HBASE-10338. Region server fails to start with AccessController coprocessor if installed into RegionServerCoprocessorHost (Vandana Ayyalasomayajula)
git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1558260 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
971080fbdb
commit
279e890edd
|
@ -622,7 +622,6 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa
|
|||
abort("Uncaught exception in service thread " + t.getName(), e);
|
||||
}
|
||||
};
|
||||
this.rsHost = new RegionServerCoprocessorHost(this, this.conf);
|
||||
|
||||
this.rsInfo = RegionServerInfo.newBuilder();
|
||||
// Put up the webui. Webui may come up on port other than configured if
|
||||
|
@ -839,6 +838,10 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa
|
|||
// Set our ephemeral znode up in zookeeper now we have a name.
|
||||
createMyEphemeralNode();
|
||||
|
||||
// Initialize the RegionServerCoprocessorHost now that our ephemeral
|
||||
// node was created, in case any coprocessors want to use ZooKeeper
|
||||
this.rsHost = new RegionServerCoprocessorHost(this, this.conf);
|
||||
|
||||
// Try and register with the Master; tell it we are here. Break if
|
||||
// server is stopped or the clusterup flag is down or hdfs went wacky.
|
||||
while (keepLooping()) {
|
||||
|
|
|
@ -39,6 +39,7 @@ import org.apache.hadoop.hbase.TableName;
|
|||
import org.apache.hadoop.hbase.Waiter.Predicate;
|
||||
import org.apache.hadoop.hbase.client.HTable;
|
||||
import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException;
|
||||
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
|
||||
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
|
||||
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
|
||||
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest;
|
||||
|
@ -62,9 +63,10 @@ public class SecureTestUtil {
|
|||
public static void enableSecurity(Configuration conf) throws IOException {
|
||||
conf.set("hadoop.security.authorization", "false");
|
||||
conf.set("hadoop.security.authentication", "simple");
|
||||
conf.set("hbase.coprocessor.master.classes", AccessController.class.getName());
|
||||
conf.set("hbase.coprocessor.region.classes", AccessController.class.getName()+
|
||||
","+SecureBulkLoadEndpoint.class.getName());
|
||||
conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
|
||||
conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName() +
|
||||
"," + SecureBulkLoadEndpoint.class.getName());
|
||||
conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
|
||||
// The secure minicluster creates separate service principals based on the
|
||||
// current user's name, one for each slave. We need to add all of these to
|
||||
// the superuser list or security won't function properly. We expect the
|
||||
|
|
|
@ -59,6 +59,7 @@ import org.apache.hadoop.hbase.client.Put;
|
|||
import org.apache.hadoop.hbase.client.Result;
|
||||
import org.apache.hadoop.hbase.client.ResultScanner;
|
||||
import org.apache.hadoop.hbase.client.Scan;
|
||||
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
|
||||
import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
|
||||
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
|
||||
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
|
||||
|
@ -157,6 +158,17 @@ public class TestAccessController extends SecureTestUtil {
|
|||
private static RegionServerCoprocessorEnvironment RSCP_ENV;
|
||||
private RegionCoprocessorEnvironment RCP_ENV;
|
||||
|
||||
static void verifyConfiguration(Configuration conf) {
|
||||
if (!(conf.get(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY)
|
||||
.contains(AccessController.class.getName())
|
||||
&& conf.get(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY)
|
||||
.contains(AccessController.class.getName())
|
||||
&& conf.get(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY)
|
||||
.contains(AccessController.class.getName()))) {
|
||||
throw new RuntimeException("AccessController is missing from a system coprocessor list");
|
||||
}
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void setupBeforeClass() throws Exception {
|
||||
// setup configuration
|
||||
|
@ -168,6 +180,9 @@ public class TestAccessController extends SecureTestUtil {
|
|||
"org.apache.hadoop.hbase.master.snapshot.SnapshotLogCleaner");
|
||||
// Enable security
|
||||
SecureTestUtil.enableSecurity(conf);
|
||||
// Verify enableSecurity sets up what we require
|
||||
verifyConfiguration(conf);
|
||||
|
||||
// Enable EXEC permission checking
|
||||
conf.setBoolean(AccessController.EXEC_PERMISSION_CHECKS_KEY, true);
|
||||
|
||||
|
|
Loading…
Reference in New Issue