HBase Configuration Properties
This section describes and shows examples of the configuration properties used in the
hbase-site.xml
file.
Basic Properties
- Hbase.rootdir
- Description: Specifies where the HBase data is stored. If not specified, by
default HBase uses the
/tmp/
local folder. It is possible to use the local file system or a remote file system instance.
- HBase.cluster.distributed
- Description: The mode the cluster will be in. Possible values are false for
standalone mode and true for distributed mode. If false, startup runs all HBase and
ZooKeeper daemons together in the one JVM. Default:
false
.
- Hbase.zookeeper.quorum
- Description: Comma-separated list of servers in the ZooKeeper ensemble. For
example,
host1.mydomain.com,host2.mydomain.com,host3.mydomain.com
. By default this property is set to localhost for local and pseudo-distributed modes of operation. For a fully-distributed setup, this property should be set to a full list of ZooKeeper ensemble servers. If HBASE_MANAGES_ZK is set inhbase-env.sh
, this is the list of servers that HBase will start or stop ZooKeeper on as part of cluster start or stop. Client-side, we will take this list of ensemble members and put it together with thehbase.zookeeper.property.clientPort config.
and pass it into the Zookeeper constructor as theconnectString
parameter. Port could be specified together with hosts. In this case, thehbase.zookeeper.property.clientPort
configuration is useless.
- Dfs.support.append
- Description: Specifies whether DFS allows appends to files.
- Hbase.fsutil.maprfs.impl
- Description: Specifies the FSUtil class (the utility methods for interacting with the underlying file system) used in HBase.
- Hbase.regionserver.handler.count
- Description: Sets the count of RPC Listener instances spun up on RegionServers. The same property is used by the Master for a count of master handlers. Too many handlers can be counter-productive. Make it a multiple of the CPU count. If mostly read-only, handlers count close to CPU count does well. Start with twice the CPU count and tune from there. Default: 30.
- Fs.mapr.threads
- Description: Controls currency in the HPE Ezmeral Data Fabric Database client.
- Mapr.hbase.default.db
- Description: Specifies whether to use HBase or the HPE Ezmeral Data Fabric Database client. Possible values are
hbase
andmaprdb
.
Security Properties
To support authorization, four properties must be enabled:
hbase.security.authorization
hbase.security.exec.permission.checks
hbase.coprocessor.master.classes
hbase.coprocessor.region.classes
- Hbase.security.authorizaation
- Description: Specifies whether authorization is enabled or not.
- Hbase.security.exec.permission.checks
- Description: Without this option, all users continue to have access to execute endpoint coprocessors. This option is not enabled when you enable HBase Secure Authorization for backward compatibility.
- hbase.coprocessor.master.classes
- Description: A comma-separated list of coprocessors that are loaded by the master (MasterObserver coprocessors). The AccessController has to be active to support authorization.
- Hbase.coprocessor.region.classes
- Description: A comma-separated list of RegionObserver and Endpoint coprocessors. TokenProvider and AccessController must be active to support authorization.
Authentication and Encryption Properties
- hbase.security.authentication
- Description: Defines whether to use SASL mechanisms in HBase to authenticate
RPC connections from clients to HBase Master and RegionServer. Also defines whether to
support authentication for HBaseThrift. Specifying
maprsasl
enables authentication for HBaseThrift over http.
- hbase.security.token.authentication.method
- Description: Enables SCRAM as a token authentication method. For
FIPS-enabled nodes, running
/opt/mapr/server/configure.sh
automatically adds this property tohbase-site.xml
. In clusters with a mix of FIPS and non-FIPS nodes, you must manually add this property to non-FIPS nodes.
- hbase.rpc.protection
- Description: Enables or disables transport security encryption. To support
encryption, the auth-conf (privacy) value must be specified. Possible values are:
auth
orauthentication
auth-int
orintegrity
auth-conf
orprivacy
- hbase.ssl.enabled
- Description: Enables or disables SSL encryption for HBase WebUIs.
- hbase.thrift.ssl.enabled
- Description: Enables or disables SSL encryption for HBaseThrift. Works only for
HBaseThrift over http (the
hbase.regionserver.thrift.htt
p property must be set totrue
).
- Hbase.thrift.security.qop
- Description: Enables or disables transport security encryption for HBaseThrift.
Use the
auth-conf
value to support encryption. This property works only for HBaseThrift over sockets (thehbase.regionserver.thrift.http
property must be set tofalse
). Possible values are:auth
auth-int
auth-conf
- hbase.rest.authentication.type
- Description: Defines the AuthenticationHandler to use during user-to-HBaseRest
authentication. The
MultiMechsAuthenticationHandler
supports PAM, MapR SASL, and Kerberos authentication. If this property is not specified, authentication for HBaseRest is disabled.
- hbase.rest.ssl.enabled
- Description: Enables or disables SSL encryption (from client to server and vice versa) for the HBaseRest service.
Impersonation Properties
- hbase.thrift.support.proxyuser
- Description: Enables or disables impersonation for HBaseThrift. Works only for
thrift over http (the
hbase.regionserver.thrift.http
property must be set totrue
).
- hbase.rest.support.proxyuser
- Description: Enables or disables impersonation for HBaseRest.
- hbase.regionserver.thrift.http
- Description: Defines whether to use HBaseThrift over http (if
true
is specified) or over sockets. Used to support impersonation for thrift over http.