Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-26204

VerifyReplication should obtain token for peerQuorumAddress too

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.0.0-alpha-1, 2.3.6, 2.4.5
    • 2.5.0, 3.0.0-alpha-2, 2.4.6, 2.3.7
    • None
    • None
    • VerifyReplication obtains tokens even if the peer quorum parameter is used. VerifyReplication with peer quorum can be used for secure clusters also.

    Description

      VerifyReplication accepts peerQuorumAddress itself via command parameter instead of getting it from peerid of source cluster.

      https://github.com/apache/hbase/commit/b322d0a3e552dc228893408161fd3fb20f6b8bf1#diff-0307194efcf6a3ad4a4d73bd4b6ef34a9be5c436c8e970ca97fa146b2f0aa486

      https://issues.apache.org/jira/browse/HBASE-21201

       

          if (peerId != null) {
            assert peerConfigPair != null;
            Configuration peerClusterConf = peerConfigPair.getSecond();
            // Obtain the auth token from peer cluster
            TableMapReduceUtil.initCredentialsForCluster(job, peerClusterConf);
          }
      

       In this patch, credential for job is obtained when peerid is provided only.
      Thus we cannot get the benefit of HBASE-21201 for secure hbase cluster as a destination.

      hbase VerifyReplication \
        -D verifyrep.peer.hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
        -D verifyrep.peer.hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM \
        ... \
        secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b \
        table
      

      Assume this execution, VerifyReplication should obtain token from secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b using hbase.regionserver.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM and hbase.master.kerberos.principal=secure-hbase-b/_HOST@EXAMPLE.COM, so that VerifyReplication mapper can scan from the secure cluster B.

      Attachments

        There are no Sub-Tasks for this issue.

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            lineyshinya Shinya Yoshida
            lineyshinya Shinya Yoshida
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment