Configuring Phoenix Query Server

The HBase configuration provides most of the settings that enable secure Kerberos environments for Phoenix. However, there are additional configuration properties that complete the setup of Kerberos security for the Phoenix Query Server.

To configure Phoenix Query Server using Cloudera Manager:

Minimum Required Role: Cluster Administrator (also provided by Full Administrator)

  1. Go to the HBase service.
  2. Click the Configuration tab.
  3. Select Scope > HBase Cluster (Service-Wide).
  4. Select Category > Security.
  5. Locate the HBase Secure Authentication property or search for it by typing its name in the Search box.
  6. Select kerberos.
  7. Go to the HDFS service.
  8. Click the Configuration tab.
  9. Select Scope > HDFS Cluster (Service-Wide).
  10. Select Category > Advanced.
  11. Locate the HDFS Service Advanced Configuration Snippet (Safety Valve) for hdfs-site.xml property or search for it by typing its name in the Search box.
  12. Click View as XML, and add the following properties:
    <property>
        <name>hadoop.proxyuser.phoenix.hosts</name>
        <value>server1.domain.com,server2.domain.com</value>
        <description>A comma-separated list of fully-qualified 
         domain names of hosts running services with the Hadoop
         user "phoenix" that can impersonate end users.  
         Alternatively, insert an asterisk (*) instead of
         listing host names if you want to allow all hosts to
         impersonate end users.</description>
    </property>
    <property>
        <name>hadoop.proxyuser.phoenix.groups</name>
        <value>group1, group2</value>
        <description>A comma-separated list of groups 
        that the "phoenix" user can impersonate.  
        Alternatively, insert an asterisk (*) instead of
        listing groups if you want to allow users in all groups 
        to be impersonated</description>
    </property>
    
  13. Enter a Reason for change, and then click Save Changes to commit the changes.
  14. Restart the role and service when Cloudera Manager prompts you to restart.