[jira] [Updated] (HBASE-26204) VerifyReplication should obtain token for peerQuorumAddress too

Tue, 24 Aug 2021 04:19:04 -0700 


     [ 
https://issues.apache.org/jira/browse/HBASE-26204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Wellington Chevreuil updated HBASE-26204:
-----------------------------------------
    Affects Version/s: 3.0.0-alpha-1

> VerifyReplication should obtain token for peerQuorumAddress too
> ---------------------------------------------------------------
>
>                 Key: HBASE-26204
>                 URL: https://issues.apache.org/jira/browse/HBASE-26204
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 3.0.0-alpha-1
>            Reporter: Shinya Yoshida
>            Assignee: Shinya Yoshida
>            Priority: Major
>
> VerifyReplication accepts peerQuorumAddress itself via command parameter 
> instead of getting it from peerid of source cluster.
> [https://github.com/apache/hbase/commit/b322d0a3e552dc228893408161fd3fb20f6b8bf1#diff-0307194efcf6a3ad4a4d73bd4b6ef34a9be5c436c8e970ca97fa146b2f0aa486]
> https://issues.apache.org/jira/browse/HBASE-21201
>  {code:java}
>     if (peerId != null) {
>       assert peerConfigPair != null;
>       Configuration peerClusterConf = peerConfigPair.getSecond();
>       // Obtain the auth token from peer cluster
>       TableMapReduceUtil.initCredentialsForCluster(job, peerClusterConf);
>     }
> {code}
>  In this patch, credential for job is obtained when peerid is provided only.
> Thus we cannot get the benefit of HBASE-21201 for secure hbase cluster as a 
> destination.
> {code:java}
> hbase VerifyReplication \
>   -D 
> verifyrep.peer.hbase.regionserver.kerberos.principal=secure-hbase-b/_h...@example.com
>  \
>   -D 
> verifyrep.peer.hbase.master.kerberos.principal=secure-hbase-b/_h...@example.com
>  \
>   ... \
>   
> secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b
>  \
>   table
> {code}
> Assume this execution, VerifyReplication should obtain token from 
> secure-hbase-b-1.example.com,secure-hbase-b-2.example.com,secure-hbase-b-3.example.com:2181:/hbase-b
>  using hbase.regionserver.kerberos.principal=secure-hbase-b/_h...@example.com 
> and hbase.master.kerberos.principal=secure-hbase-b/_h...@example.com, so that 
> VerifyReplication mapper can scan from the secure cluster B.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to