Commit Graph

95 Commits

Author SHA1 Message Date
Duo Zhang 53a7ca794a Revert "HBASE-26813 Remove javax.ws.rs-api dependency (#4191)"
MiniYARNCluster needs it

This reverts commit b1c161ea8e.
2022-03-19 19:45:00 +08:00
Nick Dimiduk b1c161ea8e
HBASE-26813 Remove javax.ws.rs-api dependency (#4191)
This is no longer needed since we've transitioned to the shaded Jersey shipped in
hbase-thirdparty. Also drop supplemental models entry.

Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Andrew Purtell <apurtell@apache.org>
2022-03-16 16:46:15 +01:00
Nick Dimiduk c4ec5230f2
HBASE-25896 Implement a Region Visualization on Master WebUI (#4228)
This is a demonstration of visualization of regions on the cluster. The visualization is a stacked
bar chart showing total storefile size per table per region server, with the x-axis being server
names, the y-axis being storfile size, and the bars stacked per table. The visualization is
generated entirely on the fly from within the browser, implemented using Vega Lite. So far, Vega
appears to handle rendering this visualization for a cluster of over 700 region servers with
approximately 300,000 regions.

Per [0], include an update to the top-level LICENSE.txt. Also update LICENSE files in all binary
distributions (i.e., jars), by way of LICENSE.vm. Vega uses a BSD 3-clause variant without
advertising clause, and as such is a "Category A" license, per [1].

No changes are made to the NOTICE files, as per the existing example of bundling the minified
JQuery, which is also a Category A license.

[0]: https://infra.apache.org/licensing-howto.html
[1]: https://www.apache.org/legal/resolved.html#category-a

Signed-off-by: Andrew Purtell <apurtell@apache.org>
2022-03-15 21:01:57 +01:00
Nick Dimiduk 2507dc1b01 Revert "HBASE-25896 Implement a Region Visualization on Master WebUI"
This reverts commit d76e636da0.
2022-03-15 20:43:46 +01:00
Nick Dimiduk d76e636da0 HBASE-25896 Implement a Region Visualization on Master WebUI
This is a demonstration of visualization of regions on the cluster. The visualization is a stacked
bar chart showing total storefile size per table per region server, with the x-axis being server
names, the y-axis being storfile size, and the bars stacked per table. The visualization is
generated entirely on the fly from within the browser, implemented using Vega Lite. So far, Vega
appears to handle rendering this visualization for a cluster of over 700 region servers with
approximately 300,000 regions.

Per [0], include an update to the top-level LICENSE.txt. Also update LICENSE files in all binary
distributions (i.e., jars), by way of LICENSE.vm. Vega uses a BSD 3-clause variant without
advertising clause, and as such is a "Category A" license, per [1].

No changes are made to the NOTICE files, as per the existing example of bundling the minified
JQuery, which is also a Category A license.

[0]: https://infra.apache.org/licensing-howto.html
[1]: https://www.apache.org/legal/resolved.html#category-a

Signed-off-by: Andrew Purtell <apurtell@apache.org>
2022-03-15 20:31:14 +01:00
Nick Dimiduk be0afbf23a HBASE-25895 Implement a Cluster Metrics JSON endpoint
Publishes a set of JSON endpoints following a RESTful structure, which expose a subset of the
`o.a.h.h.ClusterMetrics` object tree. The URI structure is as follows

    /api/v1/admin/cluster_metrics
    /api/v1/admin/cluster_metrics/live_servers
    /api/v1/admin/cluster_metrics/dead_servers

Signed-off-by: Sean Busbey <busbey@apache.org>
Signed-off-by: Andrew Purtell <apurtell@apache.org>
2022-03-10 14:58:05 +01:00
Andrew Purtell 10471944bd
HBASE-26582 Prune use of Random and SecureRandom objects (#4118)
Avoid the pattern where a Random object is allocated, used once or twice, and
then left for GC. This pattern triggers warnings from some static analysis tools
because this pattern leads to poor effective randomness. In a few cases we were
legitimately suffering from this issue; in others a change is still good to
reduce noise in analysis results.

Use ThreadLocalRandom where there is no requirement to set the seed to gain
good reuse.

Where useful relax use of SecureRandom to simply Random or ThreadLocalRandom,
which are unlikely to block if the system entropy pool is low, if we don't need
crypographically strong randomness for the use case. The exception to this is
normalization of use of Bytes#random to fill byte arrays with randomness.
Because Bytes#random may be used to generate key material it must be backed by
SecureRandom.

Signed-off-by: Duo Zhang <zhangduo@apache.org>
2022-03-08 13:49:02 -08:00
Bri Augenreich b81ddd83bc
HBASE-26745: Include balancer cost metrics in jmx endpoint (#4140)
Signed-off-by: Andrew Purtell <apurtell@apache.org>
2022-03-02 17:38:05 -08:00
Andor Molnár 87f8d9ac4e
HBASE-23303 Add default security headers if SSL is enabled (#4128)
Signed-off-by: Balazs Meszaros <meszibalu@apache.org>
2022-03-02 15:25:57 +01:00
Duo Zhang f6348d4100
HBASE-26709 Ban the usage of junit 3 TestCase (#4065)
Signed-off-by: Nick Dimiduk <ndimiduk@apache.org>
2022-01-27 13:41:48 +08:00
Viraj Jasani 1388ca3270
HBASE-26657 ProfileServlet should move the output location to hbase specific directory (#4022)
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2022-01-11 15:59:44 +05:30
Duo Zhang c14a76c4fd
HBASE-26523 Upgrade hbase-thirdparty dependency to 4.0.1 (#3987)
Signed-off-by: GeorryHuang <huangzhuoyue@apache.org>
2021-12-31 12:08:01 +08:00
Duo Zhang 3f59f21be0
HBASE-26621 Set version as 3.0.0-alpha-3-SNAPSHOT in master (#3978)
Signed-off-by: Peter Somogyi <psomogyi@apache.org>
2021-12-24 14:20:32 +08:00
Duo Zhang e598f2c663 Revert "HBASE-26523 Upgrade hbase-thirdparty dependency to 4.0.0 (#3910)"
Need a new 4.0.1 release

This reverts commit 139f08587a.
2021-12-17 12:25:27 +08:00
Duo Zhang 139f08587a
HBASE-26523 Upgrade hbase-thirdparty dependency to 4.0.0 (#3910)
Signed-off-by: Xiaolin Ha <haxiaolin@apache.org>
2021-12-17 10:22:48 +08:00
Ruanhui 136b1ea7ab
HBASE-26554 Introduce a new parameter in jmx servlet to exclude the specific mbean (#3930)
Signed-off-by: Duo Zhang <zhangduo@apache.org>
2021-12-14 22:50:58 +08:00
Duo Zhang 8bca21b47d
HBASE-26558 Set version as 3.0.0-alpha-2 in master in prep for first RC of 3.0.0-alpha-2 (#3935)
Signed-off-by: Geoffrey Jacoby <gjacoby@apache.org>
2021-12-11 20:52:35 +08:00
Bryan Beaudreault da950b9be2
HBASE-26160: Configurable disallowlist for live editing of loglevels (#3549)
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2021-08-05 09:45:47 +08:00
Duo Zhang 16721239e7
HBASE-26100 Set version as 3.0.0-alpha-2-SNAPSHOT in master (#3508)
Signed-off-by: Yulin Niu <niuyulin@apache.org>
2021-07-20 23:04:08 +08:00
Duo Zhang d30cc27097
HBASE-26081 Copy HBTU to hbase-testing-util, rename the HBTU related classes in hbase-server and mark them as IA.LimitedPrivate (#3478)
Signed-off-by: Michael Stack <stack@apache.org>
2021-07-19 09:29:08 +08:00
Duo Zhang 5118321ec9
HBASE-26059 Set version as 3.0.0-alpha-1 in master in prep for first RC of 3.0.0-alpha-1 (#3453)
Signed-off-by: Pankaj Kumar <pankajkumar@apache.org>
2021-07-02 07:50:41 +08:00
Mate Szalay-Beko 6b81ff94a5
HBASE-25993 Make excluded SSL cipher suites configurable for all Web UIs (#3375)
When starting a jetty http server, one can explicitly exclude certain (unsecure)
SSL cipher suites. This can be especially important, when the HBase cluster
needs to be compliant with security regulations (e.g. FIPS).

Currently it is possible to set the excluded ciphers for the ThriftServer
("hbase.thrift.ssl.exclude.cipher.suites") or for the RestServer
("hbase.rest.ssl.exclude.cipher.suites"), but one can not configure it for the
regular InfoServer started by e.g. the master or region servers.

In this commit I want to introduce a new configuration
"ssl.server.exclude.cipher.list" to configure the excluded cipher suites for the
http server started by the InfoServer. This parameter has the same name and will
work in the same way, as it was already implemented in hadoop (e.g. for hdfs/yarn).
See: HADOOP-12668, HADOOP-14341

Co-authored-by: Mate Szalay-Beko <symat@apache.com>
Signed-off-by: Peter Somogyi <psomogyi@apache.org>
2021-06-10 16:47:54 +02:00
Andrew Purtell 335305e0cf
HBASE-25911 Replace calls to System.currentTimeMillis with EnvironmentEdgeManager.currentTime (#3302)
We introduced EnvironmentEdgeManager as a way to inject alternate clocks
for unit tests. In order for this to be effective, all callers that would
otherwise use System.currentTimeMillis() must call
EnvironmentEdgeManager.currentTime() instead, except the implementers of
EnvironmentEdge.

Signed-off-by: Bharath Vissapragada <bharathv@apache.org>
Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
2021-06-01 09:57:48 -07:00
Nick Dimiduk bc52bca741
HBASE-25770 Http InfoServers should honor gzip encoding when requested (#3159)
Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Josh Elser <elserj@apache.org>
2021-04-15 09:07:13 -07:00
Michael Stack 202b17f4fc HBASE-25685 asyncprofiler2.0 no longer supports svg; wants html (#3079)
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2021-03-22 21:28:32 -07:00
Duo Zhang 87d05334c5
HBASE-25688 Use CustomRequestLog instead of Slf4jRequestLog for jetty (#3075)
Signed-off-by: stack <stack@apache.org>
2021-03-23 08:34:49 +08:00
Duo Zhang ba3610d097
HBASE-19577 Use log4j2 instead of log4j for logging (#1708)
Signed-off-by: stack <stack@apache.org>
2021-03-20 09:21:25 +08:00
Duo Zhang 55a4eca9e6
HBASE-25452 Use MatcherAssert.assertThat instead of org.junit.Assert.assertThat (#2826)
Signed-off-by: Guanghao Zhang <zghao@apache.org>
2020-12-30 09:47:56 +08:00
Andrew Purtell 1726160839
HBASE-24640 Purge use of VisibleForTesting (#2695)
Signed-off-by: Reid Chan <reidchan@apache.org>
Signed-off-by: Nick Dimiduk <ndimiduk@apache.org>
2020-11-25 14:10:12 -08:00
Richard Antal fc3313771d HBASE-24268 REST and Thrift server do not handle the "doAs" parameter case insensitively
Closes #1843

Signed-off-by: Josh Elser <elserj@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-11-24 12:25:19 -05:00
Mate Szalay-Beko 0611ca49ec
HBASE-25267 Add SSL keystore type and truststore related configs for HBase RESTServer (#2642)
HBASE-25267 Make SSL keystore type configurable in HBase RESTServer

In this patch I want to introduce the hbase.rest.ssl.keystore.type parameter,
enabling us to customize the keystore type for the REST server. If the
parameter is not provided, then we should fall-back to the current behaviour
(which assumes keystore type JKS).

This is similar to how we already configure the InfoServer objects with the
ssl.server.keystore.type parameter to set up HTTPS for the various admin UIs.

Signed-off-by: Wellington Chevreuil <wellington.chevreuil@gmail.com>
Signed-off-by: Balazs Meszaros <meszibalu@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-11-12 12:37:43 +01:00
申胜利 9f238bd79e
HBASE-24054 To be safe, jetty's version number should be blocked. 2020-10-05 17:36:13 -07:00
ramkrish86 a3f40287ad
HBASE-25002 Create simple pattern matching query for retrieving metri… (#2370)
* HBASE-25002 Create simple pattern matching query for retrieving metrics matching the pattern

* Address review comments

* Final set of comments addressed

* Address checkstyle comments
2020-09-14 19:07:40 +05:30
Esteban Gutierrez 19b8a2a64a
HBASE-19352 Port HADOOP-10379: Protect authentication cookies with the HttpOnly and Secure flags (#2348)
HBASE-19352 Port HADOOP-10379: Protect authentication cookies with the HttpOnly and Secure flags

Signed-off-by: Sean Busbey <busbey@apache.org>
2020-09-03 13:20:44 -05:00
Duo Zhang 57e49b3959
HBASE-23834 HBase fails to run on Hadoop 3.3.0/3.2.2/3.1.4 due to jetty version mismatch (#2222)
Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Josh Elser <elserj@apache.org>
Signed-off-by: Peter Somogyi <psomogyi@apache.org>
2020-08-25 12:05:52 +08:00
YeChao Chen 82d09904f2
HBASE-24777 InfoServer support ipv6 host and port
Closes #2147

Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-07-27 20:45:45 +05:30
David Manning e614b89c33
HBASE-24657 add unit test for JSONBean.java
Closes #2004

Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-07-02 18:48:02 +05:30
Duo Zhang 8601416ee8
HBASE-24309 Avoid introducing log4j and slf4j-log4j dependencies for modules other than hbase-assembly (#1640)
Signed-off-by: stack <stack@apache.org>
2020-05-12 12:03:30 +08:00
shahrs87 ff85daf1e2
[HBASE-24190] Make kerberos value of hbase.security.authentication property case insensitive (#1687)
Signed-off-by: binlijin <binlijin@gmail.com>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-05-11 10:54:45 +05:30
Duo Zhang fddb2dd65c
HBASE-24310 Use Slf4jRequestLog for hbase-http (#1634)
Signed-off-by: stack <stack@apache.org>
2020-05-08 11:16:18 +08:00
Michael Stack 33eadb5bb1 HBASE-24307 [Flakey Tests] krb server for secure thrift tests throws BindException (#1656)
Move the random free port generate back into hbasecommontestingutility
  from hbasetestingutility.

  Add a create simple kdc server utility that will start a kdc server and
  if a bindexception, create a new one on a new random port in hbase-common.

  Add new BoundSocketMaker helpful when trying to manufacture
  BindExceptions because of port clash.

  Change thrift and http kdc tests to use this new utility (removes
  code duplication around kdc server setup).
2020-05-05 21:36:59 -07:00
Michael Stack 5488124be0 HBASE-24284 [h3/jdk11] REST server won't start Exclude transitive includes of jax-rs 1.x and then explicitly include jax-rs 2.x glassfish impl for REST context when hadoop3. (#1625) 2020-05-05 15:36:01 -07:00
Josh Elser 6eb5cafe34 HBASE-24252 Implement proxyuser/doAs mechanism for hbase-http
copy ProxyUserAuthenticationFilter from Hadoop
add hbase.security.authentication.spnego.kerberos.proxyuser.enable parameter (default false)
wire ProxyUserAuthenticationFilter into HttpServer

Closes #1576

Signed-off-by: Sean Busbey <busbey@apache.org>
Signed-off-by: Josh Elser <elserj@apache.org>
2020-04-27 15:07:55 -04:00
Duo Zhang 1f66806c96
HBASE-24170 Remove hadoop-2.0 profile (#1495)
Signed-off-by: stack <stack@apache.org>
2020-04-16 18:57:40 +08:00
Istvan Toth 94b4101841
HBASE-24197 TestHttpServer.testBindAddress failure with latest jetty (#1524)
use the findPort logic even if the BindException is wrapped in an IOException

Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Jan Hentschel <jan.hentschel@ultratendency.com>
Signed-off-by: Peter Somogyi <psomogyi@apache.org>
2020-04-16 11:51:59 +02:00
Nick Dimiduk 059c189451 HBASE-23829 Get `-PrunSmallTests` passing on JDK11
Signed-off-by: stack <stack@apache.org>
2020-03-16 15:21:37 -07:00
Duo Zhang c5aa2bc121
HBASE-23077 move entirely to spotbugs (#1265)
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-03-12 10:18:09 +08:00
Mark Robert Miller 299b6bebc5
HBASE-23783: Address tests writing and reading SSL/Security files in a common location. (#1116)
This is causing me issues with parallel test runs.

Also allow setting the surefire reports and temp directories via command line.

Signed-off-by: stack <stack@apache.org>
2020-02-04 14:38:56 -08:00
Michael Stack 661abeb730 HBASE-23780 Edit of test classifications (#1109)
These classifications come of running at various fork counts.. A test
may complete quick if low fork count but if it is accessing disk, it
will run much slower if fork count is high. This edit accommodates
some of this phenomenon.

Signed-off-by: Bharath Vissapragada <bharathv@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Jan Hentschel <janh@apache.org>
2020-02-03 10:28:19 -08:00
Josh Elser 8b00f9f0b1 HBASE-17115 Define UI admins via an ACL
The Hadoop AccessControlList allows us to specify admins of the webUI
via a list of users and/or groups. Admins of the WebUI can mutate the
system, potentially seeing sensitive data or modifying the system.

hbase.security.authentication.spnego.admin.users is a comma-separated
list of users who are admins.
hbase.security.authentication.spnego.admin.groups is a comma-separated
list of groups whose membership are admins. Either of these
configuration properties may also contain an asterisk (*) which denotes
"any entity" (e.g user, group).

Previously, when a user was denied from some endpoint that was
designated for admins, they received an HTTP/401. In this case, it is
more correct to return HTTP/403 as they were correctly authenticated,
but they were disallowed from fetching the given resource. This commit
incorporates this change.

hbase.security.authentication.ui.config.protected also exists for users
who have sensitive information stored in the Hadoop service
configuration and want to limit access to this endpoint. By default,
the Hadoop configuration endpoint is not protected and any
authenticated user can access it.

The test is based off of work by Nihal Jain in HBASE-20472.

Co-authored-by: Nihal Jain <nihaljain.cs@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-01-29 16:36:55 -05:00