HBase无法给用户赋权的解决方案

HBase无法给用户赋权，并报错。

问题背景描述：

测试环境，hdfs被format过。很多基于hdfs的环境都受到了影响。hbase也受到了影响。但是hbase在master启动的过程中，只要hdfs上有/hbase目录

建表之后，在赋权的时候，发现有错误

hbase(main):001:0>  user_permission User Namespace,Table,Family,Qualifier:Permission ERROR: DISABLED: Security features are not available hbase(main):001:0> grant 'test_user', 'RWXCA' , 'test_table' ERROR: DISABLED: Security features are not available Here is some help for this command: Grant users specific rights. Syntax : grant <user>, <permissions> [, <@namespace> [, <table> [, <column family> [, <column qualifier>]]] hbase(main):002:0> hbase:acl NoMethodError: undefined method `hbase' for #<Object:0x2a37210>

2.以开始以为语法有错误，不会啊，很简单的语法。经过测试几个命令发现，但凡和权限相关的命令，都失败了

百度到一些建议，需要检查参数，在确认下面几个参数都设置正确的情况下，问题依旧

hbase.master.keytab.file hbase.master.kerberos.principal hbase.regionserver.keytab.file hbase.regionserver.kerberos.principal hbase.coprocessor.master.classes hbase.coprocessor.region.classes hbase.security.authorization

3.百度到以下链接，其中有介绍：

参考链接

https://community.hortonworks.com/questions/50984/security-features-not-available-in-hbase-kerberize.html It seems your hbase:acl table is not created. can you check hbase-site.xml at master side as well it should have:-  <property> <name>hbase.coprocessor.master.classes</name>   <value>org.apache.Hadoop.hbase.security.access.AccessController</value>   </property> try restarting your cluster as postStartMaster step should create this table, once you are able to do scan 'hbase:acl' , you will not see above error "ERROR: DISABLED:Security features are not available"

4.下面这句话，提醒了我，是不是hbase:acl丢失了？

try restarting your cluster as postStartMaster step should create this table, once you are able to do scan 'hbase:acl'

5.一检查，发现真没了

6.正常的情况应该是

7.问题原因找到了，开始找解决办法吧。继续百度（search技术文档，特别怀念google）

如何重建hbase:acl呢？安装过程中hbase并没有任何特殊设置，只要在hdfs上创建一个/hbase目录，启动hbase master就会自动创建需要的文件。为什么重启几次，都没有重新创建这个acl表呢？

查看hbase master log，可以看到错误“The table hbase:acl does not exist in meta but has a znode. run hbck to fix inconsistencies.” 通过命令hbase hbck检查，没有错误。问题也没有解决

2018-02-24 16:41:40,011 INFO  [testserver:16000.activeMasterManager] master.HMaster: Master has completed initialization2018-02-24 16:41:40,016 INFO  [testserver:16000.activeMasterManager] quotas.MasterQuotaManager: Quota support disabled2018-02-24 16:41:40,062 INFO  [testserver:16000.activeMasterManager] master.HMaster: Client=null/null create 'hbase:acl', {NAME => 'l', DATA_BLOCK_ENCODING => 'NONE', BLOOMFILTER => 'NONE', REPLICATION_SCOPE => '0', COMPRESSION => 'NONE', VERSIONS => '1', TTL => 'FOREVER', MIN_VERSIONS => '0', CACHE_DATA_IN_L1 => 'true', KEEP_DELETED_CELLS => 'FALSE', BLOCKSIZE => '8192', IN_MEMORY => 'true', BLOCKCACHE => 'true'}2018-02-24 16:41:40,200 WARN  [ProcedureExecutorThread-1] procedure.CreateTableProcedure: The table hbase:acl does not exist in meta but has a znode. run hbck to fix inconsistencies.2018-02-24 16:41:40,202 ERROR [testserver:16000.activeMasterManager] master.HMaster: Coprocessor postStartMaster() hook failedorg.apache.hadoop.hbase.TableExistsException: hbase:aclat org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.prepareCreate(CreateTableProcedure.java:300)at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.executeFromState(CreateTableProcedure.java:107)at org.apache.hadoop.hbase.master.procedure.CreateTableProcedure.executeFromState(CreateTableProcedure.java:58)at org.apache.hadoop.hbase.procedure2.StateMachineProcedure.execute(StateMachineProcedure.java:107)at org.apache.hadoop.hbase.procedure2.Procedure.doExecute(Procedure.java:427)at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execProcedure(ProcedureExecutor.java:999)at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execLoop(ProcedureExecutor.java:803)at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.execLoop(ProcedureExecutor.java:756)at org.apache.hadoop.hbase.procedure2.ProcedureExecutor.access

8.上面报错，既然已经明确说znode的问题，我们就去检查zookeeper上的情况吧。

确实看到，前面准备赋权，却失败的信息，记录在znode的acl路径下

hbase zkcli [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 3] ls /hbase [meta-region-server, acl, backup-masters, table, draining, region-in-transition, running, table-lock, balancer, master, tokenauth, namespace, hbaseid, online-snapshot, replication, splitWAL, recovering-regions, rs, flush-table-proc] [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 4] ls /hbase/acl [@test_user]

9.在zk上删除/hbase的信息，然后重启hbase整个集群，让hbase自动重建acl表

[zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 6] rmr /hbase [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 7] ls / [alert, kafka-manager-1.3.3.13, rmstore, yarn-leader-election, kafka10-dev2, livy, kafka10, kafka10-dev, dubbo, eos, alert_leader, election, DP, hadoop-ha, zookeeper, leader, user] [zk: 192.168.0.72:2181,192.168.0.73:2181,192.168.0.74:2181(CONNECTED) 8] [hbase@testserver ~]$ exit

10.可以看到，文件已经回来了

[hdfs@testserver ~]$ hdfs dfs -ls /hbase/data/hbase Found 3 items drwxrwx---  - hbase hadoop          0 2018-02-24 17:00 /hbase/data/hbase/acl drwxrwx---  - hbase hadoop          0 2018-02-24 16:59 /hbase/data/hbase/meta drwxrwx---  - hbase hadoop          0 2018-02-24 17:00 /hbase/data/hbase/namespace

11.acl表也可以查看了

hbase(main):004:0> scan 'hbase:acl' ROW                                                COLUMN+CELL test_table                                        column=l:hbase, timestamp=1519463374193, value=RWXCA test_table_01                                      column=l:hbase, timestamp=1519463409831, value=RWXCA user_01                                          column=l:hbase, timestamp=1519463393177, value=RWXCA 3 row(s) in 0.1600 seconds

遇到问题，在理解整体架构原理的情况下，有目的，有范围的一步步检查，终归是可以解决的。