HBASE-7771 Secure HBase Client in MR job causes tasks to wait forever (Francis and Matteo)
git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1442833 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Zhihong Yu
parent
5dc539e778
commit
6fcae1027d
|
|
@ -199,7 +199,13 @@ public class ZKUtil {
|
||||||
if (System.getProperty("java.security.auth.login.config") != null)
|
if (System.getProperty("java.security.auth.login.config") != null)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
// No keytab specified, no auth
|
||||||
String keytabFilename = conf.get(keytabFileKey);
|
String keytabFilename = conf.get(keytabFileKey);
|
||||||
|
if (keytabFilename == null) {
|
||||||
|
LOG.warn("no keytab specified for: " + keytabFileKey);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
String principalConfig = conf.get(userNameKey, System.getProperty("user.name"));
|
String principalConfig = conf.get(userNameKey, System.getProperty("user.name"));
|
||||||
String principalName = SecurityUtil.getServerPrincipal(principalConfig, hostname);
|
String principalName = SecurityUtil.getServerPrincipal(principalConfig, hostname);
|
||||||
|
|
||||||
|
|
@ -910,7 +916,8 @@ public class ZKUtil {
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
// Master & RSs uses hbase.zookeeper.client.*
|
// Master & RSs uses hbase.zookeeper.client.*
|
||||||
return "kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication"));
|
return("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")) &&
|
||||||
|
conf.get("hbase.zookeeper.client.keytab.file") != null);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node) {
|
private static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node) {
|
||||||
|
|
@ -933,15 +940,6 @@ public class ZKUtil {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void waitForZKConnectionIfAuthenticating(ZooKeeperWatcher zkw)
|
|
||||||
throws InterruptedException {
|
|
||||||
if (isSecureZooKeeper(zkw.getConfiguration())) {
|
|
||||||
LOG.debug("Waiting for ZooKeeperWatcher to authenticate");
|
|
||||||
zkw.saslLatch.await();
|
|
||||||
LOG.debug("Done waiting.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// Node creation
|
// Node creation
|
||||||
//
|
//
|
||||||
|
|
@ -968,7 +966,6 @@ public class ZKUtil {
|
||||||
String znode, byte [] data)
|
String znode, byte [] data)
|
||||||
throws KeeperException {
|
throws KeeperException {
|
||||||
try {
|
try {
|
||||||
waitForZKConnectionIfAuthenticating(zkw);
|
|
||||||
zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode),
|
zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode),
|
||||||
CreateMode.EPHEMERAL);
|
CreateMode.EPHEMERAL);
|
||||||
} catch (KeeperException.NodeExistsException nee) {
|
} catch (KeeperException.NodeExistsException nee) {
|
||||||
|
|
@ -1008,7 +1005,6 @@ public class ZKUtil {
|
||||||
ZooKeeperWatcher zkw, String znode, byte [] data)
|
ZooKeeperWatcher zkw, String znode, byte [] data)
|
||||||
throws KeeperException {
|
throws KeeperException {
|
||||||
try {
|
try {
|
||||||
waitForZKConnectionIfAuthenticating(zkw);
|
|
||||||
zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode),
|
zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode),
|
||||||
CreateMode.PERSISTENT);
|
CreateMode.PERSISTENT);
|
||||||
} catch (KeeperException.NodeExistsException nee) {
|
} catch (KeeperException.NodeExistsException nee) {
|
||||||
|
|
@ -1046,7 +1042,6 @@ public class ZKUtil {
|
||||||
String znode, byte [] data)
|
String znode, byte [] data)
|
||||||
throws KeeperException, KeeperException.NodeExistsException {
|
throws KeeperException, KeeperException.NodeExistsException {
|
||||||
try {
|
try {
|
||||||
waitForZKConnectionIfAuthenticating(zkw);
|
|
||||||
zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode),
|
zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode),
|
||||||
CreateMode.PERSISTENT);
|
CreateMode.PERSISTENT);
|
||||||
Stat stat = zkw.getRecoverableZooKeeper().exists(znode, zkw);
|
Stat stat = zkw.getRecoverableZooKeeper().exists(znode, zkw);
|
||||||
|
|
@ -1080,13 +1075,8 @@ public class ZKUtil {
|
||||||
public static void asyncCreate(ZooKeeperWatcher zkw,
|
public static void asyncCreate(ZooKeeperWatcher zkw,
|
||||||
String znode, byte [] data, final AsyncCallback.StringCallback cb,
|
String znode, byte [] data, final AsyncCallback.StringCallback cb,
|
||||||
final Object ctx) {
|
final Object ctx) {
|
||||||
try {
|
zkw.getRecoverableZooKeeper().getZooKeeper().create(znode, data,
|
||||||
waitForZKConnectionIfAuthenticating(zkw);
|
createACL(zkw, znode), CreateMode.PERSISTENT, cb, ctx);
|
||||||
zkw.getRecoverableZooKeeper().getZooKeeper().create(znode, data,
|
|
||||||
createACL(zkw, znode), CreateMode.PERSISTENT, cb, ctx);
|
|
||||||
} catch (InterruptedException e) {
|
|
||||||
zkw.interruptedException(e);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -1111,7 +1101,6 @@ public class ZKUtil {
|
||||||
String znode = create.getPath();
|
String znode = create.getPath();
|
||||||
try {
|
try {
|
||||||
RecoverableZooKeeper zk = zkw.getRecoverableZooKeeper();
|
RecoverableZooKeeper zk = zkw.getRecoverableZooKeeper();
|
||||||
waitForZKConnectionIfAuthenticating(zkw);
|
|
||||||
if (zk.exists(znode, false) == null) {
|
if (zk.exists(znode, false) == null) {
|
||||||
zk.create(znode, create.getData(), create.getAcl(), CreateMode.fromFlag(create.getFlags()));
|
zk.create(znode, create.getData(), create.getAcl(), CreateMode.fromFlag(create.getFlags()));
|
||||||
}
|
}
|
||||||
|
|
@ -1148,7 +1137,6 @@ public class ZKUtil {
|
||||||
if(znode == null) {
|
if(znode == null) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
waitForZKConnectionIfAuthenticating(zkw);
|
|
||||||
zkw.getRecoverableZooKeeper().create(znode, new byte[0], createACL(zkw, znode),
|
zkw.getRecoverableZooKeeper().create(znode, new byte[0], createACL(zkw, znode),
|
||||||
CreateMode.PERSISTENT);
|
CreateMode.PERSISTENT);
|
||||||
} catch(KeeperException.NodeExistsException nee) {
|
} catch(KeeperException.NodeExistsException nee) {
|
||||||
|
|
|
||||||
|
|
@ -74,12 +74,6 @@ public abstract class ZooKeeperNodeTracker extends ZooKeeperListener {
|
||||||
* or {@link #getData(boolean)} to get the data of the node if it is available.
|
* or {@link #getData(boolean)} to get the data of the node if it is available.
|
||||||
*/
|
*/
|
||||||
public synchronized void start() {
|
public synchronized void start() {
|
||||||
try {
|
|
||||||
ZKUtil.waitForZKConnectionIfAuthenticating(watcher);
|
|
||||||
} catch (InterruptedException e) {
|
|
||||||
throw new IllegalStateException("ZookeeperNodeTracker on " + this.node
|
|
||||||
+ " interuppted while waiting for SASL Authentication", e);
|
|
||||||
}
|
|
||||||
this.watcher.registerListener(this);
|
this.watcher.registerListener(this);
|
||||||
try {
|
try {
|
||||||
if(ZKUtil.watchAndCheckExists(watcher, node)) {
|
if(ZKUtil.watchAndCheckExists(watcher, node)) {
|
||||||
|
|
|
||||||
|
|
@ -342,34 +342,12 @@ public class ZooKeeperWatcher implements Watcher, Abortable, Closeable {
|
||||||
LOG.debug(this.identifier + " connected");
|
LOG.debug(this.identifier + " connected");
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SaslAuthenticated:
|
|
||||||
if (ZKUtil.isSecureZooKeeper(this.conf)) {
|
|
||||||
// We are authenticated, clients can proceed.
|
|
||||||
saslLatch.countDown();
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
case AuthFailed:
|
|
||||||
if (ZKUtil.isSecureZooKeeper(this.conf)) {
|
|
||||||
// We could not be authenticated, but clients should proceed anyway.
|
|
||||||
// Only access to znodes that require SASL authentication will be
|
|
||||||
// denied. The client may never need to access them.
|
|
||||||
saslLatch.countDown();
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
// Abort the server if Disconnected or Expired
|
// Abort the server if Disconnected or Expired
|
||||||
case Disconnected:
|
case Disconnected:
|
||||||
LOG.debug(prefix("Received Disconnected from ZooKeeper, ignoring"));
|
LOG.debug(prefix("Received Disconnected from ZooKeeper, ignoring"));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case Expired:
|
case Expired:
|
||||||
if (ZKUtil.isSecureZooKeeper(this.conf)) {
|
|
||||||
// We consider Expired equivalent to AuthFailed for this
|
|
||||||
// connection. Authentication is never going to complete. The
|
|
||||||
// client should proceed to do cleanup.
|
|
||||||
saslLatch.countDown();
|
|
||||||
}
|
|
||||||
String msg = prefix(this.identifier + " received expired from " +
|
String msg = prefix(this.identifier + " received expired from " +
|
||||||
"ZooKeeper, aborting");
|
"ZooKeeper, aborting");
|
||||||
// TODO: One thought is to add call to ZooKeeperListener so say,
|
// TODO: One thought is to add call to ZooKeeperListener so say,
|
||||||
|
|
|
||||||
|
|
@ -86,7 +86,6 @@ public class TestZooKeeperACL {
|
||||||
zkw = new ZooKeeperWatcher(
|
zkw = new ZooKeeperWatcher(
|
||||||
new Configuration(TEST_UTIL.getConfiguration()),
|
new Configuration(TEST_UTIL.getConfiguration()),
|
||||||
TestZooKeeper.class.getName(), null);
|
TestZooKeeper.class.getName(), null);
|
||||||
ZKUtil.waitForZKConnectionIfAuthenticating(zkw);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue