HADOOP-14212. Expose SecurityEnabled boolean field in JMX for other services besides NameNode. Contributed by Adam Antal.
This commit is contained in:
parent
44c4928b64
commit
78fb14ba49
|
@ -3142,6 +3142,11 @@ public class DataNode extends ReconfigurableBase
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSecurityEnabled() {
|
||||||
|
return UserGroupInformation.isSecurityEnabled();
|
||||||
|
}
|
||||||
|
|
||||||
public void refreshNamenodes(Configuration conf) throws IOException {
|
public void refreshNamenodes(Configuration conf) throws IOException {
|
||||||
blockPoolManager.refreshNamenodes(conf);
|
blockPoolManager.refreshNamenodes(conf);
|
||||||
}
|
}
|
||||||
|
|
|
@ -146,4 +146,11 @@ public interface DataNodeMXBean {
|
||||||
* @return list of slow disks
|
* @return list of slow disks
|
||||||
*/
|
*/
|
||||||
String getSlowDisks();
|
String getSlowDisks();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets if security is enabled.
|
||||||
|
*
|
||||||
|
* @return true, if security is enabled.
|
||||||
|
*/
|
||||||
|
boolean isSecurityEnabled();
|
||||||
}
|
}
|
||||||
|
|
|
@ -722,6 +722,11 @@ public class SecondaryNameNode implements Runnable,
|
||||||
return NetUtils.getHostPortString(nameNodeAddr);
|
return NetUtils.getHostPortString(nameNodeAddr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSecurityEnabled() {
|
||||||
|
return UserGroupInformation.isSecurityEnabled();
|
||||||
|
}
|
||||||
|
|
||||||
@Override // SecondaryNameNodeInfoMXBean
|
@Override // SecondaryNameNodeInfoMXBean
|
||||||
public long getStartTime() {
|
public long getStartTime() {
|
||||||
return starttime;
|
return starttime;
|
||||||
|
|
|
@ -31,6 +31,13 @@ public interface SecondaryNameNodeInfoMXBean extends VersionInfoMXBean {
|
||||||
*/
|
*/
|
||||||
public String getHostAndPort();
|
public String getHostAndPort();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets if security is enabled.
|
||||||
|
*
|
||||||
|
* @return true, if security is enabled.
|
||||||
|
*/
|
||||||
|
boolean isSecurityEnabled();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the timestamp of when the SNN starts
|
* @return the timestamp of when the SNN starts
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -38,6 +38,8 @@ import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
||||||
import org.apache.hadoop.hdfs.DFSTestUtil;
|
import org.apache.hadoop.hdfs.DFSTestUtil;
|
||||||
import org.apache.hadoop.hdfs.MiniDFSCluster;
|
import org.apache.hadoop.hdfs.MiniDFSCluster;
|
||||||
|
import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.test.GenericTestUtils;
|
import org.apache.hadoop.test.GenericTestUtils;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -49,7 +51,7 @@ import static org.junit.Assert.assertTrue;
|
||||||
/**
|
/**
|
||||||
* Class for testing {@link DataNodeMXBean} implementation
|
* Class for testing {@link DataNodeMXBean} implementation
|
||||||
*/
|
*/
|
||||||
public class TestDataNodeMXBean {
|
public class TestDataNodeMXBean extends SaslDataTransferTestCase {
|
||||||
|
|
||||||
public static final Log LOG = LogFactory.getLog(TestDataNodeMXBean.class);
|
public static final Log LOG = LogFactory.getLog(TestDataNodeMXBean.class);
|
||||||
|
|
||||||
|
@ -117,6 +119,49 @@ public class TestDataNodeMXBean {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testDataNodeMXBeanSecurityEnabled() throws Exception {
|
||||||
|
Configuration simpleConf = new Configuration();
|
||||||
|
Configuration secureConf = createSecureConfig("authentication");
|
||||||
|
|
||||||
|
// get attribute "SecurityEnabled" with simple configuration
|
||||||
|
try (MiniDFSCluster cluster =
|
||||||
|
new MiniDFSCluster.Builder(simpleConf).build()) {
|
||||||
|
List<DataNode> datanodes = cluster.getDataNodes();
|
||||||
|
Assert.assertEquals(datanodes.size(), 1);
|
||||||
|
DataNode datanode = datanodes.get(0);
|
||||||
|
|
||||||
|
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
|
||||||
|
ObjectName mxbeanName = new ObjectName(
|
||||||
|
"Hadoop:service=DataNode,name=DataNodeInfo");
|
||||||
|
|
||||||
|
boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
|
||||||
|
"SecurityEnabled");
|
||||||
|
Assert.assertFalse(securityEnabled);
|
||||||
|
Assert.assertEquals(datanode.isSecurityEnabled(), securityEnabled);
|
||||||
|
}
|
||||||
|
|
||||||
|
// get attribute "SecurityEnabled" with secure configuration
|
||||||
|
try (MiniDFSCluster cluster =
|
||||||
|
new MiniDFSCluster.Builder(secureConf).build()) {
|
||||||
|
List<DataNode> datanodes = cluster.getDataNodes();
|
||||||
|
Assert.assertEquals(datanodes.size(), 1);
|
||||||
|
DataNode datanode = datanodes.get(0);
|
||||||
|
|
||||||
|
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
|
||||||
|
ObjectName mxbeanName = new ObjectName(
|
||||||
|
"Hadoop:service=DataNode,name=DataNodeInfo");
|
||||||
|
|
||||||
|
boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
|
||||||
|
"SecurityEnabled");
|
||||||
|
Assert.assertTrue(securityEnabled);
|
||||||
|
Assert.assertEquals(datanode.isSecurityEnabled(), securityEnabled);
|
||||||
|
}
|
||||||
|
|
||||||
|
// setting back the authentication method
|
||||||
|
UserGroupInformation.setConfiguration(simpleConf);
|
||||||
|
}
|
||||||
|
|
||||||
private static String replaceDigits(final String s) {
|
private static String replaceDigits(final String s) {
|
||||||
return s.replaceAll("[0-9]+", "_DIGITS_");
|
return s.replaceAll("[0-9]+", "_DIGITS_");
|
||||||
|
|
|
@ -22,8 +22,10 @@ import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.fail;
|
import static org.junit.Assert.fail;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.lang.management.ManagementFactory;
|
||||||
import java.security.PrivilegedExceptionAction;
|
import java.security.PrivilegedExceptionAction;
|
||||||
|
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.fs.FileSystem;
|
import org.apache.hadoop.fs.FileSystem;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.fs.permission.FsPermission;
|
import org.apache.hadoop.fs.permission.FsPermission;
|
||||||
|
@ -33,10 +35,12 @@ import org.apache.hadoop.hdfs.MiniDFSCluster;
|
||||||
import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase;
|
import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
||||||
|
import org.junit.Assert;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.rules.ExpectedException;
|
import org.junit.rules.ExpectedException;
|
||||||
|
import javax.management.MBeanServer;
|
||||||
|
import javax.management.ObjectName;
|
||||||
|
|
||||||
public class TestSecureNameNode extends SaslDataTransferTestCase {
|
public class TestSecureNameNode extends SaslDataTransferTestCase {
|
||||||
final static private int NUM_OF_DATANODES = 0;
|
final static private int NUM_OF_DATANODES = 0;
|
||||||
|
@ -117,4 +121,50 @@ public class TestSecureNameNode extends SaslDataTransferTestCase {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test NameNodeStatusMXBean with security enabled and disabled.
|
||||||
|
*
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNameNodeStatusMXBeanSecurityEnabled() throws Exception {
|
||||||
|
Configuration simpleConf = new Configuration();
|
||||||
|
Configuration secureConf = createSecureConfig("authentication");
|
||||||
|
|
||||||
|
// disabling security
|
||||||
|
UserGroupInformation.setConfiguration(simpleConf);
|
||||||
|
|
||||||
|
// get attribute "SecurityEnabled" with simple configuration
|
||||||
|
try (MiniDFSCluster cluster =
|
||||||
|
new MiniDFSCluster.Builder(simpleConf).build()) {
|
||||||
|
cluster.waitActive();
|
||||||
|
NameNode namenode = cluster.getNameNode();
|
||||||
|
|
||||||
|
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
|
||||||
|
ObjectName mxbeanName = new ObjectName(
|
||||||
|
"Hadoop:service=NameNode,name=NameNodeStatus");
|
||||||
|
|
||||||
|
boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
|
||||||
|
"SecurityEnabled");
|
||||||
|
Assert.assertFalse(securityEnabled);
|
||||||
|
Assert.assertEquals(namenode.isSecurityEnabled(), securityEnabled);
|
||||||
|
}
|
||||||
|
|
||||||
|
// get attribute "SecurityEnabled" with secure configuration
|
||||||
|
try (MiniDFSCluster cluster =
|
||||||
|
new MiniDFSCluster.Builder(secureConf).build()) {
|
||||||
|
cluster.waitActive();
|
||||||
|
NameNode namenode = cluster.getNameNode();
|
||||||
|
|
||||||
|
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
|
||||||
|
ObjectName mxbeanName = new ObjectName(
|
||||||
|
"Hadoop:service=NameNode,name=NameNodeStatus");
|
||||||
|
|
||||||
|
boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
|
||||||
|
"SecurityEnabled");
|
||||||
|
Assert.assertTrue(securityEnabled);
|
||||||
|
Assert.assertEquals(namenode.isSecurityEnabled(), securityEnabled);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,8 +25,10 @@ import org.apache.hadoop.fs.FileSystem;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.fs.permission.FsPermission;
|
import org.apache.hadoop.fs.permission.FsPermission;
|
||||||
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
|
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
|
||||||
|
import org.apache.hadoop.metrics2.util.MBeans;
|
||||||
import org.apache.hadoop.security.Credentials;
|
import org.apache.hadoop.security.Credentials;
|
||||||
import org.apache.hadoop.security.SecurityUtil;
|
import org.apache.hadoop.security.SecurityUtil;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.service.CompositeService;
|
import org.apache.hadoop.service.CompositeService;
|
||||||
import org.apache.hadoop.util.ExitUtil;
|
import org.apache.hadoop.util.ExitUtil;
|
||||||
import org.apache.hadoop.util.GenericOptionsParser;
|
import org.apache.hadoop.util.GenericOptionsParser;
|
||||||
|
@ -87,8 +89,8 @@ import java.util.concurrent.ConcurrentMap;
|
||||||
import java.util.concurrent.ConcurrentSkipListMap;
|
import java.util.concurrent.ConcurrentSkipListMap;
|
||||||
import java.util.concurrent.atomic.AtomicBoolean;
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
|
|
||||||
public class NodeManager extends CompositeService
|
public class NodeManager extends CompositeService
|
||||||
implements EventHandler<NodeManagerEvent> {
|
implements EventHandler<NodeManagerEvent>, NodeManagerMXBean {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Node manager return status codes.
|
* Node manager return status codes.
|
||||||
|
@ -470,6 +472,8 @@ public class NodeManager extends CompositeService
|
||||||
throw new YarnRuntimeException("Failed NodeManager login", e);
|
throw new YarnRuntimeException("Failed NodeManager login", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
registerMXBean();
|
||||||
|
|
||||||
super.serviceInit(conf);
|
super.serviceInit(conf);
|
||||||
// TODO add local dirs to del
|
// TODO add local dirs to del
|
||||||
}
|
}
|
||||||
|
@ -947,6 +951,18 @@ public class NodeManager extends CompositeService
|
||||||
LOG.warn("Invalid shutdown event " + event.getType() + ". Ignoring.");
|
LOG.warn("Invalid shutdown event " + event.getType() + ". Ignoring.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Register NodeManagerMXBean.
|
||||||
|
*/
|
||||||
|
private void registerMXBean() {
|
||||||
|
MBeans.register("NodeManager", "NodeManager", this);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSecurityEnabled() {
|
||||||
|
return UserGroupInformation.isSecurityEnabled();
|
||||||
|
}
|
||||||
|
|
||||||
// For testing
|
// For testing
|
||||||
NodeManager createNewNodeManager() {
|
NodeManager createNewNodeManager() {
|
||||||
|
|
|
@ -33,6 +33,7 @@ import org.apache.hadoop.http.HttpServer2;
|
||||||
import org.apache.hadoop.metrics2.MetricsSystem;
|
import org.apache.hadoop.metrics2.MetricsSystem;
|
||||||
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
|
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
|
||||||
import org.apache.hadoop.metrics2.source.JvmMetrics;
|
import org.apache.hadoop.metrics2.source.JvmMetrics;
|
||||||
|
import org.apache.hadoop.metrics2.util.MBeans;
|
||||||
import org.apache.hadoop.net.NetUtils;
|
import org.apache.hadoop.net.NetUtils;
|
||||||
import org.apache.hadoop.security.SecurityUtil;
|
import org.apache.hadoop.security.SecurityUtil;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
@ -140,7 +141,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public class ResourceManager extends CompositeService implements Recoverable {
|
public class ResourceManager extends CompositeService
|
||||||
|
implements Recoverable, ResourceManagerMXBean {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Priority of the ResourceManager shutdown hook.
|
* Priority of the ResourceManager shutdown hook.
|
||||||
|
@ -337,6 +339,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
||||||
addIfService(systemMetricsPublisher);
|
addIfService(systemMetricsPublisher);
|
||||||
rmContext.setSystemMetricsPublisher(systemMetricsPublisher);
|
rmContext.setSystemMetricsPublisher(systemMetricsPublisher);
|
||||||
|
|
||||||
|
registerMXBean();
|
||||||
|
|
||||||
super.serviceInit(this.conf);
|
super.serviceInit(this.conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1600,4 +1604,16 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
||||||
protected RMAppLifetimeMonitor createRMAppLifetimeMonitor() {
|
protected RMAppLifetimeMonitor createRMAppLifetimeMonitor() {
|
||||||
return new RMAppLifetimeMonitor(this.rmContext);
|
return new RMAppLifetimeMonitor(this.rmContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Register ResourceManagerMXBean.
|
||||||
|
*/
|
||||||
|
private void registerMXBean() {
|
||||||
|
MBeans.register("ResourceManager", "ResourceManager", this);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isSecurityEnabled() {
|
||||||
|
return UserGroupInformation.isSecurityEnabled();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue