Re: HBase acl commands are too slow

2016-10-11 Thread Ted Yu
I recently worked on HBASE-16773 where 20 PriorityRpcServer handlers were all occupied accessing acl table. Can you take a few jstack of the server hosting acl table when acl command was executing ? Pastebin one or two stack trace. Please also check server log where acl table is hosted. Thanks

Re: HBase acl commands are too slow

2016-06-18 Thread Ted Yu
Images didn't come through. Consider using third party site and send links. I don't know why hbase.rpc.engine was in hbase-site.xml It is not used by hbase 1.1 Though this didn't seem to be the cause. Cheers > On Jun 17, 2016, at 9:06 PM, kumar r wrote: > > Hi, > > I

Re: HBase acl commands are too slow

2016-06-17 Thread kumar r
Hi, I don't think the problem from zookeeper quorum. Create, scan and list commands are working without delay. It won't take more than 5 seconds. But when executing acl commands getting slow response. I have noticed in log as *auth: SIMPLE *but actually it should be *KERBEROS *authentication.

Re: HBase acl commands are too slow

2016-06-17 Thread Ted Yu
I have gone through the log but haven't identified the cause. Can you outline the time range for the 30 second response so that I can correlate with the log ? Is communication with zookeeper quorum working without noticeable delay ? Thanks On Fri, Jun 17, 2016 at 3:47 AM, kumar r

Re: HBase acl commands are too slow

2016-06-17 Thread kumar r
Hi, Please find the log, http://pastebin.com/Bc3ywAQQ *hbase(main):007:0> grant 'Selva','RWXCA','@default'0 row(s) in 21.4610 secondshbase(main):008:0> revoke 'Selva','@default'0 row(s) in 31.8870 seconds* Thanks, Kumar On Wed, Jun 15, 2016 at 7:56 PM, Ted Yu wrote:

Re: HBase acl commands are too slow

2016-06-15 Thread Ted Yu
Have you looked at http://hbase.apache.org/book.html#security ? I noticed that DEBUG logging was not on in the log you posted earlier. Is it possible to turn on DEBUG logging and repeat the operation ? Thanks On Wed, Jun 15, 2016 at 2:12 AM, kumar r wrote: > Hi Ted, > >

Re: HBase acl commands are too slow

2016-06-15 Thread kumar r
Hi Ted, Thanks for your reply. I cannot find anything in configuration. Can you tell me what might be root cause for this issue? What will be major cause for acl command taking more than 30 seconds to process. I cannot find anything other than this in hbase log. Is there any documentation

Re: HBase acl commands are too slow

2016-06-14 Thread Ted Yu
bq. Opening socket connection to server machine2/192.168.60.3:2181. Will not attempt to authenticate using SASL (unknown error) It seems connection to zookeeper might have some issue. Can you double check configuration ? On Mon, Jun 13, 2016 at 11:56 PM, kumar r wrote: >

Re: HBase acl commands are too slow

2016-06-14 Thread kumar r
Hi, Thanks for the reply. Please find the command and time took to process it, *hbase(main):006:0> grant 'Selva','RW','@default'0 row(s) in 11.8830 secondshbase(main):007:0> revoke 'Selva','@default'0 row(s) in 32.4330 seconds* Find my HBase log in below pastebin

Re: HBase acl commands are too slow

2016-06-13 Thread Ted Yu
Can you inspect master log for the corresponding 40 seconds to see if there was some clue ? Feel free to pastebin the log snippet for this period if you cannot determine the cause. Cheers On Sun, Jun 12, 2016 at 10:19 PM, kumar r wrote: > Hi, > > I have configured secure

Re: Hbase ACL

2016-05-06 Thread Anoop John
gt;> userX will never be allowed to write to the table, so I don't see how I can >> use that approach. >> >> >> >> Thanks, >> >> Jason >> >> >> >> >> >> >> >> Sent with Good (www.good.com) >> >> ___

Re: Hbase ACL

2016-05-06 Thread ramkrishna vasudevan
r be allowed to write to the table, so I don't see how I can > use that approach. > >> > >> Thanks, > >> Jason > >> > >> > >> > >> Sent with Good (www.good.com) > >> > >> From: ramkrishna vasudevan <

Re: Hbase ACL

2016-05-06 Thread Anoop John
t; will never be allowed to write to the table, so I don't see how I can use >> that approach. >> >> Thanks, >> Jason >> >> >> >> Sent with Good (www.good.com) >> ____________ >> From: ramkrishna vasudevan <ramkris

Re: Hbase ACL

2016-05-06 Thread Anoop John
t; > From: ramkrishna vasudevan <ramkrishna.s.vasude...@gmail.com> > Sent: Thursday, May 5, 2016 4:03:48 AM > To: user@hbase.apache.org > Subject: Re: Hbase ACL > > I verified the above behaviour using test case as the cluster was busy with >

RE: Hbase ACL

2016-05-05 Thread Tokayer, Jason M.
I can use that approach. Thanks, Jason Sent with Good (www.good.com) From: ramkrishna vasudevan <ramkrishna.s.vasude...@gmail.com> Sent: Thursday, May 5, 2016 4:03:48 AM To: user@hbase.apache.org Subject: Re: Hbase ACL I verified the above behaviour usin

Re: Hbase ACL

2016-05-05 Thread ramkrishna vasudevan
I verified the above behaviour using test case as the cluster was busy with other activities. So in the above example that you mentioned, you had already issued RW access to user-X on the table. Then a specific cell is over written with R permission using the special 'grant' command. Now as per

Re: Hbase ACL

2016-05-04 Thread ramkrishna vasudevan
I tried out with the examples already available in the code base. Will try it out on a cluster which I did not have access to today. Will probably have access tomorrow. I was not aware of that 'grant' feature which allows to set permission on all the cells with a specific prefix and on a specific

Re: Hbase ACL

2016-05-04 Thread Tokayer, Jason M.
Hi Ram, Thanks for the reply. I can take a look at that Mutation documentation. But I wanted to first confirm that this works at all, which is why I started in the shell. The docs I’ve been using are here: https://github.com/apache/hbase/blob/master/src/main/asciidoc/_chapters/sec urity.adoc. If

Re: Hbase ACL

2016-05-04 Thread ramkrishna vasudevan
Superuser: grant 'ns1:t1', {'userX' => 'R' }, { COLUMNS => 'cf1', FILTER => "(PrefixFilter ('r2'))" } So you are trying to grant R permission to user-X for a given qualifier. Please not that this is NOT for a given Cell. Reiterating from your first mail >>What I need to be able to do next is to

Re: Hbase ACL

2016-05-04 Thread Tokayer, Jason M.
Hi Ram, Unfortunately, that configuration doesn’t seem to help. I’ve pasted my config followed by the CLI commands I’ve been running so that the issue can be reproduced. CONFIG: hbase.security.authentication simple hbase.security.authorization true

Re: Hbase ACL

2016-05-03 Thread ramkrishna vasudevan
I think reading the code - there should be no change between the version that you are using and the trunk version. Set this property to false 'hbase.security.access.early_out' and try once. Tomorrow early in the morning I will try out some test case and will revert back to you. Do let me know if

Re: Hbase ACL

2016-05-03 Thread Tokayer, Jason M.
Hi Ram, We are using 1.1.2, but can update to most recent if the desired feature is provided. We do set authorization to true, and I can confirm that I can block writes to the entire table for user-X. But, it that when I grant RW permission (to user-X) on a table and R only on a specific cell in

Re: Hbase ACL

2016-05-03 Thread ramkrishna vasudevan
Hi Jason Which version of HBase are you using? Atleast in trunk I could see that 'OP_ATTRIBUTE_ACL_STRATEGY_CELL_FIRST' is not used rather by default CHECK_CELL_DEFAULT strategy is what getting used now. Ensure that 'hbase.security.authorization' is set to true in hbase-site.xml. If you could