HBASE-29947 Improve CopyTable command usage to execute in secure clusters#7829
Open
srinireddy2020 wants to merge 3 commits intoapache:masterfrom
Open
HBASE-29947 Improve CopyTable command usage to execute in secure clusters#7829srinireddy2020 wants to merge 3 commits intoapache:masterfrom
srinireddy2020 wants to merge 3 commits intoapache:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Improves CopyTable’s CLI help/usage output by adding additional examples aimed at running CopyTable across secure/insecure clusters (including different Kerberos realms).
Changes:
- Add new
CopyTableusage examples showing how to set authentication/principal-related settings when copying across clusters with different security modes. - Include example commands for secure→insecure, cross-realm secure→secure, and insecure→secure scenarios.
Comments suppressed due to low confidence (4)
hbase-mapreduce/src/main/java/org/apache/hadoop/hbase/mapreduce/CopyTable.java:260
- These new examples rely on
--peer.adrand-Dhbase.mapred.output.*overrides. Both are marked deprecated in the codebase (seeCopyTableusage text forpeer.adr, andTableOutputFormat.OUTPUT_CONF_PREFIXwhich is deprecated since 3.0.0 and slated for removal in 4.0.0). To keep the usage future-proof, please update the examples to use--peer.uriand pass any per-cluster overrides via the connection URI query parameters instead ofhbase.mapred.output.*.
System.err.println(
" To copy the data of 'TestTable' between the secured cluster and insecure cluster-b");
System.err.println(" $ hbase org.apache.hadoop.hbase.mapreduce.CopyTable "
+ "-Dhbase.mapred.output.hbase.security.authentication=simple "
+ "--peer.adr=cluster-b-1.example.com,cluster-b-2.example.com,cluster-b-3.example.com:"
+ "2181:/cluster-b" + " TestTable");
hbase-mapreduce/src/main/java/org/apache/hadoop/hbase/mapreduce/CopyTable.java:257
- The example description is ambiguous about direction (“between the secured cluster and insecure cluster-b”), but CopyTable reads from the local cluster and writes to the configured peer. Consider rewording to explicitly state source vs destination (and use consistent terminology like “secure/secured” and “insecure”).
System.err.println(
" To copy the data of 'TestTable' between the secured cluster and insecure cluster-b");
System.err.println(" $ hbase org.apache.hadoop.hbase.mapreduce.CopyTable "
hbase-mapreduce/src/main/java/org/apache/hadoop/hbase/mapreduce/CopyTable.java:265
- Wording/grammar in this example header is a bit hard to parse (“between different realm secured cluster”) and “kerberos” should be capitalized as “Kerberos” in user-facing help text. Please rephrase for clarity (e.g., “between secured clusters in different Kerberos realms”).
System.err.println(" To copy the data of 'TestTable' between different realm secured cluster.");
System.err.println(" Assume cluster-b uses different kerberos principal, "
+ "cluster-b/_HOST@EXAMPLE.COM, for master and regionserver kerberos principal from another "
+ "cluster");
hbase-mapreduce/src/main/java/org/apache/hadoop/hbase/mapreduce/CopyTable.java:275
- Similarly here, “between the insecure cluster and secured cluster-b” doesn’t clarify which side is the local cluster vs the configured peer. Since the command always writes to the peer cluster, consider rewording to make the direction explicit.
System.err.println(
" To copy the data of 'TestTable' between the insecure cluster and secured cluster-b");
System.err.println(" $ hbase org.apache.hadoop.hbase.mapreduce.CopyTable "
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
NihalJain
approved these changes
Mar 23, 2026
pankaj72981
reviewed
Mar 25, 2026
| System.err.println(); | ||
| System.err.println( | ||
| " To copy the data of 'TestTable' from the secured local cluster to an insecure peer cluster" | ||
| + " (cluster-b)"); |
Contributor
There was a problem hiding this comment.
nit:
Can we modify it to "from the secured local cluster to a non-secured peer cluster"
Contributor
Author
There was a problem hiding this comment.
Addressed your comment
srinireddy2020
force-pushed
the
HBASE-29947
branch
from
5d708fb to
2313b0a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improve CopyTable command usage to execute in secure clusters