Database Reference
In-Depth Information
Every HBase cluster has a unique cluster ID stored on the ile system to ensure that it
does not change on restarts. This ID is used with master-master/acyclic replication.
ZooKeeper plays an important role of coordinator in the HBase cluster replication
process. Its coordination activity includes slave cluster registration, initiate
replication, maintaining replication state, handling region server failovers, and so on.
When a master cluster region server initiates a replication source to a slave cluster,
it irst connects to the slave's ZooKeeper ensemble using the provided cluster ID.
It then identiies region servers that are accepting incoming streams of edits to
replicate by scanning the /
hbase
/
replication
/
rs
directory and randomly
choose a subset of them.
If the slave region server does not respond to the RPC made by the master region
server, the master region server will sleep and retry again until it reaches a conigured
number of retries. If the slave region server is still not available, the master cluster
region server will select a new subset of the region server to replicate the data.
Replication coniguration can be done at a column-family level by setting the
replication scope to 1 at table-instantiation time or by altering the table. The same
table name and column-family must exist on the secondary cluster. HBase won't
create it if it doesn't exist, and the replication will fail. For more information on
HBase replication, you can refer to
http://hbase.apache.org/book/cluster_
replication.html
.
Securing HBase
With the default coniguration, HBase does not provide any kind of data security.
Even with the irewalls in place, HBase is not able to differentiate between multiple
users coming from the same client, and uniform data access is provided to all the
users. From HBase Version 0.92 onwards, HBase provides optional support for
both user authentication and authorization. For user authentication, it provides
integration points with Kerberos and for authorization, it provides access an
controller coprocessor.
Kerberos is a networked authentication protocol designed to
provide strong authentication for client/server applications by
using secret-key cryptography. Kerberos uses
Kerberos Key
Distribution Center
(
KDC
) as the authentication server and
access ticket granting server. The setup of KDC is not in the
scope of this topic.
