[jira] [Commented] (PHOENIX-5067) Support for secure Phoenix cluster in Phref

Fri, 14 Dec 2018 10:38:11 -0800 


    [ 
https://issues.apache.org/jira/browse/PHOENIX-5067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16721671#comment-16721671
 ] 

Karan Mehta commented on PHOENIX-5067:
--------------------------------------

Thanks [~gsbiju]

Few changes requested. 
{code:java}
+ logger.debug("Initial URL {}", url);
+ logger.debug("Principal {} keytab {} ", krbPrincipal, krbKeytab);
+ logger.debug("realm {}", krbRealm);
+ if (krbPrincipal != null && krbKeytab != null && krbRealm != null) {
+ logger.debug("URL = {}",url + 
":"+zkPort+":"+zkNode+":"+krbPrincipal+":"+krbKeytab);
+ url += ":"+krbPrincipal+":"+krbKeytab;
+ props.setProperty("hadoop.security.authentication","Kerberos");
+ props.setProperty("hbase.security.authentication","Kerberos");
+ props.setProperty("hbase.master.kerberos.principal","hbase/_HOST@"+krbRealm);
+ 
props.setProperty("hbase.regionserver.kerberos.principal","hbase/_HOST@"+krbRealm);
+ }
+ url += (testEnabled ? ";test=true" : "");{code}
If the user forgets either of the krb parameters, it will print null values. 
Good to print the log line with connection string at the end to know the exact 
url. Also the fact that we are concatenating the whole string in logger line, 
which is not a good idea. Also you might want to define the else part over here 
to throw any IllegalStateException to user. 

Kerberos stuff also requires the setting of krb5.conf. Are we expecting that 
users do {{kinit}} manually before they do this? 

 

> Support for secure Phoenix cluster in Phref
> -------------------------------------------
>
>                 Key: PHOENIX-5067
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-5067
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Biju Nair
>            Priority: Minor
>         Attachments: PHOENIX-5067-4.x-HBase-1.1
>
>
> Currently Phoenix performance and functional testing tool {{Phref}} doesn't 
> have options to pass in Kerberos principal and Keytab to connect to a secure 
> (Kerberized) Phoenix cluster. This prevents running the tool against a 
> Kerberized clusters.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to