HBase Configuration Properties

This section describes and shows examples of the configuration properties used in the hbase-site.xml file.

Basic Properties

Hbase.rootdir
Description: Specifies where the HBase data is stored. If not specified, by default HBase uses the /tmp/ local folder. It is possible to use the local file system or a remote file system instance.
Example:
<property>
    <name>hbase.rootdir</name>
    <value>maprfs:///hbase</value>
</property>
HBase.cluster.distributed
Description: The mode the cluster will be in. Possible values are false for standalone mode and true for distributed mode. If false, startup runs all HBase and ZooKeeper daemons together in the one JVM. Default: false.
Example:
<property>
    <name>hbase.cluster.distributed</name>
    <value>true</value>
</property>
Hbase.zookeeper.quorum
Description: Comma-separated list of servers in the ZooKeeper ensemble. For example, host1.mydomain.com,host2.mydomain.com,host3.mydomain.com. By default this property is set to localhost for local and pseudo-distributed modes of operation. For a fully-distributed setup, this property should be set to a full list of ZooKeeper ensemble servers. If HBASE_MANAGES_ZK is set in hbase-env.sh, this is the list of servers that HBase will start or stop ZooKeeper on as part of cluster start or stop. Client-side, we will take this list of ensemble members and put it together with the hbase.zookeeper.property.clientPort config. and pass it into the Zookeeper constructor as the connectString parameter. Port could be specified together with hosts. In this case, the hbase.zookeeper.property.clientPort configuration is useless.
Example:
<property>
    <name>hbase.zookeeper.quorum</name>
    <value>node11.cluster.com:5181</value>
</property>
Dfs.support.append
Description: Specifies whether DFS allows appends to files.
Example:
<property>
    <name>dfs.support.append</name>
    <value>true</value>
</property>
Hbase.fsutil.maprfs.impl
Description: Specifies the FSUtil class (the utility methods for interacting with the underlying file system) used in HBase.
Example:
<property>
    <name>hbase.fsutil.maprfs.impl</name>
    <value>org.apache.hadoop.hbase.util.FSMapRUtils</value>
</property>
Hbase.regionserver.handler.count
Description: Sets the count of RPC Listener instances spun up on RegionServers. The same property is used by the Master for a count of master handlers. Too many handlers can be counter-productive. Make it a multiple of the CPU count. If mostly read-only, handlers count close to CPU count does well. Start with twice the CPU count and tune from there. Default: 30.
Example:
<property>
    <name>hbase.regionserver.handler.count</name>
    <value>30</value>
</property>
Fs.mapr.threads
Description: Controls currency in the HPE Ezmeral Data Fabric Database client.
Example:
<property>
    <name>fs.mapr.threads</name>
    <value>64</value>
</property>
Mapr.hbase.default.db
Description: Specifies whether to use HBase or the HPE Ezmeral Data Fabric Database client. Possible values are hbase and maprdb.
Example:
<property>
    <name>mapr.hbase.default.db</name>
    <value>hbase</value>
</property>

Security Properties

To support authorization, four properties must be enabled:
  • hbase.security.authorization
  • hbase.security.exec.permission.checks
  • hbase.coprocessor.master.classes
  • hbase.coprocessor.region.classes
If any one of them is missing, authorization will not be fully supported.
Hbase.security.authorizaation
Description: Specifies whether authorization is enabled or not.
Example:
<property>
    <name>hbase.security.authorization</name>
    <value>true</value>
</property>
Hbase.security.exec.permission.checks
Description: Without this option, all users continue to have access to execute endpoint coprocessors. This option is not enabled when you enable HBase Secure Authorization for backward compatibility.
Example:
<property>
    <name>hbase.security.exec.permission.checks</name>
    <value>true</value>
</property>
hbase.coprocessor.master.classes
Description: A comma-separated list of coprocessors that are loaded by the master (MasterObserver coprocessors). The AccessController has to be active to support authorization.
Example:
<property>
    <name>hbase.coprocessor.master.classes</name>
    <value>org.apache.hadoop.hbase.security.access.
    AccessController</value>
</property>
Hbase.coprocessor.region.classes
Description: A comma-separated list of RegionObserver and Endpoint coprocessors. TokenProvider and AccessController must be active to support authorization.
Example:
<property>
  <name>hbase.coprocessor.region.classes</name>
    <value>org.apache.hadoop.hbase.security.token.TokenProvider.
    org.apache.hadoop.hbase.security.access.AccessController</value>
</property>

Authentication and Encryption Properties

hbase.security.authentication
Description: Defines whether to use SASL mechanisms in HBase to authenticate RPC connections from clients to HBase Master and RegionServer. Also defines whether to support authentication for HBaseThrift. Specifying maprsasl enables authentication for HBaseThrift over http.
Example:
<property>
    <name>hbase.security.authentication</name>
    <value>maprsasl</value>
</property>
hbase.security.token.authentication.method
Description: Enables SCRAM as a token authentication method. For FIPS-enabled nodes, running /opt/mapr/server/configure.sh automatically adds this property to hbase-site.xml. In clusters with a mix of FIPS and non-FIPS nodes, you must manually add this property to non-FIPS nodes.
Example:
<property>
  <name>hbase.security.token.authentication.method</name>
  <value>SCRAM-SHA-256</value>
</property>
hbase.rpc.protection
Description: Enables or disables transport security encryption. To support encryption, the auth-conf (privacy) value must be specified. Possible values are:
  • auth or authentication
  • auth-int or integrity
  • auth-conf or privacy
Example:
<property>
    <name>hbase.rpc.protection</name>
    <value>auth-conf</value>
</property>
hbase.ssl.enabled
Description: Enables or disables SSL encryption for HBase WebUIs.
Example:
<property>
    <name>hbase.ssl.enabled</name>
    <value>true</value>
</property>
hbase.thrift.ssl.enabled
Description: Enables or disables SSL encryption for HBaseThrift. Works only for HBaseThrift over http (the hbase.regionserver.thrift.http property must be set to true).
Example:
<property>
    <name>hbase.thrift.ssl.enabled</name>
    <value>true</value>
</property>
Hbase.thrift.security.qop
Description: Enables or disables transport security encryption for HBaseThrift. Use the auth-conf value to support encryption. This property works only for HBaseThrift over sockets (the hbase.regionserver.thrift.http property must be set to false). Possible values are:
  • auth
  • auth-int
  • auth-conf
Example:
<property>
    <name>hbase.thrift.security.qop</name>
    <value>auth-conf</value>
</property>
hbase.rest.authentication.type
Description: Defines the AuthenticationHandler to use during user-to-HBaseRest authentication. The MultiMechsAuthenticationHandler supports PAM, MapR SASL, and Kerberos authentication. If this property is not specified, authentication for HBaseRest is disabled.
Example:
<property>
    <name>hbase.rest.authentication.type</name>
    <value>org.apache.hadoop.security.authentication.server.
    MultiMechsAuthenticationHandler</value>
</property>
hbase.rest.ssl.enabled
Description: Enables or disables SSL encryption (from client to server and vice versa) for the HBaseRest service.
Example:
<property>
    <name>hbase.rest.ssl.enabled</name>
    <value>true</value>
</property>

Impersonation Properties

hbase.thrift.support.proxyuser
Description: Enables or disables impersonation for HBaseThrift. Works only for thrift over http (the hbase.regionserver.thrift.http property must be set to true).
Example:
<property>
    <name>hbase.thrift.support.proxyuser</name>
    <value>true</value>
</property>
hbase.rest.support.proxyuser
Description: Enables or disables impersonation for HBaseRest.
Example:
<property>
    <name>hbase.rest.support.proxyuser</name>
    <value>true</value>
</property>
hbase.regionserver.thrift.http
Description: Defines whether to use HBaseThrift over http (if true is specified) or over sockets. Used to support impersonation for thrift over http.
Example:
<property>
    <name>hbase.regionserver.thrift.http</name>
    <value>true</value>
</property>