You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Wellington Chevreuil (Jira)" <ji...@apache.org> on 2021/08/26 10:08:00 UTC

[jira] [Resolved] (HBASE-26204) VerifyReplication should obtain token for peerQuorumAddress too

     [ https://issues.apache.org/jira/browse/HBASE-26204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wellington Chevreuil resolved HBASE-26204.
------------------------------------------
    Resolution: Fixed

Thanks for the second PR, [~lineyshinya]. Had now merged it on all active base-2 branches.

> VerifyReplication should obtain token for peerQuorumAddress too
> ---------------------------------------------------------------
>
>                 Key: HBASE-26204
>                 URL: https://issues.apache.org/jira/browse/HBASE-26204
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 3.0.0-alpha-1, 2.3.6, 2.4.5
>            Reporter: Shinya Yoshida
>            Assignee: Shinya Yoshida
>            Priority: Major
>             Fix For: 2.5.0, 3.0.0-alpha-2, 2.4.6, 2.3.7
>
>
> VerifyReplication accepts peerQuorumAddress itself via command parameter instead of getting it from peerid of source cluster.
> [https://github.com/apache/hbase/commit/b322d0a3e552dc228893408161fd3fb20f6b8bf1#diff-0307194efcf6a3ad4a4d73bd4b6ef34a9be5c436c8e970ca97fa146b2f0aa486]
> https://issues.apache.org/jira/browse/HBASE-21201
>  {code:java}
>     if (peerId != null) {
>       assert peerConfigPair != null;
>       Configuration peerClusterConf = peerConfigPair.getSecond();
>       // Obtain the auth token from peer cluster
>       TableMapReduceUtil.initCredentialsForCluster(job, peerClusterConf);
>     }
> {code}
>  In this patch, credential for job is obtained when peerid is provided only.
> Thus we cannot get the benefit of HBASE-21201 for secure hbase cluster as a destination.
> {code:java}
> hbase VerifyReplication \
>   -D verifyrep.peer.hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
>   -D verifyrep.peer.hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
>   ... \
>   secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b \
>   table
> {code}
> Assume this execution, VerifyReplication should obtain token from secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b using hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM and hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM, so that VerifyReplication mapper can scan from the secure cluster B.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)