Hey Chris -- using localhost definitely won't work. You must use the FQDN in the URL you supply (which must match the FQDN in the principal which PQS is using. I'm not sure why you would be getting an HTTP/404 though. I'd take a look at the PQS logs to see if anything is there. Would be best to not piggy-back on this issue and ask a new question instead. Feel free to tag me there so I'm sure to see it.
thanks will do.
BTW - last piggy-back! - I checked the log (/usr/hadoop/log/hbase/phoenix-hbase-server.log) its giving this,
2016-11-03 15:00:54,679 WARN org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginService: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
Sadly, "Checksum failed" could be for numerous different reasons. You can try to set "-Dsun.security.spnego.debug=true" in PHOENIX_QUERYSERVER_OPTS in hbase-env.sh for lots of debug after a restart of PQS. This will require careful reading and observation (based on principals and hostnames) to figure out what went wrong though.
Which O/S you are using for the KDC server? Is it same as the other cluster servers? If you also use Ranger encryption, there something else step you need to do. try kinit -V -k -t /etc/security/keytabs/spnego.service.keytab HTTP/YOUR_SERVER_DOMAIN@EXAMPLE.COM and hbase shell. if you scan the table like 'scan 'SYSTEM.CATALOG'. then try thin client once again.
I have a question regarding to this...
If I wanna connect to a https url, and I specify the truststore=** after the url, still it will show error
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What else am i missing?
Anyone has a working solution for this I tried pheonixdb but nothing suggested above works currently or I am not using the configs properly
To the best of my knowledge, python-phoenixdb (https://bitbucket.org/lalinsky/python-phoenixdb) does not have support for SPENGO which is implicitly required when a cluster has Kerberos authentication enabled. Please open your own question if you have more information to share.