This is an automated email from the ASF dual-hosted git repository. stoty pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/phoenix-queryserver.git
The following commit(s) were added to refs/heads/master by this push: new e2e007f PHOENIX-5904 Add log if the configed kerberos principal login failed e2e007f is described below commit e2e007fca32011229042d88f566711b517870c20 Author: Guanghao Zhang <zhangguangh...@xiaomi.com> AuthorDate: Tue May 19 19:44:11 2020 +0800 PHOENIX-5904 Add log if the configed kerberos principal login failed --- .../apache/phoenix/queryserver/QueryServerProperties.java | 2 ++ .../org/apache/phoenix/queryserver/server/QueryServer.java | 13 +++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java b/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java index 562ca13..35a6dec 100644 --- a/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java +++ b/queryserver/src/main/java/org/apache/phoenix/queryserver/QueryServerProperties.java @@ -38,6 +38,8 @@ public class QueryServerProperties { "phoenix.queryserver.dns.interface"; public static final String QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB = "hbase.security.authentication"; + public static final String QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB = + "hadoop.security.authentication"; public static final String QUERY_SERVER_UGI_CACHE_MAX_SIZE = "phoenix.queryserver.ugi.cache.max.size"; public static final String QUERY_SERVER_UGI_CACHE_INITIAL_SIZE = diff --git a/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java b/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java index b50a44f..d39427a 100644 --- a/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java +++ b/queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java @@ -191,6 +191,8 @@ public final class QueryServer extends Configured implements Tool, Runnable { try { final boolean isKerberos = "kerberos".equalsIgnoreCase(getConf().get( QueryServerProperties.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB)); + final boolean isHadoopKerberos = "kerberos".equalsIgnoreCase(getConf().get( + QueryServerProperties.QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB)); final boolean disableSpnego = getConf().getBoolean(QueryServerProperties.QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB, QueryServerOptions.DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED); String hostname; @@ -199,6 +201,13 @@ public final class QueryServer extends Configured implements Tool, Runnable { // handle secure cluster credentials if (isKerberos && !disableLogin) { + if(!isHadoopKerberos) { + LOG.error("HBase and Hadoop security config inconsistent, " + + QueryServerProperties.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB + + " was configured as kerberos, but " + + QueryServerProperties.QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB + " not!"); + return -1; + } hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost( getConf().get(QueryServerProperties.QUERY_SERVER_DNS_INTERFACE_ATTRIB, "default"), getConf().get(QueryServerProperties.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, "default"))); @@ -210,10 +219,10 @@ public final class QueryServer extends Configured implements Tool, Runnable { } SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB, QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname); - LOG.info("Login successful."); + LOG.info("Kerberos login successful."); } else { hostname = InetAddress.getLocalHost().getHostName(); - LOG.info(" Kerberos is off and hostname is : "+hostname); + LOG.info("Kerberos is off and hostname is : " + hostname); } int port = getConf().getInt(QueryServerProperties.QUERY_SERVER_HTTP_PORT_ATTRIB,