AsyncHBase Configuration中的hbase.rpc.timeout:How long, in milliseconds, to wait for a response to an RPC from a region server before failing the RPC with a RpcTimedOutException. This value can be overridden on a per-RPC basis. A value of 0 will not allow RPCs to timeout
http接口(HTTP API)相关文档:
常用:
put:
query:
uid:
stats:
同时我们注意到:OpenTSDB3.0相关的工作正在进行中(work-in-progress),详情:
opentsdb连接Kerberos认证的HBase(非重点,仅顺手记录于此)相关文档:
(搜kerberos关键字)
相关问题讨论:
https://github.com/OpenTSDB/opentsdb/issues/491
参考带有Kerberos认证hbase docker镜像Dockerfile项目:
https://github.com/Knappek/docker-phoenix-secure
该项目中bootstrap-phoenix.sh、docker-compose.yml以及config_files下的配置文件很有参考价值
根据实际情况在/etc/opentsdb/opentsdb.conf配置 末尾添加:
hbase.security.auth.enable=true hbase.security.authentication=kerberos hbase.sasl.clientconfig=Client hbase.kerberos.regionserver.principal=hbase/_HOST@EXAMPLE.COM根据实际情况新建hbase-client.jaas文件,文件内容基本如下样子
Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="/etc/security/keytabs/hbase.keytab" principal="hbase/phoenix.docker.com"; };修改/usr/share/opentsdb/etc/init.d/opentsdb文件,修改启动参数
# start command的位置(约第78行处)加上 -Djava.security.auth.login.config=hbase-client.jaas文件路径 # 注意:如果Zookeeper没有加Kerberos认证,再加一个参数 -Dzookeeper.sasl.client=false JVMARGS="-Djava.security.auth.login.config=http://www.likecs.com/.../jaas.conf"重启opentsdb,如果成功,则能看到如下示例日志:
13:31:55.045 INFO [ZooKeeperSaslClient.run] - Client will use GSSAPI as SASL mechanism.
13:31:55.062 INFO [Login.getRefreshTime] - TGT valid starting at:
Fri Apr 03 13:31:54 CST 2020
13:31:55.062 INFO [Login.getRefreshTime] - TGT expires:
Sat Apr 04 13:31:54 CST 2020
13:31:55.255 INFO [KerberosClientAuthProvider.run] - Client will use GSSAPI as SASL mechanism.
13:31:55.269 INFO [RegionClient.channelConnected] - Initialized security helper: org.hbase.async.SecureRpcHelper96@6471f1e for region client: RegionClient@63709091(chan=null, #pending_rpcs=2, #batched=0, #rpcs_inflight=0)
13:31:55.276 INFO [SecureRpcHelper96.handleResponse] - SASL client context established. Negotiated QoP: auth on for: RegionClient@63709091(chan=null, #pending_rpcs=2, #batched=0, #rpcs_inflight=0)
阅读、探索的过程很累,遇到不太理解的地方又会很困惑,但柳暗花明又一村,凌绝顶一览众山小的喜悦却难以言表。另外,整理的过程也挺烦人,既然花时间整理了,我尽量让感兴趣的读者能从中有一丝收获。当然了,整理的过程也锻炼了我学习知识、解决问题的思路与能力。由于本人能力之有限、理解之不透彻,文中如有错误的理解、不恰当的描述,衷心希望朋友提出一起讨论!