HBASE-25875 RegionServer failed to start with IllegalThreadStateException due to race condition in AuthenticationTokenSecretManager (#3250)

* HBASE-25875 RegionServer failed to start with IllegalThreadStateException due to race condition in AuthenticationTokenSecretManager's start & retrievePassword method

Signed-off-by: stack <stack@apache.com>
(cherry picked from commit 2126ec94f0)
This commit is contained in:
Pankaj 2021-05-17 12:17:24 +05:30 committed by Pankaj Kumar
parent 439fd4aff2
commit 1a8d3c3b6b
3 changed files with 31 additions and 4 deletions

View File

@ -252,4 +252,23 @@
<Bug pattern="SC_START_IN_CTOR"/> <Bug pattern="SC_START_IN_CTOR"/>
</Match> </Match>
<Match>
<!--
False positives, NettyRpcServer#start & SimpleRpcServer#start are already synchronized and
there is check to ensure single initialization of authTokenSecretMgr field.
Ignore the warning, see HBASE-25875.
!-->
<Or>
<And>
<Class name="org.apache.hadoop.hbase.ipc.NettyRpcServer"/>
<Method name="start"/>
</And>
<And>
<Class name="org.apache.hadoop.hbase.ipc.SimpleRpcServer"/>
<Method name="start"/>
</And>
</Or>
<Bug pattern="ML_SYNC_ON_UPDATED_FIELD"/>
</Match>
</FindBugsFilter> </FindBugsFilter>

View File

@ -136,8 +136,12 @@ public class NettyRpcServer extends RpcServer {
} }
authTokenSecretMgr = createSecretManager(); authTokenSecretMgr = createSecretManager();
if (authTokenSecretMgr != null) { if (authTokenSecretMgr != null) {
setSecretManager(authTokenSecretMgr); // Start AuthenticationTokenSecretManager in synchronized way to avoid race conditions in
authTokenSecretMgr.start(); // LeaderElector start. See HBASE-25875
synchronized (authTokenSecretMgr) {
setSecretManager(authTokenSecretMgr);
authTokenSecretMgr.start();
}
} }
this.authManager = new ServiceAuthorizationManager(); this.authManager = new ServiceAuthorizationManager();
HBasePolicyProvider.init(conf, authManager); HBasePolicyProvider.init(conf, authManager);

View File

@ -423,8 +423,12 @@ public class SimpleRpcServer extends RpcServer {
} }
authTokenSecretMgr = createSecretManager(); authTokenSecretMgr = createSecretManager();
if (authTokenSecretMgr != null) { if (authTokenSecretMgr != null) {
setSecretManager(authTokenSecretMgr); // Start AuthenticationTokenSecretManager in synchronized way to avoid race conditions in
authTokenSecretMgr.start(); // LeaderElector start. See HBASE-25875
synchronized (authTokenSecretMgr) {
setSecretManager(authTokenSecretMgr);
authTokenSecretMgr.start();
}
} }
this.authManager = new ServiceAuthorizationManager(); this.authManager = new ServiceAuthorizationManager();
HBasePolicyProvider.init(conf, authManager); HBasePolicyProvider.init(conf, authManager);