Configure Phoenix Query Server

How to configure Phoenix Query Server when setting up Kerberos for non-Ambari clusters.

1. Provide the Kerberos principal and keytab for the Phoenix Query Server in the $HBASE_CONF_DIR/hbase-site.xml file.

   <property>
       <name>phoenix.queryserver.kerberos.principal</name>
       <value>HTTP/_HOST@EXAMPLE.COM</value>
       <description>The Kerberos principal name that should be used to run the Phoenix Query Server process.
       The principal name should be in the form: user/hostname@DOMAIN.  If "_HOST" is used as the hostname
       portion, it will be replaced with the actual hostname of the running instance.
       </description>
   </property>
   
   <property>
       <name>phoenix.queryserver.kerberos.keytab</name>
       <value>/etc/security/keytabs/spnego.service.keytab</value>
       <description>Full path to the Kerberos keytab file to use for logging
       in the configured Phoenix Query Server service principal.
       </description>
   </property>
   

2. Add the fully-qualified domain name for each host running the Phoenix Query Server to the list of hosts that can impersonate end users in the $HADOOP_CONF_DIR/core-site.xml file. Alternatively, insert an asterisk (*) instead of host names if you want to allow all hosts to impersonate end users.

   <property>
       <name>hadoop.proxyuser.HTTP.hosts</name>
       <value>server1.domain.com,server2.domain.com</value>
       <description>A comma-separated list of fully-qualified 
       domain names of hosts running services with the Hadoop
       user "HTTP" that can impersonate end users.  
       Alternatively, insert an asterisk (*) instead of
       listing host names if you want to allow all hosts to
       impersonate end users.</description>
   </property>