You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Wellington Chevreuil (Jira)" <ji...@apache.org> on 2021/08/26 10:08:00 UTC
[jira] [Resolved] (HBASE-26204) VerifyReplication should obtain
token for peerQuorumAddress too
[ https://issues.apache.org/jira/browse/HBASE-26204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wellington Chevreuil resolved HBASE-26204.
------------------------------------------
Resolution: Fixed
Thanks for the second PR, [~lineyshinya]. Had now merged it on all active base-2 branches.
> VerifyReplication should obtain token for peerQuorumAddress too
> ---------------------------------------------------------------
>
> Key: HBASE-26204
> URL: https://issues.apache.org/jira/browse/HBASE-26204
> Project: HBase
> Issue Type: Bug
> Affects Versions: 3.0.0-alpha-1, 2.3.6, 2.4.5
> Reporter: Shinya Yoshida
> Assignee: Shinya Yoshida
> Priority: Major
> Fix For: 2.5.0, 3.0.0-alpha-2, 2.4.6, 2.3.7
>
>
> VerifyReplication accepts peerQuorumAddress itself via command parameter instead of getting it from peerid of source cluster.
> [https://github.com/apache/hbase/commit/b322d0a3e552dc228893408161fd3fb20f6b8bf1#diff-0307194efcf6a3ad4a4d73bd4b6ef34a9be5c436c8e970ca97fa146b2f0aa486]
> https://issues.apache.org/jira/browse/HBASE-21201
> {code:java}
> if (peerId != null) {
> assert peerConfigPair != null;
> Configuration peerClusterConf = peerConfigPair.getSecond();
> // Obtain the auth token from peer cluster
> TableMapReduceUtil.initCredentialsForCluster(job, peerClusterConf);
> }
> {code}
> In this patch, credential for job is obtained when peerid is provided only.
> Thus we cannot get the benefit of HBASE-21201 for secure hbase cluster as a destination.
> {code:java}
> hbase VerifyReplication \
> -D verifyrep.peer.hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
> -D verifyrep.peer.hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
> ... \
> secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b \
> table
> {code}
> Assume this execution, VerifyReplication should obtain token from secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b using hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM and hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM, so that VerifyReplication mapper can scan from the secure cluster B.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)