HBASE-10338. Region server fails to start with AccessController coprocessor if installed into RegionServerCoprocessorHost (Vandana Ayyalasomayajula)

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1558260 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andrew Kyle Purtell 2014-01-15 01:24:05 +00:00
parent 971080fbdb
commit 279e890edd
3 changed files with 24 additions and 4 deletions

View File

@ -622,7 +622,6 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa
abort("Uncaught exception in service thread " + t.getName(), e);
}
};
this.rsHost = new RegionServerCoprocessorHost(this, this.conf);
this.rsInfo = RegionServerInfo.newBuilder();
// Put up the webui. Webui may come up on port other than configured if
@ -839,6 +838,10 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa
// Set our ephemeral znode up in zookeeper now we have a name.
createMyEphemeralNode();
// Initialize the RegionServerCoprocessorHost now that our ephemeral
// node was created, in case any coprocessors want to use ZooKeeper
this.rsHost = new RegionServerCoprocessorHost(this, this.conf);
// Try and register with the Master; tell it we are here. Break if
// server is stopped or the clusterup flag is down or hdfs went wacky.
while (keepLooping()) {

View File

@ -39,6 +39,7 @@ import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.Waiter.Predicate;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest;
@ -62,9 +63,10 @@ public class SecureTestUtil {
public static void enableSecurity(Configuration conf) throws IOException {
conf.set("hadoop.security.authorization", "false");
conf.set("hadoop.security.authentication", "simple");
conf.set("hbase.coprocessor.master.classes", AccessController.class.getName());
conf.set("hbase.coprocessor.region.classes", AccessController.class.getName()+
","+SecureBulkLoadEndpoint.class.getName());
conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName() +
"," + SecureBulkLoadEndpoint.class.getName());
conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
// The secure minicluster creates separate service principals based on the
// current user's name, one for each slave. We need to add all of these to
// the superuser list or security won't function properly. We expect the

View File

@ -59,6 +59,7 @@ import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
@ -157,6 +158,17 @@ public class TestAccessController extends SecureTestUtil {
private static RegionServerCoprocessorEnvironment RSCP_ENV;
private RegionCoprocessorEnvironment RCP_ENV;
static void verifyConfiguration(Configuration conf) {
if (!(conf.get(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY)
.contains(AccessController.class.getName())
&& conf.get(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY)
.contains(AccessController.class.getName())
&& conf.get(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY)
.contains(AccessController.class.getName()))) {
throw new RuntimeException("AccessController is missing from a system coprocessor list");
}
}
@BeforeClass
public static void setupBeforeClass() throws Exception {
// setup configuration
@ -168,6 +180,9 @@ public class TestAccessController extends SecureTestUtil {
"org.apache.hadoop.hbase.master.snapshot.SnapshotLogCleaner");
// Enable security
SecureTestUtil.enableSecurity(conf);
// Verify enableSecurity sets up what we require
verifyConfiguration(conf);
// Enable EXEC permission checking
conf.setBoolean(AccessController.EXEC_PERMISSION_CHECKS_KEY, true);