最近公司大数据集群统一升级了 kerberos,那原先 的opentsdb就不能使用了,需要使用keytab方式登陆验证。
在百度找了好久没找到解决方案,还是组里勇哥看opentsdb源码才发现opentsdb怎么验证keytab.
下面是具体代码片断:
未使用kerberos 时候,直接使用下面的旧代码:
代码语言:javascript复制HBaseClient hbaseClient = new HBaseClient(zookeeper);
激活了kerberos需要:
代码语言:javascript复制System.setProperty("java.security.auth.login.config", "D:/kbs/ksm_jaas.conf");
System.setProperty("zookeeper.sasl.client", "false");
//下面行只在本地打开
System.setProperty("java.security.krb5.conf", "D:/kbs/krb5.conf");
org.hbase.async.Config asyncConfig = new org.hbase.async.Config();
asyncConfig.overrideConfig("hbase.zookeeper.quorum", zookeeper);
asyncConfig.overrideConfig("hbase.security.auth.enable", "true");
asyncConfig.overrideConfig("hbase.security.authentication", "kerberos");
asyncConfig.overrideConfig("hbase.sasl.clientconfig", "Client");
asyncConfig.overrideConfig("hbase.kerberos.regionserver.principal", "hbase/_HOST@HTSEC.COM");
HBaseClient hbaseClient = new HBaseClient(asyncConfig);
//认证
KerberosClientAuthProvider authProvider = new KerberosClientAuthProvider(hbaseClient);
需要注意的是maven jar包,低版本的opentsdb的确不支持kerberos
代码语言:javascript复制<dependency>
<groupId>net.opentsdb</groupId>
<artifactId>opentsdb</artifactId>
<version>2.3.0-RC1</version>
</dependency>
代码语言:javascript复制<dependency>
<groupId>org.hbase</groupId>
<artifactId>asynchbase</artifactId>
<version>1.7.2</version>
</dependency>