in phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java [187:281]
public int run(String[] args) throws Exception {
logProcessInfo(getConf());
final boolean loadBalancerEnabled = getConf().getBoolean(QueryServerProperties.PHOENIX_QUERY_SERVER_LOADBALANCER_ENABLED,
QueryServerOptions.DEFAULT_PHOENIX_QUERY_SERVER_LOADBALANCER_ENABLED);
try {
final boolean isKerberos = "kerberos".equalsIgnoreCase(getConf().get(
QueryServerProperties.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB));
final boolean isHadoopKerberos = "kerberos".equalsIgnoreCase(getConf().get(
QueryServerProperties.QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB));
final boolean disableSpnego = getConf().getBoolean(QueryServerProperties.QUERY_SERVER_SPNEGO_AUTH_DISABLED_ATTRIB,
QueryServerOptions.DEFAULT_QUERY_SERVER_SPNEGO_AUTH_DISABLED);
String hostname;
final boolean disableLogin = getConf().getBoolean(QueryServerProperties.QUERY_SERVER_DISABLE_KERBEROS_LOGIN,
QueryServerOptions.DEFAULT_QUERY_SERVER_DISABLE_KERBEROS_LOGIN);
// handle secure cluster credentials
if (isKerberos && !disableLogin) {
if(!isHadoopKerberos) {
LOG.error("HBase and Hadoop security config inconsistent, "
+ QueryServerProperties.QUERY_SERVER_HBASE_SECURITY_CONF_ATTRIB
+ " was configured as kerberos, but "
+ QueryServerProperties.QUERY_SERVER_HADOOP_SECURITY_CONF_ATTRIB + " not!");
return -1;
}
hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
getConf().get(QueryServerProperties.QUERY_SERVER_DNS_INTERFACE_ATTRIB, "default"),
getConf().get(QueryServerProperties.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, "default")));
if (LOG.isDebugEnabled()) {
LOG.debug("Login to " + hostname + " using " + getConf().get(
QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB)
+ " and principal " + getConf().get(
QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB) + ".");
}
SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
LOG.info("Kerberos login successful.");
} else {
hostname = InetAddress.getLocalHost().getHostName();
LOG.info("Kerberos is off and hostname is : " + hostname);
}
int port = getConf().getInt(QueryServerProperties.QUERY_SERVER_HTTP_PORT_ATTRIB,
QueryServerOptions.DEFAULT_QUERY_SERVER_HTTP_PORT);
LOG.debug("Listening on port " + port);
// Update proxyuser configuration for impersonation
ProxyUsers.refreshSuperUserGroupsConfiguration(getConf());
// Start building the Avatica HttpServer
final HttpServer.Builder<Server>
builder =
HttpServer.Builder.<Server>newBuilder().withPort(port);
UserGroupInformation ugi = getUserGroupInformation();
AvaticaServerConfiguration avaticaServerConfiguration = null;
// RemoteUserCallbacks and RemoteUserExtractor are part of AvaticaServerConfiguration
// Hence they should be customizable when using QUERY_SERVER_CUSTOM_AUTH_ENABLED
// Handlers should be customized via ServerCustomizers
if (getConf().getBoolean(QueryServerProperties.QUERY_SERVER_CUSTOM_AUTH_ENABLED,
QueryServerOptions.DEFAULT_QUERY_SERVER_CUSTOM_AUTH_ENABLED)) {
avaticaServerConfiguration = enableCustomAuth(builder, getConf(), ugi);
} else {
if (isKerberos) {
// Enable client auth when using Kerberos auth for HBase
configureClientAuthentication(builder, disableSpnego, ugi);
}
setRemoteUserExtractorIfNecessary(builder, getConf());
//Avatica doesn't support TLS with custom auth (Why?), hence we only set it in this branch
setTlsIfNeccessary(builder, getConf());
setHandler(args, builder);
}
enableServerCustomizersIfNecessary(builder, getConf(), avaticaServerConfiguration);
// Build and start the HttpServer
server = builder.build();
server.start();
if (loadBalancerEnabled) {
registerToServiceProvider(hostname);
}
runningLatch.countDown();
server.join();
return 0;
} catch (Throwable t) {
LOG.error("Unrecoverable service error. Shutting down.", t);
this.t = t;
return -1;
} finally {
if (loadBalancerEnabled) {
unRegister();
}
}
}