You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@phoenix.apache.org by "Karan Mehta (JIRA)" <ji...@apache.org> on 2018/12/14 18:38:00 UTC

[jira] [Commented] (PHOENIX-5067) Support for secure Phoenix cluster in Phref

    [ https://issues.apache.org/jira/browse/PHOENIX-5067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16721671#comment-16721671 ] 

Karan Mehta commented on PHOENIX-5067:
--------------------------------------

Thanks [~gsbiju]

Few changes requested. 
{code:java}
+ logger.debug("Initial URL {}", url);
+ logger.debug("Principal {} keytab {} ", krbPrincipal, krbKeytab);
+ logger.debug("realm {}", krbRealm);
+ if (krbPrincipal != null && krbKeytab != null && krbRealm != null) {
+ logger.debug("URL = {}",url + ":"+zkPort+":"+zkNode+":"+krbPrincipal+":"+krbKeytab);
+ url += ":"+krbPrincipal+":"+krbKeytab;
+ props.setProperty("hadoop.security.authentication","Kerberos");
+ props.setProperty("hbase.security.authentication","Kerberos");
+ props.setProperty("hbase.master.kerberos.principal","hbase/_HOST@"+krbRealm);
+ props.setProperty("hbase.regionserver.kerberos.principal","hbase/_HOST@"+krbRealm);
+ }
+ url += (testEnabled ? ";test=true" : "");{code}
If the user forgets either of the krb parameters, it will print null values. Good to print the log line with connection string at the end to know the exact url. Also the fact that we are concatenating the whole string in logger line, which is not a good idea. Also you might want to define the else part over here to throw any IllegalStateException to user. 

Kerberos stuff also requires the setting of krb5.conf. Are we expecting that users do {{kinit}} manually before they do this? 

 

> Support for secure Phoenix cluster in Phref
> -------------------------------------------
>
>                 Key: PHOENIX-5067
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-5067
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Biju Nair
>            Priority: Minor
>         Attachments: PHOENIX-5067-4.x-HBase-1.1
>
>
> Currently Phoenix performance and functional testing tool {{Phref}} doesn't have options to pass in Kerberos principal and Keytab to connect to a secure (Kerberized) Phoenix cluster. This prevents running the tool against a Kerberized clusters.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)