Created 11-06-2015 05:46 PM
Currently Have Hbase protected by Ranger. I am not able to connect to Hbase via Phoenix from an external java client since its picking up my machine userid and that is not an authorized user. Is there a way to pass in the user in phoenix connection url?
Created 11-08-2015 01:06 PM
@Josh Elser @terry@hortonworks.com
Please see this.
[root@nsfed01 ~]# /usr/hdp/2.3.2.0-2950/phoenix/bin/sqlline.py n1:2181:/hbase-unsecure:neeraj
Setting property: [isolation, TRANSACTION_READ_COMMITTED]
issuing: !connect jdbc:phoenix:n1:2181:/hbase-unsecure:neeraj none none org.apache.phoenix.jdbc.PhoenixDriver
Connecting to jdbc:phoenix:n1:2181:/hbase-unsecure:neeraj
15/11/08 05:04:50 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
15/11/08 05:04:51 WARN impl.MetricsConfig: Cannot locate configuration: tried hadoop-metrics2-phoenix.properties,hadoop-metrics2.properties
Connected to: Phoenix (version 4.4)
Driver: PhoenixEmbeddedDriver (version 4.4)
Autocommit status: true
Transaction isolation: TRANSACTION_READ_COMMITTED
Building list of tables and columns for tab-completion (set fastconnect to true to skip)...
93/93 (100%) Done
Done
sqlline version 1.1.8
0: jdbc:phoenix:n1:2181:/hbase-unsecure:neera>
0: jdbc:phoenix:n1:2181:/hbase-unsecure:neera> !list
1 active connection:
#0 open jdbc:phoenix:n1:2181:/hbase-unsecure:neeraj
0: jdbc:phoenix:n1:2181:/hbase-unsecure:neera>
Created 11-06-2015 06:02 PM
Is Kerberos also in play? The docs page here gives an example for connecting with the HBase service principal.
Have you tried a connection URL like?
jdbc:phoenix:<Zookeeper_host_name>:<port_number>:<secured_Zookeeper_node>:<user_name>
Created 11-06-2015 06:14 PM
my cluster is not yet secured. so I have non secure zooker node.
I tried this:
"jdbc:phoenix:<zookeper-host>:2181:/hbase-unsecure:<uid>"
but no luck. would that work with non-secure zookeeper node?
Created 11-06-2015 06:26 PM
It should work even without Kerberos. I'm not sure how the Ranger authorization fits into the picture.
Created 11-08-2015 01:06 PM
@Josh Elser @terry@hortonworks.com
Please see this.
[root@nsfed01 ~]# /usr/hdp/2.3.2.0-2950/phoenix/bin/sqlline.py n1:2181:/hbase-unsecure:neeraj
Setting property: [isolation, TRANSACTION_READ_COMMITTED]
issuing: !connect jdbc:phoenix:n1:2181:/hbase-unsecure:neeraj none none org.apache.phoenix.jdbc.PhoenixDriver
Connecting to jdbc:phoenix:n1:2181:/hbase-unsecure:neeraj
15/11/08 05:04:50 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
15/11/08 05:04:51 WARN impl.MetricsConfig: Cannot locate configuration: tried hadoop-metrics2-phoenix.properties,hadoop-metrics2.properties
Connected to: Phoenix (version 4.4)
Driver: PhoenixEmbeddedDriver (version 4.4)
Autocommit status: true
Transaction isolation: TRANSACTION_READ_COMMITTED
Building list of tables and columns for tab-completion (set fastconnect to true to skip)...
93/93 (100%) Done
Done
sqlline version 1.1.8
0: jdbc:phoenix:n1:2181:/hbase-unsecure:neera>
0: jdbc:phoenix:n1:2181:/hbase-unsecure:neera> !list
1 active connection:
#0 open jdbc:phoenix:n1:2181:/hbase-unsecure:neeraj
0: jdbc:phoenix:n1:2181:/hbase-unsecure:neera>
Created 11-10-2015 02:52 PM
thanks @Neeraj. this helps from the command line, though if I want to do it from java, the client is still picking up the computer username not that one you pass in...
Created 11-11-2015 08:39 PM
Kerberos is your best bet.
Now, without kerberos
You have to login as that particular user to run java program.
example: Based on testing in my lab env.
login as OS user, for example user abc and if you are dealing with ranger then make sure that os user has permission in HBase policies.
Conclusion: Phoenix is picking up OS user as user opening the connection.
Created 11-11-2015 08:42 PM
yep I agree. thanks for the follow up.
Created 11-10-2015 02:57 PM