Enable Impersonation for HBase Thrift Gateway
About this task
To configure the Thrift gateway to authenticate to HBase on the client’s behalf, and to access HBase using a proxy user:
Procedure
-
To allow proxy users, add the following to the
hbase-site.xml
file for every HBase node:<property> <name>hadoop.proxyuser.$USER.groups</name> <value>$GROUPS</value> </property> <property> <name>hadoop.proxyuser.$USER.hosts</name> <value>$GROUPS</value> </property>
-
To enable the
doAs
feature, add the following to the hbase-site.xml file for every Thrift gateway:<property> <name>hbase.regionserver.thrift.http</name> <value>true</value> </property> <property> <name>hbase.thrift.support.proxyuser</name> <value>true/value> </property>
-
Restart the Thrift gateway processes for the changes to take effect. If a node
is running Thrift, the output of the
jps
command will list aThriftServer
process.- To restart Thrift on a node, use the following
maprcli
command:maprcli node services -name hbasethrift -action restart -nodes <node_hostname>
- To restart Thrift on a node, use the following