Help Center> MapReduce Service> Developer Guide (LTS)> HetuEngine Development Guide (Security Mode)> Application Development> Python3 Sample Code> KeyTab File Authentication Using HSFabric
Updated on 2024-04-02 GMT+08:00
View PDF

KeyTab File Authentication Using HSFabric

This section describes how to use the KeyTab file and HSFabric to connect to HetuEngine, assemble SQL statements, and send the SQL statements to HetuEngine for execution to add, delete, modify, and query Hive data sources.

import jaydebeapi
 
driver = "io.xxx.jdbc.xxxDriver"
 
# need to change the value based on the cluster information
url = "jdbc:xxx://192.168.43.244:29902/hive/default?serviceDiscoveryMode=hsfabric"
user = "YourUserName"
KerberosPrincipal = "YourUserName"
tenant = "YourTenant"
KerberosConfigPath = "Your file path of krb5.conf"
KerberosKeytabPath = "Your file path of user.keytab"
jdbc_location = "Your file path of the jdbc jar"
 
sql = "show tables"
 
if __name__ == '__main__':
    conn = jaydebeapi.connect(driver, url, {'user': user,
                                            'SSL': "true",
                                            'KerberosPrincipal': KerberosPrincipal,
                                            'KerberosConfigPath': KerberosConfigPath,
                                            'KerberosRemoteServiceName': "HTTP",
                                            "KerberosKeytabPath": KerberosKeytabPath,
                                            "tenant": tenant,
                                            'deploymentMode': "on_yarn",
                                            "ZooKeeperSaslClientConfig": "Client"},
                              [jdbc_location])
    curs = conn.cursor()
    curs.execute(sql)
    result = curs.fetchall()
    print(result)
    curs.close()
    conn.close()

The following table describes the parameters in the preceding code.

Table 1 Parameter description

Parameter

Description

url

jdbc:xxx://HSFabric1_IP:HSFabric1_Port,HSFabric2_IP:HSFabric2_Port,HSFabric3_IP:HSFabric3_Port/catalog/schema?serviceDiscoveryMode=hsfabric

NOTE:
  • xxx: driver name, which is subjective to the real-world code you use.
  • catalog and schema indicate the names of the catalog and schema to be connected to the JDBC client, respectively.
  • HSFabric_IP:HSFabric_Port indicates the HSFabric URL. Use commas (,) to separate multiple URLs, for example, 192.168.1.130:29902,192.168.1.131:29902,192.168.1.132:29902.

    On FusionInsight Manager, choose Cluster > Services > HetuEngine and click Instance to obtain the service IP addresses of all HSFabric instances. On the Configurations page, search for gateway.port to obtain the port number of HSFabric.

user

Username for accessing HetuEngine, that is, the username of the human-machine user created in the cluster.

KerberosPrincipal

Username corresponding to keytab specified by KerberosKeytabPath

tenant

Tenant resource queue for accessing HetuEngine compute instances

KerberosConfigPath

The krb5 configuration file to access the data source user. For details, see Preparing for Security Authentication.

KerberosKeytabPath

The keytab configuration file of the data source user, which can be obtained by following the instructions in Preparing for Security Authentication.

jdbc_location

Full path of the hetu-jdbc-XXX.jar package obtained in Configuring the Python3 Sample Project.

  • Example path in Windows: D:\\hetu-examples-python3\\hetu-jdbc-XXX.jar
  • Example path in Linux: /opt/hetu-examples-python3/hetu-jdbc-XXX.jar
Parent topic: Python3 Sample Code