You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@phoenix.apache.org by st...@apache.org on 2020/05/28 06:51:19 UTC

[phoenix-queryserver] branch master updated: PHOENIX-5904 Add log if the configed kerberos principal login failed

This is an automated email from the ASF dual-hosted git repository.

stoty pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/phoenix-queryserver.git


The following commit(s) were added to refs/heads/master by this push:
     new e2e007f  PHOENIX-5904 Add log if the configed kerberos principal login failed
e2e007f is described below

commit e2e007fca32011229042d88f566711b517870c20
Author: Guanghao Zhang <zh...@xiaomi.com>
AuthorDate: Tue May 19 19:44:11 2020 +0800

    PHOENIX-5904 Add log if the configed kerberos principal login failed
---
 .../apache/phoenix/queryserver/QueryServerProperties.java   |  2 ++
 .../org/apache/phoenix/queryserver/server/QueryServer.java  | 13 +++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java b/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
index 562ca13..35a6dec 100644
--- a/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
+++ b/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java
@@ -38,6 +38,8 @@ public class QueryServerProperties {
             "phoenix.queryserver.dns.interface";
     public static final String QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB =
             "hbase.security.authentication";
+    public static final String QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB =
+            "hadoop.security.authentication";
     public static final String QUERY_SERVER_UGI_CACHE_MAX_SIZE =
             "phoenix.queryserver.ugi.cache.max.size";
     public static final String QUERY_SERVER_UGI_CACHE_INITIAL_SIZE =
diff --git a/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java b/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index b50a44f..d39427a 100644
--- a/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ b/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -191,6 +191,8 @@ public final class QueryServer extends Configured implements Tool, Runnable {
     try {
       final boolean isKerberos = "kerberos".equalsIgnoreCase(getConf().get(
           QueryServerProperties.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB));
+      final boolean isHadoopKerberos = "kerberos".equalsIgnoreCase(getConf().get(
+          QueryServerProperties.QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB));
       final boolean disableSpnego = getConf().getBoolean(QueryServerProperties.QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB,
               QueryServerOptions.DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED);
       String hostname;
@@ -199,6 +201,13 @@ public final class QueryServer extends Configured implements Tool, Runnable {
 
       // handle secure cluster credentials
       if (isKerberos && !disableLogin) {
+        if(!isHadoopKerberos) {
+          LOG.error("HBase and Hadoop security config inconsistent, "
+                  + QueryServerProperties.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB
+                  + " was configured as kerberos, but "
+                  + QueryServerProperties.QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB + " not!");
+          return -1;
+        }
         hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
             getConf().get(QueryServerProperties.QUERY_SERVER_DNS_INTERFACE_ATTRIB, "default"),
             getConf().get(QueryServerProperties.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, "default")));
@@ -210,10 +219,10 @@ public final class QueryServer extends Configured implements Tool, Runnable {
         }
         SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
             QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
-        LOG.info("Login successful.");
+        LOG.info("Kerberos login successful.");
       } else {
         hostname = InetAddress.getLocalHost().getHostName();
-        LOG.info(" Kerberos is off and hostname is : "+hostname);
+        LOG.info("Kerberos is off and hostname is : " + hostname);
       }
 
       int port = getConf().getInt(QueryServerProperties.QUERY_SERVER_HTTP_PORT_ATTRIB,