Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-16284 Unauthorized client can shutdown the cluster

This commit is contained in:
Deokwoo Han 2016-07-29 11:07:51 +09:00 committed by Jerry He
parent 379b86c5df
commit eef6a4834a
4 changed files with 62 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
View File

@ -2176,7 +2176,11 @@ public class HMaster extends HRegionServer implements MasterServices {
getLoadedCoprocessors()); getLoadedCoprocessors());
} }
if (t != null) LOG.fatal(msg, t); if (t != null) LOG.fatal(msg, t);
try {
stopMaster(); stopMaster();
} catch (IOException e) {
LOG.error("Exception occurred while stopping master", e);
}
} }
@Override @Override
@ -2218,13 +2222,9 @@ public class HMaster extends HRegionServer implements MasterServices {
return rsFatals; return rsFatals;
} }
public void shutdown() { public void shutdown() throws IOException {
if (cpHost != null) { if (cpHost != null) {
try {
cpHost.preShutdown(); cpHost.preShutdown();
} catch (IOException ioe) {
LOG.error("Error call master coprocessor preShutdown()", ioe);
}
} }
if (this.serverManager != null) { if (this.serverManager != null) {
@ -2239,13 +2239,9 @@ public class HMaster extends HRegionServer implements MasterServices {
} }
} }
public void stopMaster() { public void stopMaster() throws IOException {
if (cpHost != null) { if (cpHost != null) {
try {
cpHost.preStopMaster(); cpHost.preStopMaster();
} catch (IOException ioe) {
LOG.error("Error call master coprocessor preStopMaster()", ioe);
}
} }
stop("Stopped by " + Thread.currentThread().getName()); stop("Stopped by " + Thread.currentThread().getName());
} }

11
hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
View File

@ -92,6 +92,7 @@ import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.Repor
import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest; import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest;
import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse; import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse;
import org.apache.hadoop.hbase.regionserver.RSRpcServices; import org.apache.hadoop.hbase.regionserver.RSRpcServices;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.AccessController; import org.apache.hadoop.hbase.security.access.AccessController;
import org.apache.hadoop.hbase.security.visibility.VisibilityController; import org.apache.hadoop.hbase.security.visibility.VisibilityController;
@ -1204,7 +1205,12 @@ public class MasterRpcServices extends RSRpcServices
public ShutdownResponse shutdown(RpcController controller, public ShutdownResponse shutdown(RpcController controller,
ShutdownRequest request) throws ServiceException { ShutdownRequest request) throws ServiceException {
LOG.info(master.getClientIdAuditPrefix() + " shutdown"); LOG.info(master.getClientIdAuditPrefix() + " shutdown");
try {
master.shutdown(); master.shutdown();
} catch (IOException e) {
LOG.error("Exception occurred in HMaster.shutdown()", e);
throw new ServiceException(e);
}
return ShutdownResponse.newBuilder().build(); return ShutdownResponse.newBuilder().build();
} }
@ -1241,7 +1247,12 @@ public class MasterRpcServices extends RSRpcServices
public StopMasterResponse stopMaster(RpcController controller, public StopMasterResponse stopMaster(RpcController controller,
StopMasterRequest request) throws ServiceException { StopMasterRequest request) throws ServiceException {
LOG.info(master.getClientIdAuditPrefix() + " stop"); LOG.info(master.getClientIdAuditPrefix() + " stop");
try {
master.stopMaster(); master.stopMaster();
} catch (IOException e) {
LOG.error("Exception occurred while stopping master", e);
throw new ServiceException(e);
}
return StopMasterResponse.newBuilder().build(); return StopMasterResponse.newBuilder().build();
} }

11
hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
View File

@ -249,14 +249,23 @@ public class JVMClusterUtil {
JVMClusterUtil.MasterThread activeMaster = null; JVMClusterUtil.MasterThread activeMaster = null;
for (JVMClusterUtil.MasterThread t : masters) { for (JVMClusterUtil.MasterThread t : masters) {
if (!t.master.isActiveMaster()) { if (!t.master.isActiveMaster()) {
try {
t.master.stopMaster(); t.master.stopMaster();
} catch (IOException e) {
LOG.error("Exception occurred while stopping master", e);
}
} else { } else {
activeMaster = t; activeMaster = t;
} }
} }
// Do active after. // Do active after.
if (activeMaster != null) if (activeMaster != null) {
try {
activeMaster.master.shutdown(); activeMaster.master.shutdown();
} catch (IOException e) {
LOG.error("Exception occurred in HMaster.shutdown()", e);
}
}
} }
boolean wasInterrupted = false; boolean wasInterrupted = false;

28
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -94,6 +94,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext;
import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos; import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos;
import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles; import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles;
import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost; import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv; import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv;
import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface; import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface;
@ -331,6 +332,33 @@ public class TestAccessController extends SecureTestUtil {
TEST_TABLE.getNamespaceAsString()).size()); TEST_TABLE.getNamespaceAsString()).size());
} }
@Test (timeout=180000)
public void testUnauthorizedShutdown() throws Exception {
AccessTestAction action = new AccessTestAction() {
@Override public Object run() throws Exception {
HMaster master = TEST_UTIL.getHBaseCluster().getMaster();
master.shutdown();
return null;
}
};
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,
USER_GROUP_WRITE, USER_GROUP_CREATE);
}
@Test (timeout=180000)
public void testUnauthorizedStopMaster() throws Exception {
AccessTestAction action = new AccessTestAction() {
@Override public Object run() throws Exception {
HMaster master = TEST_UTIL.getHBaseCluster().getMaster();
master.stopMaster();
return null;
}
};
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,
USER_GROUP_WRITE, USER_GROUP_CREATE);
}
@Test (timeout=180000) @Test (timeout=180000)
public void testSecurityCapabilities() throws Exception { public void testSecurityCapabilities() throws Exception {
List<SecurityCapability> capabilities = TEST_UTIL.getConnection().getAdmin() List<SecurityCapability> capabilities = TEST_UTIL.getConnection().getAdmin()