MapR 5.0 Documentation : Configure a Secure HBase Sink

Configure Flume agents to use Kerberos when you want to write sinks to secure HBase.

  1. Create a keytab file called flume.keytab which contains a principal that matches the Kerberos identity of the user that will be running flume-ng.

    Example
    # kadmin
    : addprinc -randkey username/<FQDN@REALM>
    : ktadd -k /opt/mapr/conf/flume.keytab username/<FQDN@REALM>

    The flume.keytab file must be owned and readable only by the mapr user.

  2. In the flume.conf file, configure the following properties:

    PropertyValueDescription
    <agent>.sinks.<hbaseSink>.kerberosPrincipalusername/FQDN@REALM.COMThe Kerberos identity of the user running flume-ng
    <agent>.sinks.<hbaseSink>.kerberosKeytabpath_to_keytabThe path to a valid keytab file (flume.keytab) for the user running flume-ng

    For additional properties that you may want to configure, see the Apache Flume documentation.

Once Kerberos is enabled, the maprlogin ticket generation is performed implicitly.