Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-10338. Region server fails to start with AccessController coprocessor if installed into RegionServerCoprocessorHost (Vandana Ayyalasomayajula) 

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1558260 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andrew Kyle Purtell 2014-01-15 01:24:05 +00:00
parent 971080fbdb
commit 279e890edd
3 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
View File

@ -622,7 +622,6 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa
abort("Uncaught exception in service thread " + t.getName(), e); abort("Uncaught exception in service thread " + t.getName(), e);
} }
}; };
this.rsHost = new RegionServerCoprocessorHost(this, this.conf);
this.rsInfo = RegionServerInfo.newBuilder(); this.rsInfo = RegionServerInfo.newBuilder();
// Put up the webui. Webui may come up on port other than configured if // Put up the webui. Webui may come up on port other than configured if
@ -839,6 +838,10 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa
// Set our ephemeral znode up in zookeeper now we have a name. // Set our ephemeral znode up in zookeeper now we have a name.
createMyEphemeralNode(); createMyEphemeralNode();
// Initialize the RegionServerCoprocessorHost now that our ephemeral
// node was created, in case any coprocessors want to use ZooKeeper
this.rsHost = new RegionServerCoprocessorHost(this, this.conf);
// Try and register with the Master; tell it we are here. Break if // Try and register with the Master; tell it we are here. Break if
// server is stopped or the clusterup flag is down or hdfs went wacky. // server is stopped or the clusterup flag is down or hdfs went wacky.
while (keepLooping()) { while (keepLooping()) {

8
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
View File

@ -39,6 +39,7 @@ import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.Waiter.Predicate; import org.apache.hadoop.hbase.Waiter.Predicate;
import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException; import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService; import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest; import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest;
@ -62,9 +63,10 @@ public class SecureTestUtil {
public static void enableSecurity(Configuration conf) throws IOException { public static void enableSecurity(Configuration conf) throws IOException {
conf.set("hadoop.security.authorization", "false"); conf.set("hadoop.security.authorization", "false");
conf.set("hadoop.security.authentication", "simple"); conf.set("hadoop.security.authentication", "simple");
conf.set("hbase.coprocessor.master.classes", AccessController.class.getName()); conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
conf.set("hbase.coprocessor.region.classes", AccessController.class.getName()+ conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName() +
","+SecureBulkLoadEndpoint.class.getName()); "," + SecureBulkLoadEndpoint.class.getName());
conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
// The secure minicluster creates separate service principals based on the // The secure minicluster creates separate service principals based on the
// current user's name, one for each slave. We need to add all of these to // current user's name, one for each slave. We need to add all of these to
// the superuser list or security won't function properly. We expect the // the superuser list or security won't function properly. We expect the

15
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -59,6 +59,7 @@ import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner; import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan; import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.coprocessor.CoprocessorService; import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment; import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.ObserverContext; import org.apache.hadoop.hbase.coprocessor.ObserverContext;
@ -157,6 +158,17 @@ public class TestAccessController extends SecureTestUtil {
private static RegionServerCoprocessorEnvironment RSCP_ENV; private static RegionServerCoprocessorEnvironment RSCP_ENV;
private RegionCoprocessorEnvironment RCP_ENV; private RegionCoprocessorEnvironment RCP_ENV;
static void verifyConfiguration(Configuration conf) {
if (!(conf.get(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY)
.contains(AccessController.class.getName())
&& conf.get(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY)
.contains(AccessController.class.getName())
&& conf.get(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY)
.contains(AccessController.class.getName()))) {
throw new RuntimeException("AccessController is missing from a system coprocessor list");
}
}
@BeforeClass @BeforeClass
public static void setupBeforeClass() throws Exception { public static void setupBeforeClass() throws Exception {
// setup configuration // setup configuration
@ -168,6 +180,9 @@ public class TestAccessController extends SecureTestUtil {
"org.apache.hadoop.hbase.master.snapshot.SnapshotLogCleaner"); "org.apache.hadoop.hbase.master.snapshot.SnapshotLogCleaner");
// Enable security // Enable security
SecureTestUtil.enableSecurity(conf); SecureTestUtil.enableSecurity(conf);
// Verify enableSecurity sets up what we require
verifyConfiguration(conf);
// Enable EXEC permission checking // Enable EXEC permission checking
conf.setBoolean(AccessController.EXEC_PERMISSION_CHECKS_KEY, true); conf.setBoolean(AccessController.EXEC_PERMISSION_CHECKS_KEY, true);