Apache HBase

The connector for Apache HBase connects to Apache HBase via the HBase REST (Stargate) server.

Set the Port and Server properties to connect to Apache HBase.

The Server property will typically be the host name or IP address of the server hosting Apache HBase. If there are multiple nodes, you will use the host name or IP address of the machine running the REST (Stargate) server.

1.1 Starting the Server

Different Hadoop distributions contain different interfaces and means of starting and stopping the HBase REST server, along with different default port settings.

In most distributions, the HBase REST server can be started in the foreground by running the following command: "hbase rest start -p <port>". Please consult your Hadoop distribution's documentation for further information regarding the HBase REST server.

1.2 Authenticating to Apache HBase

The connector for Apache HBase supports authentication over Basic and Negotiate.

1.2.1 No Authentication

By default, no authentication (or anonymous auth) is used. Set AuthScheme to None to explicitly enforce no authentication.

1.2.2 Authenticating with Basic

Basic authentication may be used by setting AuthScheme to Basic. In addition, set the following:

  • User: The Apache HBase user;

  • Password: The Apache HBase password;

1.2.3 Authenticating with Kerberos

To authenticate with Kerberos, set AuthScheme to NEGOTIATE and set the User and Password.

To authenticate to Apache HBase using Kerberos, set the following properties:

  • AuthScheme: Set this to KERBEROS

  • KerberosKDC: Set this to the host name or IP Address of your Kerberos KDC machine.

  • KerberosSPN: Set this to the service and host of the Apache HBase Kerberos Principal. This will be the value prior to the '@' symbol (for instance, hbase/MyHost) of the hbase.regionserver.kerberos.principal of the hbase-site.xml file (for instance, hbase/MyHost@EXAMPLE.COM).

1.2.3.1 Retrieve the Kerberos Ticket

You can use one of the following options to retrieve the required Kerberos ticket.

1.2.3.2 MIT Kerberos Credential Cache File

This option enables you to use the MIT Kerberos Ticket Manager or kinit command to get tickets. Note that you won't need to set the User or Password connection properties with this option.

  1. Ensure that you have an environment variable created called KRB5CCNAME.

  2. Set the KRB5CCNAME environment variable to a path pointing to your credential cache file (for instance, C:\krb_cache\krb5cc_0 or /tmp/krb5cc_0). This file will be created when generating your ticket with MIT Kerberos Ticket Manager.

  3. To obtain a ticket, open the MIT Kerberos Ticket Manager application, click Get Ticket, enter your principal name and password, then click OK. If successful, ticket information will appear in Kerberos Ticket Manager and will now be stored in the credential cache file.

  4. Now that the credential cache file has been created, the provider will use the cache file to obtain the kerberos ticket to connect to Apache HBase.

As an alternative to setting the KRB5CCNAME environment variable, you can directly set the file path using the KerberosTicketCache property. When set, the provider will use the specified cache file to obtain the kerberos ticket to connect to Apache HBase.

1.2.3.3 Keytab File

If the KRB5CCNAME environment variable has not been set, you can retrieve a Kerberos ticket using a Keytab File. To do this, set the User property to the desired username and set the KerberosKeytabFile property to a file path pointing to the keytab file associated with the user.

1.2.3.4 User and Password

If both the KRB5CCNAME environment variable and the KerberosKeytabFile property have not been set, you can retrieve a ticket using a User and Password combination. To do this, set the User and Password properties to the user/password combo that you use to authenticate with Apache HBase.

1.2.3.5 Cross-Realm Authentication

More complex Kerberos environments may require cross-realm authentication where multiple realms and KDC servers are used (e.g. where one realm/KDC is used for user authentication and another realm/KDC used for obtaining the service ticket).

In such an environment, the KerberosRealm and KerberosKDC properties can be set to the values required for user authentication. The KerberosServiceRealm and KerberosServiceKDC properties can be set to the values required to obtain the service ticket.

The following are the connection properties for Apache HBase. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Property

Description

Authentication

AuthScheme

The scheme used for authentication. Accepted entries are NONE, BASIC, and NEGOTIATE (Kerberos). NONE is the default.

PageSize

The number of results to return per page from Apache HBase.

Password

The password used to authenticate to Apache HBase.

Port

The port for the Apache HBase REST server.

Server

The host name or IP address of the Apache HBase REST server.

User

The user who is authenticating to Apache HBase.

Firewall

FirewallPassword

A password used to authenticate to a proxy-based firewall.

FirewallPort

The TCP port for a proxy-based firewall.

FirewallServer

The name or IP address of a proxy-based firewall.

FirewallType

The protocol used by a proxy-based firewall.

FirewallUser

The user name to use to authenticate with a proxy-based firewall.

Kerberos

KerberosKDC

The Kerberos Key Distribution Center (KDC) service used to authenticate the user.

KerberosKeytabFile

The Keytab file containing your pairs of Kerberos principals and encrypted keys.

KerberosRealm

The Kerberos Realm used to authenticate the user with.

KerberosSPN

The service principal name (SPN) for the Kerberos Domain Controller.

Logging

Logfile

A path to the log file.

MaxLogFileCount

A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.

MaxLogFileSize

A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.

Verbosity

The verbosity level that determines the amount of detail included in the log file.

Misc

ConnectionLifeTime

The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.

ConnectionString

***

DatetimeFormat

The format used when inserting datetime values into the database.

MaxRows

Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.

Other

These hidden properties are used only in specific use cases.

PoolIdleTimeout

The allowed idle time for a connection before it is closed.

PoolMaxSize

The maximum connections in the pool.

PoolMinSize

The minimum number of connections in the pool.

PoolWaitTime

The max seconds to wait for an available connection.

PseudoColumns

This property indicates whether or not to include pseudo columns as columns to the table.

Readonly

You can use this property to enforce read-only access to Apache HBase from the provider.

RetrieveSelectedColumnsOnly

Specifies whether to retrieve selected columns only when executing a SELECT statement.

RowScanDepth

The number of rows to scan to determine columns for the table.

SSLServerCert

The certificate to be accepted from the server when connecting using TLS/SSL.

SupportEnhancedSQL

This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.

Timeout

The value in seconds until the timeout error is thrown, canceling the operation.

TypeDetectionScheme

Determines how to determine the data type of columns.

UseConnectionPooling

This property enables connection pooling.

Proxy

ProxyAuthScheme

The authentication type to use to authenticate to the ProxyServer proxy.

ProxyAutoDetect

This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings.

ProxyExceptions

A semicolon separated list of hosts or IPs that are exempt from connecting through the ProxyServer .

ProxyPassword

A password to be used to authenticate to the ProxyServer proxy.

ProxyPort

The TCP port the ProxyServer proxy is running on.

ProxyServer

The hostname or IP address of a proxy to route HTTP traffic through.

ProxySSLType

The SSL type to use when connecting to the ProxyServer proxy.

ProxyUser

A user name to be used to authenticate to the ProxyServer proxy.

Last updated