Configure HBase Master
Edit
$HBASE_CONF_DIR/hbase-site.xml$HBASE_CONF_DIR is the directory to store
the HBase configuration files. For example,
/etc/hbase/conf) :
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
There are no default values. The following are all examples. |
<property>
<name>hbase.master.keytab.file</name>
<value>/etc/security/keytabs/hbase.service.keytab</value>
<description>Full path to the Kerberos keytab file to use
for logging in the configured HMaster server principal.
</description>
</property><property>
<name>hbase.master.kerberos.principal</name>
<value>hbase/_HOST@EXAMPLE.COM</value>
<description>Ex. "hbase/_HOST@EXAMPLE.COM".
The Kerberos principal name that should be used to run the HMaster process.
The principal name should be in the form: user/hostname@DOMAIN.
If "_HOST" is used as the hostname portion,
it will be replaced with the actual hostname of the running instance.
</description>
</property> <property>
<name>hbase.regionserver.keytab.file</name>
<value>/etc/security/keytabs/hbase.service.keytab</value>
<description>Full path to the Kerberos keytab file to use for logging
in the configured HRegionServer server principal.
</description>
</property><property>
<name>hbase.regionserver.kerberos.principal</name>
<value>hbase/_HOST@EXAMPLE.COM</value>
<description>Ex. "hbase/_HOST@EXAMPLE.COM".
The Kerberos principal name that
should be used to run the HRegionServer process.
The
principal name should be in the form:
user/hostname@DOMAIN.
If _HOST
is used as the hostname portion, it will be replaced
with the actual hostname of the running
instance.
An entry for this principal must exist
in the file specified in hbase.regionserver.keytab.file
</description>
</property> <!--Additional configuration specific to HBase security -->
<property>
<name>hbase.superuser</name>
<value>hbase</value>
<description>List of users or groups (comma-separated), who are
allowed full privileges, regardless of stored ACLs, across the cluster.
Only used when HBase security is enabled.
</description>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.token.TokenProvider,
org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,
org.apache.hadoop.hbase.security.access.AccessController </value>
<description>A comma-separated list of Coprocessors that are loaded by default on all tables.
</description>
</property> <property>
<name>hbase.security.authentication</name>
<value>kerberos</value>
</property> <property>
<name>hbase.security.authorization</name>
<value>true</value>
<description>Enables HBase authorization.
Set the value of this property to false to disable HBase authorization.
</description>
</property><property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property> <property>
<name>hbase.bulkload.staging.dir</name>
<value>/apps/hbase/staging</value>
<description>Directory in the default filesystem,
owned by the hbase user, and has permissions(-rwx--x--x, 711) </description>
</property> For
more information on bulk loading in secure mode, see HBase Secure BulkLoad. Note that the
hbase.bulkload.staging.dir is created by
HBase.