase.procedure2.Procedure.doExecute(Procedure.java:427)
at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execProcedure(ProcedureExecutor.java:999)
at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execLoop(ProcedureExecutor.java:803)
at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execLoop(ProcedureExecutor.java:756)
at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.access$200(ProcedureExecutor.java:75)
at org.apache.hadoop.hbase.procedure2.ProcedureExecutor$1.run(ProcedureExecutor.java:441)
2018-02-24 16:41:40,496 INFO [ProcedureExecutorThread-1] procedure2.ProcedureExecutor: Rolledback procedure CreateTableProcedure (table=hbase:acl) id=2 owner=hbase state=ROLLEDBACK exec-time=299msec exception=org.apache.hadoop.hbase.TableExistsException: hbase:acl
2018-02-24 16:46:05,790 INFO [LruBlockCacheStatsExecutor] hfile.LruBlockCache: totalSize=3.24 MB, freeSize=3.08 GB, max=3.08 GB, blockCount=0, accesses=0, hits=0, hitRatio=0, cachingAccesses=0, cachingHits=0, cachingHitsRatio=0,evictions=29, evicted=0, evictedPerRun=0.08.上面報錯,既然已經明確說znode的問題,我們就去檢查zookeeper上的情況吧。
確實看到,前面準備賦權,卻失敗的信息,記錄在znode的acl路徑下
hbase zkcli [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 3] ls /hbase [meta-region-server, acl, backup-masters, table, draining, region-in-transition, running, table-lock, balancer, master, tokenauth, namespace, hbaseid, online-snapshot, replication, splitWAL, recovering-regions, rs, flush-table-proc] [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 4] ls /hbase/acl [@test_user]
9.在zk上刪除/hbase的信息,然後重啟hbase整個集群,讓hbase自動重建acl表
[zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 6] rmr /hbase [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 7] ls / [alert, kafka-manager-1.3.3.13, rmstore, yarn-leader-election, kafka10-dev2, livy, kafka10, kafka10-dev, dubbo, eos, alert_leader, election, DP, hadoop-ha, zookeeper, leader, user] [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 8] [hbase@testserver ~]$ exit
10.可以看到,文件已經回來了
[hdfs@testserver ~]$ hdfs dfs -ls /hbase/data/hbase Found 3 items drwxrwx--- - hbase hadoop 0 2018-02-24 17:00 /hbase/data/hbase/acl drwxrwx--- - hbase hadoop 0 2018-02-24 16:59 /hbase/data/hbase/meta drwxrwx--- - hbase hadoop 0 2018-02-24 17:00 /hbase/data/hbase/namespace
11.acl表也可以查看了
hbase(main):004:0> scan 'hbase:acl' ROW COLUMN+CELL test_table column=l:hbase, timestamp=1519463374193, value=RWXCA test_table_01 column=l:hbase, timestamp=1519463409831, value=RWXCA user_01 column=l:hbase, timestamp=1519463393177, value=RWXCA 3 row(s) in 0.1600 seconds
遇到問題,在理解整體架構原理的情況下,有目的,有範圍的一步步檢查,終歸是可以解決的。
Hbase無法給用戶賦權