Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.0.0-alpha-1, 2.3.6, 2.4.5
-
None
-
None
-
VerifyReplication obtains tokens even if the peer quorum parameter is used. VerifyReplication with peer quorum can be used for secure clusters also.
Description
VerifyReplication accepts peerQuorumAddress itself via command parameter instead of getting it from peerid of source cluster.
https://issues.apache.org/jira/browse/HBASE-21201
if (peerId != null) {
assert peerConfigPair != null;
Configuration peerClusterConf = peerConfigPair.getSecond();
// Obtain the auth token from peer cluster
TableMapReduceUtil.initCredentialsForCluster(job, peerClusterConf);
}
In this patch, credential for job is obtained when peerid is provided only.
Thus we cannot get the benefit of HBASE-21201 for secure hbase cluster as a destination.
hbase VerifyReplication \ -D verifyrep.peer.hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \ -D verifyrep.peer.hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \ ... \ secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b \ table
Assume this execution, VerifyReplication should obtain token from secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b using hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM and hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM, so that VerifyReplication mapper can scan from the secure cluster B.