Help Center> MapReduce Service> Developer Guide (Normal_3.x)> HBase Development Guide (Security Mode)> Environment Preparation> Preparing the Configuration Files for Connecting to the Cluster
Updated on 2023-08-31 GMT+08:00
View PDF

Preparing the Configuration Files for Connecting to the Cluster

Preparing User Information for Cluster Authentication

For an MRS cluster with Kerberos authentication enabled, you need to prepare a user who has the operation permission on related components for program authentication.

The following HBase permission configuration example is for reference only. You can modify the configuration as you need.

  1. Log in to FusionInsight Manager.
  2. Choose Cluster > Services > HBase. On the displayed page, click More > Enable Ranger in the upper right corner. Check whether the button is grayed out.

    • If it is grayed out, create a user and assign related operation rights to the user in Ranger.
      1. Choose System > Permission > User. On the displayed page, click Create. On the displayed page, create a machine-machine user, for example, developuser.

        Add the hadoop user group to User Group.

      2. Log in to the Ranger management page as the Ranger administrator rangeradmin.

        The default password of user rangeradmin is Rangeradmin@123. For details, see User Account List.

      3. On the home page, click the component plug-in name in the HBASE area, for example, HBase.
      4. Click in the Action column of the row containing the all - table, column-family, column policy.
      5. In the Allow Conditions area, add an allow condition. Select the user created in 2.a for Select User, and select Select/Deselect All for Permissions.
      6. Click Save.
    • If the button is available, create a user and grant related operation permissions to the user on Manager.
      1. Choose System > Permission > Role. On the displayed page, click Create Role.
        1. Enter the role name, for example, developrole.
        2. In the Configure Resource Permission area, choose Name of the desired cluster > HBase > HBase Scope > global, select the admin, create, read, write, and execute permissions, and click OK.
      2. Choose User in the navigation pane and click Create on the displayed page. Create a machine-machine user, for example, developuser.
        • Add the hadoop user group to User Group.
        • Add the new role created in 2.a to Role.

  3. Log in to FusionInsight Manager as user admin and choose System > Permission > User. In the Operation column of developuser, choose More > Download Authentication Credential. Save the file and decompress it to obtain the user.keytab and krb5.conf files of the user.

Preparing the Configuration Files of the Running Environment

During the development or a test run of the program, you need to use the cluster configuration files to connect to an MRS cluster. The configuration files usually contain the cluster component information file and user files used for security authentication. You can obtain the required information from the created MRS cluster.

Nodes used for program debugging or running must be able to communicate with the nodes within the MRS cluster, and the hosts domain name must be configured.

  • Scenario 1: Prepare the configuration files required for debugging in the local Windows development environment.
    1. Log in to FusionInsight Manager and choose Cluster > Dashboard > More > Download Client. Set Select Client Type to Configuration Files Only. Select the platform type based on the type of the node where the client is to be installed (select x86_64 for the x86 architecture and aarch64 for the Arm architecture) and click OK. After the client files are packaged and generated, download the client to the local PC as prompted and decompress it.

      For example, if the client configuration file package is FusionInsight_Cluster_1_Services_Client.tar, decompress it to obtain FusionInsight_Cluster_1_Services_ClientConfig_ConfigFiles.tar. Then, decompress FusionInsight_Cluster_1_Services_ClientConfig_ConfigFiles.tar

    2. Go to HBase\config in the directory where the client configuration file is decompressed and obtain the configuration files listed in Table 1.
      Table 1 Configuration files

      File

      Description

      core-site.xml

      Hadoop Core parameters

      hbase-site.xml

      HBase parameters

      hdfs-site.xml

      HDFS parameters

      For details about how to obtain the configuration files required for accessing the sample project for developing an HBase ThriftServer application, see Preparing the ThriftServer Instance Configuration Files.

    3. Copy the hosts file content from the decompression directory to the hosts file of the local PC.
      • If you need to debug the application in the local Windows environment, ensure that the local PC can communicate with the hosts listed in the hosts file.
      • If your PC cannot communicate with the network plane where the MRS cluster is deployed, you can bind an EIP to access the MRS cluster. For details, see HBase Access Configuration on Windows Using EIPs.
      • The local hosts file in a Windows environment is stored in, for example, C:\WINDOWS\system32\drivers\etc\hosts.
  • Scenario 2: Prepare the configuration files required for running the program in a Linux environment.
    1. Install the MRS cluster client on the node.

      For example, the client installation directory can be /opt/client.

    2. Obtain the configuration files.
      1. Log in to FusionInsight Manager and choose Cluster > Dashboard > More > Download Client. Set Select Client Type to Configuration Files Only. Select the platform type based on the type of the node where the client is to be installed (select x86_64 for the x86 architecture and aarch64 for the Arm architecture), select Save to Path, and click OK. Download the client configuration file to the active OMS node of the cluster.
      2. Log in to the active OMS node as user root, go to the directory where the client configuration file is stored (/tmp/FusionInsight-Client/ by default), decompress the software package, and obtain the configuration files listed in Table 1 from the HBase/config directory.

        For example, if the client software package is FusionInsight_Cluster_1_Services_Client.tar and the download path is /tmp/FusionInsight-Client on the active OMS node, run the following commands:

        cd /tmp/FusionInsight-Client

        tar -xvf FusionInsight_Cluster_1_Services_Client.tar

        tar -xvf FusionInsight_Cluster_1_Services_ClientConfig_ConfigFiles.tar

        cd FusionInsight_Cluster_1_Services_ClientConfig_ConfigFiles

        For details about how to obtain the configuration files required for accessing the sample project for developing an HBase ThriftServer application, see Preparing the ThriftServer Instance Configuration Files.

    3. Check the network connection of the client node.

      During the client installation, the system automatically configures the hosts file on the client node. You are advised to check whether the /etc/hosts file contains the host names of the nodes in the cluster. If no, manually copy the content of the hosts file in the decompression directory to the hosts file on the node where the client is located, to ensure that the local host can communicate with each host in the cluster.

Preparing the ThriftServer Instance Configuration Files

To access HBase ThriftServer and perform table-related operations, perform the following steps to obtain the configuration files:

  1. Log in to FusionInsight Manager, choose Cluster > Services > HBase > Configuration and click All Configurations, search for and modify the parameter hbase.thrift.security.qop of the ThriftServer instance. The value of this parameter must be the same as that of hbase.rpc.protection. Save the configuration and restart the node service for the configuration to take effect.

    The mapping between hbase.rpc.protection and hbase.thrift.security.qop is as follows:
    • "privacy" - "auth-conf"
    • "authentication" - "auth"
    • "integrity" - "auth-int"

  2. Obtain the ThriftServer instance configuration files.

    • Method 1: Choose Cluster > Services > HBase and click the Instances tab. Click the target ThriftServer instance. In the Configuration File area on the Dashboard page, click hdfs-site.xml, core-site.xml, hbase-site.xml respectively to obtain the configuration files.
    • Method 2: Obtain the configuration files by decompressing the client file in Preparing the Configuration Files of the Running Environment. Add the following configurations to the hbase-site.xml file, and ensure that the value of hbase.thrift.security.qop is the same as that in 1.
      <property>
<name>hbase.thrift.security.qop</name>
<value>auth</value>
</property>
<property>
<name>hbase.thrift.kerberos.principal</name>
<value>thrift/hadoop.hadoop.com@HADOOP.COM</value>
</property>
<property>
<name>hbase.thrift.keytab.file</name><value>/opt/huawei/Bigdata/FusionInsight_HD_8.1.0.1/install/FusionInsight-HBase-2.2.3/keytabs/HBase/thrift.keytab</value>

Parent topic: Environment Preparation