[
https://issues.apache.org/jira/browse/PHOENIX-6074?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17186678#comment-17186678
]
Josh Elser commented on PHOENIX-6074:
-------------------------------------
{quote}I'm looking around to find a clean way to solve this issue, one idea
could be to run the indexTool via command line which should spin up a new
process and won't impact PQS directly. But the implementation can be a
complicated and I need to think more about that.
{quote}
Yeah, that is a hard problem. Don't forget that you can't always assume to have
YARN configuration on the PQS classpath to be able to submit a Tool. If you can
guarantee that we're only submitting Jobs to YARN from PQS, I think I'm less
worried (than if we were rebuilding an index table inside PQS itself).
I think as long as you are tracking the tasks that you run, we can at least
understand what PQS has launched. You could make a nice HTML page that
summarizes that PQS is running and on behalf of whom (e.g. who submitted the
request for an IndexTool).
{quote}we can do something like SPENGO to make sure it is available only
available to an authorized user.
{quote}
SPNEGO is just doing authentication in PQS. It does not solve the authorization
problem.
> Let PQS Act As An Admin Tool Rest Endpoint
> ------------------------------------------
>
> Key: PHOENIX-6074
> URL: https://issues.apache.org/jira/browse/PHOENIX-6074
> Project: Phoenix
> Issue Type: Improvement
> Components: queryserver
> Reporter: Mehdi Salarkia
> Assignee: Mehdi Salarkia
> Priority: Minor
>
> In our production environment we need to create a lot of indexes and use
> indexTool to build the index also sometime use tools like indexScrutiny to
> verify the health and status of indexes, etc.
> PQS can act as a REST API end point (proxy) that allows developers to call
> and run commands that phoenix currently support via command line only:
> * IndexTool
> * IndexScrutiny
> Benefits:
> # Allow developers to develop tools in their application to run and
> integrate phoenix command line tools into their application without a human
> intervention.
> # Remove unnecessary access permission to production from non admins.
> # Simplify the Index management (or any other future command line tool that
> will be added to phoenix) and remove the possibility of human error, etc.
> I was looking at the implementation PHOENIX-5827 as an example. I think we
> can simply define a new context and use that to trigger phoenix command line
> tools from PQS and return the result (perhaps the MR job link,...) to the
> client.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
