HBase Configuration Properties

This section describes and shows examples of the configuration properties used in the hbase-site.xml file.

Table 1. HBase Configuration Properties
Category Property Description
Basic Properties Hbase.rootdir Specifies where the HBase data is stored. If not specified, by default HBase uses the /tmp/ local folder. It is possible to use the local file system and MapR Filesystem or a remote MapR Filesystem instance.
<property>
    <name>hbase.rootdir</name>
    <value>maprfs:///hbase</value>
</property>
HBase.cluster.distributed The mode the cluster will be in. Possible values are false for standalone mode and true for distributed mode. If false, startup runs all HBase and ZooKeeper daemons together in the one JVM. Default: false.
<property>
    <name>hbase.cluster.distributed</name>
    <value>true</value>
</property>
Hbase.zookeeper.quorum Comma-separated list of servers in the ZooKeeper ensemble. For example, "host1.mydomain.com,host2.mydomain.com,host3.mydomain.com". By default this property is set to localhost for local and pseudo-distributed modes of operation. For a fully-distributed setup, this property should be set to a full list of ZooKeeper ensemble servers. If HBASE_MANAGES_ZK is set in hbase-env.sh, this is the list of servers that HBase will start or stop ZooKeeper on as part of cluster start or stop. Client-side, we will take this list of ensemble members and put it together with the hbase.zookeeper.property.clientPort config. and pass it into the Zookeeper constructor as the connectString parameter. Port could be specified together with hosts. In this case, the hbase.zookeeper.property.clientPort configuration is useless.
<property>
    <name>hbase.zookeeper.quorum</name>
    <value>node11.cluster.com:5181</value>
</property>
Dfs.support.append Specifies whether DFS allows appends to files.
<property>
    <name>dfs.support.append</name>
    <value>true</value>
</property>
Hbase.fsutil.maprfs.impl Specifies the FSUtil class (the utility methods for interacting with the underlying file system) used in HBase.
<property>
    <name>hbase.fsutil.maprfs.impl</name>
    <value>org.apache.hadoop.hbase.util.FSMapRUtils</value>
</property>
Hbase.regionserver.handler.count Sets the count of RPC Listener instances spun up on RegionServers. The Same property is used by the Master for a count of master handlers. Too many handlers can be counter-productive. Make it a multiple of the CPU count. If mostly read-only, handlers count close to CPU count does well. Start with twice the CPU count and tune from there. Default: 30.
<property>
    <name>hbase.regionserver.handler.count</name>
    <value>30</value>
</property>
Fs.mapr.threads Controls currency in the MapR Database client.
<property>
    <name>fs.mapr.threads</name>
    <value>64</value>
</property>
Mapr.hbase.default.db Specifies whether to use HBase or the MapR Database Client. Possible values are hbase and maprdb.
<property>
    <name>mapr.hbase.default.db</name>
    <value>hbase</value>
</property>
Security Properties* Hbase.security.authorization Specifies whether authorization is enabled or not.
<property>
    <name>hbase.security.authorization</name>
    <value>true</value>
</property>
Hbase.security.exec.permission.checks Without this option, all users continue to have access to execute endpoint coprocessors. This option is not enabled when you enable HBase Secure Authorization for backward compatibility.
<property>
    <name>hbase.security.exec.permission.checks</name>
    <value>true</value>
</property>
hbase.coprocessor.master.classes A comma-separated list of coprocessors that are loaded by the master (MasterObserver coprocessors). The AccessController has to be active to support authorization.
<property>
    <name>hbase.coprocessor.master.classes</name>
    <value>org.apache.hadoop.hbase.security.access.
    AccessController</value>
</property>
Hbase.coprocessor.region.classes A comma-separated list of RegionObserver and Endpoint coprocessors. TokenProvider and AccessController must be active to support authorization.
<property>
  <name>hbase.coprocessor.region.classes</name>
    <value>org.apache.hadoop.hbase.security.token.TokenProvider.
    org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
Authentication and Encryption Properties hbase.security.authentication Defines whether to use SASL mechanisms in HBase to authenticate RPC connections from clients to HBase Master and RegionServer. Also defines whether to support authentication for HBaseThrift. Specifying maprsasl enables authentication for HBaseThrift over http.
<property>
    <name>hbase.security.authentication</name>
    <value>maprsasl</value>
</property>
hbase.rpc.protection Enables or disables transport security encryption. To support encryption, the auth-conf (privacy) value must be specified. Possible values are:
  • auth or authentication
  • auth-int or integrity
  • auth-conf or privacy
<property>
    <name>hbase.rpc.protection</name>
    <value>auth-conf</value>
</property>
hbase.ssl.enabled Enables or disables SSL encryption for HBase WebUIs.
<property>
    <name>hbase.ssl.enabled</name>
    <value>true</value>
</property>
hbase.thrift.ssl.enabled Enables or disables SSL encryption for HBaseThrift. Works only for HBaseThrift over http (the hbase.regionserver.thrift.http property must be set to true).
<property>
    <name>hbase.thrift.ssl.enabled</name>
    <value>true</value>
</property>
Hbase.thrift.security.qop Enables or disables transport security encryption for HBaseThrift. Use the Auth-conf value to support encryption. This property works only for HBaseThrift over sockets (the hbase.regionserver.thrift.http property must be set to false). Possible values are:
  • auth
  • auth-int
  • auth-conf
<property>
    <name>hbase.thrift.security.qop</name>
    <value>auth-conf</value>
</property>
hbase.rest.authentication.type Defines the AuthenticationHandler to use during user-to-HBaseRest authentication. The MultiMechsAuthenticationHandler supports PAM, MapR SASL, and Kerberos authentication. If this property is not specified, authentication for HBaseRest is disabled.
<property>
    <name>hbase.rest.authentication.type</name>
    <value>org.apache.hadoop.security.authentication.server.
    MultiMechsAuthenticationHandler</value>
</property>
hbase.rest.ssl.enabled Enables or disables SSL encryption (from client to server and vice versa) for the HBaseRest service.
<property>
    <name>hbase.rest.ssl.enabled</name>
    <value>true</value>
</property>
Impersonation Properties hbase.thrift.support.proxyuser Enables or disables impersonation for HBaseThrift. Works only for thrift over http (the hbase.regionserver.thrift.http property must be set to true).
<property>
    <name>hbase.thrift.support.proxyuser</name>
    <value>true</value>
</property>
hbase.rest.support.proxyuser Enables or disables impersonation for HBaseRest.
<property>
    <name>hbase.rest.support.proxyuser</name>
    <value>true</value>
</property>
hbase.regionserver.thrift.http Defines whether to use HBaseThrift over http (if true is specified) or over sockets. Used to support impersonation for thrift over http.
<property>
    <name>hbase.regionserver.thrift.http</name>
    <value>true</value>
</property>
*To support authorization, four properties must be enabled:
  • hbase.security.authorization
  • hbase.security.exec.permission.checks
  • hbase.coprocessor.master.classes
  • hbase.coprocessor.region.classes
If any of them is missing, authorization will not be fully supported.