Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-26204

VerifyReplication should obtain token for peerQuorumAddress too

VotersStop watchingWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-alpha-1, 2.3.6, 2.4.5
    • Fix Version/s: 2.5.0, 3.0.0-alpha-2, 2.4.6, 2.3.7
    • Component/s: None
    • Labels:
      None
    • Release Note:
      VerifyReplication obtains tokens even if the peer quorum parameter is used. VerifyReplication with peer quorum can be used for secure clusters also.

      Description

      VerifyReplication accepts peerQuorumAddress itself via command parameter instead of getting it from peerid of source cluster.

      https://github.com/apache/hbase/commit/b322d0a3e552dc228893408161fd3fb20f6b8bf1#diff-0307194efcf6a3ad4a4d73bd4b6ef34a9be5c436c8e970ca97fa146b2f0aa486

      https://issues.apache.org/jira/browse/HBASE-21201

       

          if (peerId != null) {
            assert peerConfigPair != null;
            Configuration peerClusterConf = peerConfigPair.getSecond();
            // Obtain the auth token from peer cluster
            TableMapReduceUtil.initCredentialsForCluster(job, peerClusterConf);
          }
      

       In this patch, credential for job is obtained when peerid is provided only.
      Thus we cannot get the benefit of HBASE-21201 for secure hbase cluster as a destination.

      hbase VerifyReplication \
        -D verifyrep.peer.hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
        -D verifyrep.peer.hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
        ... \
        secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b \
        table
      

      Assume this execution, VerifyReplication should obtain token from secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b using hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM and hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM, so that VerifyReplication mapper can scan from the secure cluster B.

        Attachments

          Activity

            People

            • Assignee:
              lineyshinya Shinya Yoshida
              Reporter:
              lineyshinya Shinya Yoshida

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment