I recently worked on HBASE-16773 where 20 PriorityRpcServer handlers were
all occupied accessing acl table.
Can you take a few jstack of the server hosting acl table when acl command
was executing ?
Pastebin one or two stack trace.
Please also check server log where acl table is hosted.
Thanks
Images didn't come through.
Consider using third party site and send links.
I don't know why hbase.rpc.engine was in hbase-site.xml
It is not used by hbase 1.1
Though this didn't seem to be the cause.
Cheers
> On Jun 17, 2016, at 9:06 PM, kumar r wrote:
>
> Hi,
>
> I
Hi,
I don't think the problem from zookeeper quorum.
Create, scan and list commands are working without delay. It won't take
more than 5 seconds.
But when executing acl commands getting slow response.
I have noticed in log as *auth: SIMPLE *but actually it should be
*KERBEROS *authentication.
I have gone through the log but haven't identified the cause.
Can you outline the time range for the 30 second response so that I can
correlate with the log ?
Is communication with zookeeper quorum working without noticeable delay ?
Thanks
On Fri, Jun 17, 2016 at 3:47 AM, kumar r
Hi,
Please find the log,
http://pastebin.com/Bc3ywAQQ
*hbase(main):007:0> grant 'Selva','RWXCA','@default'0 row(s) in 21.4610
secondshbase(main):008:0> revoke 'Selva','@default'0 row(s) in 31.8870
seconds*
Thanks,
Kumar
On Wed, Jun 15, 2016 at 7:56 PM, Ted Yu wrote:
Have you looked at http://hbase.apache.org/book.html#security ?
I noticed that DEBUG logging was not on in the log you posted earlier.
Is it possible to turn on DEBUG logging and repeat the operation ?
Thanks
On Wed, Jun 15, 2016 at 2:12 AM, kumar r wrote:
> Hi Ted,
>
>
Hi Ted,
Thanks for your reply.
I cannot find anything in configuration. Can you tell me what might be root
cause for this issue?
What will be major cause for acl command taking more than 30 seconds to
process. I cannot find anything other than this in hbase log. Is there any
documentation
bq. Opening socket connection to server machine2/192.168.60.3:2181. Will
not attempt to authenticate using SASL (unknown error)
It seems connection to zookeeper might have some issue.
Can you double check configuration ?
On Mon, Jun 13, 2016 at 11:56 PM, kumar r wrote:
>
Hi,
Thanks for the reply.
Please find the command and time took to process it,
*hbase(main):006:0> grant 'Selva','RW','@default'0 row(s) in 11.8830
secondshbase(main):007:0> revoke 'Selva','@default'0 row(s) in 32.4330
seconds*
Find my HBase log in below pastebin
Can you inspect master log for the corresponding 40 seconds to see if there
was some clue ?
Feel free to pastebin the log snippet for this period if you cannot
determine the cause.
Cheers
On Sun, Jun 12, 2016 at 10:19 PM, kumar r wrote:
> Hi,
>
> I have configured secure
gt;> userX will never be allowed to write to the table, so I don't see how I can
>> use that approach.
>> >>
>> >> Thanks,
>> >> Jason
>> >>
>> >>
>> >>
>> >> Sent with Good (www.good.com)
>> >> ___
r be allowed to write to the table, so I don't see how I can
> use that approach.
> >>
> >> Thanks,
> >> Jason
> >>
> >>
> >>
> >> Sent with Good (www.good.com)
> >>
> >> From: ramkrishna vasudevan <
t; will never be allowed to write to the table, so I don't see how I can use
>> that approach.
>>
>> Thanks,
>> Jason
>>
>>
>>
>> Sent with Good (www.good.com)
>> ____________
>> From: ramkrishna vasudevan <ramkris
t;
> From: ramkrishna vasudevan <ramkrishna.s.vasude...@gmail.com>
> Sent: Thursday, May 5, 2016 4:03:48 AM
> To: user@hbase.apache.org
> Subject: Re: Hbase ACL
>
> I verified the above behaviour using test case as the cluster was busy with
>
I can use that
approach.
Thanks,
Jason
Sent with Good (www.good.com)
From: ramkrishna vasudevan <ramkrishna.s.vasude...@gmail.com>
Sent: Thursday, May 5, 2016 4:03:48 AM
To: user@hbase.apache.org
Subject: Re: Hbase ACL
I verified the above behaviour usin
I verified the above behaviour using test case as the cluster was busy with
other activities.
So in the above example that you mentioned, you had already issued RW
access to user-X on the table. Then a specific cell is over written with R
permission using the special 'grant' command.
Now as per
I tried out with the examples already available in the code base. Will try
it out on a cluster which I did not have access to today. Will probably
have access tomorrow.
I was not aware of that 'grant' feature which allows to set permission on
all the cells with a specific prefix and on a specific
Hi Ram,
Thanks for the reply. I can take a look at that Mutation documentation.
But I wanted to first confirm that this works at all, which is why I
started in the shell. The docs I’ve been using are here:
https://github.com/apache/hbase/blob/master/src/main/asciidoc/_chapters/sec
urity.adoc. If
Superuser:
grant 'ns1:t1', {'userX' => 'R' }, { COLUMNS => 'cf1', FILTER =>
"(PrefixFilter ('r2'))" }
So you are trying to grant R permission to user-X for a given qualifier.
Please not that this is NOT for a given Cell.
Reiterating from your first mail
>>What I need to be able to do next is to
Hi Ram,
Unfortunately, that configuration doesn’t seem to help. I’ve pasted my
config followed by the CLI commands I’ve been running so that the issue
can be reproduced.
CONFIG:
hbase.security.authentication
simple
hbase.security.authorization
true
I think reading the code - there should be no change between the version
that you are using and the trunk version.
Set this property to false
'hbase.security.access.early_out' and try once.
Tomorrow early in the morning I will try out some test case and will revert
back to you.
Do let me know if
Hi Ram,
We are using 1.1.2, but can update to most recent if the desired feature
is provided. We do set authorization to true, and I can confirm that I can
block writes to the entire table for user-X. But, it that when I grant RW
permission (to user-X) on a table and R only on a specific cell in
Hi Jason
Which version of HBase are you using?
Atleast in trunk I could see that 'OP_ATTRIBUTE_ACL_STRATEGY_CELL_FIRST' is
not used rather by default CHECK_CELL_DEFAULT strategy is what getting used
now.
Ensure that 'hbase.security.authorization' is set to true in
hbase-site.xml. If you could
23 matches
Mail list logo