HBase 无法给用户赋权, 并报错
问题背景描述:
测试环境, hdfs 被 format 过很多基于 hdfs 的环境都受到了影响 hbase 也受到了影响但是 hbase 在 master 启动的过程中, 只要 hdfs 上有 / hbase 目录
建表之后, 在赋权的时候, 发现有错误
- hbase(main):001:0> user_permission
- User Namespace,Table,Family,Qualifier:Permission
- ERROR: DISABLED: Security features are not available
- hbase(main):001:0> grant 'test_user', 'RWXCA' , 'test_table'
- ERROR: DISABLED: Security features are not available
- Here is some help for this command:
- Grant users specific rights.
- Syntax : grant <user>, <permissions> [, <@namespace> [, <table> [, <column family> [, <column qualifier>]]]
- hbase(main):002:0> hbase:acl
- NoMethodError: undefined method `hbase' for #<Object:0x2a37210>
2. 以开始以为语法有错误, 不会啊, 很简单的语法经过测试几个命令发现, 但凡和权限相关的命令, 都失败了
百度到一些建议, 需要检查参数, 在确认下面几个参数都设置正确的情况下, 问题依旧
- hbase.master.keytab.file
- hbase.master.kerberos.principal
- hbase.regionserver.keytab.file
- hbase.regionserver.kerberos.principal
- hbase.coprocessor.master.classes
- hbase.coprocessor.region.classes
- hbase.security.authorization
3. 百度到以下链接, 其中有介绍:
参考链接
- https://community.hortonworks.com/questions/50984/security-features-not-available-in-hbase-kerberize.html
- It seems your hbase:acl table is not created.
- can you check hbase-site.xml at master side as well it should have:-
- <property>
- <name>hbase.coprocessor.master.classes</name>
- <value>org.apache.Hadoop.hbase.security.access.AccessController</value>
- </property>
- try restarting your cluster as postStartMaster step should create this table, once you are able to do scan 'hbase:acl' , you will not see above error "ERROR: DISABLED:Security features are not available"
4. 下面这句话, 提醒了我, 是不是 hbase:acl 丢失了?
try restarting your cluster as postStartMaster step should create this table, once you are able to do scan 'hbase:acl'
5. 一检查, 发现真没了
6. 正常的情况应该是
7. 问题原因找到了, 开始找解决办法吧继续百度 (search 技术文档, 特别怀念 google)
如何重建 hbase:acl 呢? 安装过程中 hbase 并没有任何特殊设置, 只要在 hdfs 上创建一个 / hbase 目录, 启动 hbase master 就会自动创建需要的文件为什么重启几次, 都没有重新创建这个 acl 表呢?
查看 hbase master log, 可以看到错误 The table hbase:acl does not exist in meta but has a znode. run hbck to fix inconsistencies. 通过命令 hbase hbck 检查, 没有错误问题也没有解决
- 2018-02-24 16:41:40,011 INFO [testserver:16000.activeMasterManager] master.HMaster: Master has completed initialization
- 2018-02-24 16:41:40,016 INFO [testserver:16000.activeMasterManager] quotas.MasterQuotaManager: Quota support disabled
- 2018-02-24 16:41:40,062 INFO [testserver:16000.activeMasterManager] master.HMaster: Client=null/null create 'hbase:acl', {NAME => 'l', DATA_BLOCK_ENCODING => 'NONE', BLOOMFILTER => 'NONE', REPLICATION_SCOPE => '0', COMPRESSION => 'NONE', VERSIONS => '1', TTL => 'FOREVER', MIN_VERSIONS => '0', CACHE_DATA_IN_L1 => 'true', KEEP_DELETED_CELLS => 'FALSE', BLOCKSIZE => '8192', IN_MEMORY => 'true', BLOCKCACHE => 'true'}
- 2018-02-24 16:41:40,200 WARN [ProcedureExecutorThread-1] procedure.CreateTableProcedure: The table hbase:acl does not exist in meta but has a znode. run hbck to fix inconsistencies.
- 2018-02-24 16:41:40,202 ERROR [testserver:16000.activeMasterManager] master.HMaster: Coprocessor postStartMaster() hook failed
- org.apache.hadoop.hbase.TableExistsException: hbase:acl
- at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.prepareCreate(CreateTableProcedure.java:300)
- at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.executeFromState(CreateTableProcedure.java:107)
- at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.executeFromState(CreateTableProcedure.java:58)
- at org.apache.hadoop.hbase.procedure2.StateMachineProcedure.execute(StateMachineProcedure.java:107)
- at org.apache.hadoop.hbase.procedure2.Procedure.doExecute(Procedure.java:427)
- at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execProcedure(ProcedureExecutor.java:999)
- at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execLoop(ProcedureExecutor.java:803)
- at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execLoop(ProcedureExecutor.java:756)
- at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.access$200(ProcedureExecutor.java:75)
- at org.apache.hadoop.hbase.procedure2.ProcedureExecutor$1.run(ProcedureExecutor.java:441)
- 2018-02-24 16:41:40,496 INFO [ProcedureExecutorThread-1] procedure2.ProcedureExecutor: Rolledback procedure CreateTableProcedure (table=hbase:acl) id=2 owner=hbase state=ROLLEDBACK exec-time=299msec exception=org.apache.hadoop.hbase.TableExistsException: hbase:acl
- 2018-02-24 16:46:05,790 INFO [LruBlockCacheStatsExecutor] hfile.LruBlockCache: totalSize=3.24 MB, freeSize=3.08 GB, max=3.08 GB, blockCount=0, accesses=0, hits=0, hitRatio=0, cachingAccesses=0, cachingHits=0, cachingHitsRatio=0,evictions=29, evicted=0, evictedPerRun=0.0
8. 上面报错, 既然已经明确说 znode 的问题, 我们就去检查 zookeeper 上的情况吧
确实看到, 前面准备赋权, 却失败的信息, 记录在 znode 的 acl 路径下
- hbase zkcli
- [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 3] ls /hbase
- [meta-region-server, acl, backup-masters, table, draining, region-in-transition, running, table-lock, balancer, master, tokenauth, namespace, hbaseid, online-snapshot, replication, splitWAL, recovering-regions, rs, flush-table-proc]
- [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 4] ls /hbase/acl
- [@test_user]
9. 在 zk 上删除 / hbase 的信息, 然后重启 hbase 整个集群, 让 hbase 自动重建 acl 表
- [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 6] rmr /hbase
- [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 7] ls /
- [alert, kafka-manager-1.3.3.13, rmstore, yarn-leader-election, kafka10-dev2, livy, kafka10, kafka10-dev, dubbo, eos, alert_leader, election, DP, hadoop-ha, zookeeper, leader, user]
- [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 8] [hbase@testserver ~]$ exit
10. 可以看到, 文件已经回来了
- [hdfs@testserver ~]$ hdfs dfs -ls /hbase/data/hbase
- Found 3 items
- drwxrwx--- - hbase hadoop 0 2018-02-24 17:00 /hbase/data/hbase/acl
- drwxrwx--- - hbase hadoop 0 2018-02-24 16:59 /hbase/data/hbase/meta
- drwxrwx--- - hbase hadoop 0 2018-02-24 17:00 /hbase/data/hbase/namespace
11.acl 表也可以查看了
- hbase(main):004:0> scan 'hbase:acl'
- ROW COLUMN+CELL
- test_table column=l:hbase, timestamp=1519463374193, value=RWXCA
- test_table_01 column=l:hbase, timestamp=1519463409831, value=RWXCA
- user_01 column=l:hbase, timestamp=1519463393177, value=RWXCA
- 3 row(s) in 0.1600 seconds
遇到问题, 在理解整体架构原理的情况下, 有目的, 有范围的一步步检查, 终归是可以解决的
Ubuntu 14.04 下 HBase 单机和伪分布式模式安装配置 https://www.linuxidc.com/Linux/2017-04/143048.htm
Hadoop+HBase 搭建云存储总结 PDF https://www.linuxidc.com/Linux/2013-05/83844.htm
Ubuntu Server 14.04 下 Hbase 数据库安装 https://www.linuxidc.com/Linux/2016-05/131499.htm
HBase 结点之间时间不一致造成 regionserver 启动失败 https://www.linuxidc.com/Linux/2013-06/86655.htm
深入理解 HBase 架构原理 https://www.linuxidc.com/Linux/2017-01/139173.htm
Hadoop 集群安装 & HBase 实验环境搭建 https://www.linuxidc.com/Linux/2013-04/83560.htm
基于 Hadoop 集群的 HBase 集群的配置 https://www.linuxidc.com/Linux/2013-03/80815.htm
Hadoop 安装部署笔记之 - HBase 完全分布模式安装 https://www.linuxidc.com/Linux/2012-12/76947.htm
CentOS 6.4 下 HBase 集群安装 https://www.linuxidc.com/Linux/2016-11/137303.htm
HBase 的详细介绍: 请点这里
HBase 的下载地址: 请点这里
来源: http://www.linuxidc.com/Linux/2018-03/151441.htm