You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by vo...@apache.org on 2017/07/12 06:48:04 UTC
[04/10] ignite git commit: Visor fails to connect to secure grid
Visor fails to connect to secure grid
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/1b2f5052
Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/1b2f5052
Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/1b2f5052
Branch: refs/heads/ignite-2.1
Commit: 1b2f5052ed34776d14d7614812b78e0aa66c69b1
Parents: 1942db3
Author: Ivan Rakov <iv...@gmail.com>
Authored: Tue Jul 11 14:19:14 2017 +0300
Committer: Alexey Goncharuk <al...@gmail.com>
Committed: Tue Jul 11 14:24:47 2017 +0300
----------------------------------------------------------------------
.../JettyRestProcessorAbstractSelfTest.java | 2 +-
.../cluster/GridClusterStateProcessor.java | 4 ++
.../processors/igfs/IgfsNoopProcessor.java | 11 +++++
.../internal/processors/igfs/IgfsProcessor.java | 12 ++++-
.../processors/igfs/IgfsProcessorAdapter.java | 3 +-
.../processors/rest/GridRestProcessor.java | 47 +++++++++++++++-----
.../processors/task/GridTaskProcessor.java | 18 +++++++-
7 files changed, 80 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java
----------------------------------------------------------------------
diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java
index 2b3c8db..97321a7 100644
--- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java
@@ -1976,7 +1976,7 @@ public abstract class JettyRestProcessorAbstractSelfTest extends AbstractRestPro
/**
* Init cache.
*/
- private void initCache() {
+ protected void initCache() {
CacheConfiguration<Integer, Organization> orgCacheCfg = new CacheConfiguration<>("organization");
orgCacheCfg.setIndexedTypes(Integer.class, Organization.class);
http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
index 8cea13f..6e94669 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
@@ -577,6 +577,10 @@ public class GridClusterStateProcessor extends GridProcessorAdapter {
ctx.dataStructures().onActivate(ctx);
+ ctx.igfs().onActivate(ctx);
+
+ ctx.task().onActivate(ctx);
+
if (log.isInfoEnabled())
log.info("Successfully performed final activation steps [nodeId="
+ ctx.localNodeId() + ", client=" + client + ", topVer=" + req.topologyVersion() + "]");
http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java
index 2dfac90..6816b85 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java
@@ -19,6 +19,7 @@ package org.apache.ignite.internal.processors.igfs;
import java.util.Collection;
import java.util.Collections;
+import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteFileSystem;
import org.apache.ignite.compute.ComputeJob;
import org.apache.ignite.igfs.IgfsPath;
@@ -69,4 +70,14 @@ public class IgfsNoopProcessor extends IgfsProcessorAdapter {
long start, long length, IgfsRecordResolver recRslv) {
return null;
}
+
+ /** {@inheritDoc} */
+ @Override public void onActivate(GridKernalContext kctx) throws IgniteCheckedException {
+ // No-op
+ }
+
+ /** {@inheritDoc} */
+ @Override public void onDeActivate(GridKernalContext kctx) {
+ // No-op
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java
index 244820f..f18c438 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java
@@ -178,7 +178,7 @@ public class IgfsProcessor extends IgfsProcessorAdapter {
/** {@inheritDoc} */
@Override public void onKernalStart(boolean active) throws IgniteCheckedException {
- if (ctx.config().isDaemon())
+ if (!active || ctx.config().isDaemon())
return;
if (!getBoolean(IGNITE_SKIP_CONFIGURATION_CONSISTENCY_CHECK)) {
@@ -192,6 +192,16 @@ public class IgfsProcessor extends IgfsProcessorAdapter {
}
/** {@inheritDoc} */
+ @Override public void onActivate(GridKernalContext kctx) throws IgniteCheckedException {
+ onKernalStart(true);
+ }
+
+ /** {@inheritDoc} */
+ @Override public void onDeActivate(GridKernalContext kctx) {
+ onKernalStop(true);
+ }
+
+ /** {@inheritDoc} */
@Override public void stop(boolean cancel) {
// Stop IGFS instances.
for (IgfsContext igfsCtx : igfsCache.values()) {
http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java
index 8b7f662..c12b0a5 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java
@@ -25,13 +25,14 @@ import org.apache.ignite.igfs.mapreduce.IgfsJob;
import org.apache.ignite.igfs.mapreduce.IgfsRecordResolver;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.processors.GridProcessorAdapter;
+import org.apache.ignite.internal.processors.cluster.IgniteChangeGlobalStateSupport;
import org.apache.ignite.internal.util.ipc.IpcServerEndpoint;
import org.jetbrains.annotations.Nullable;
/**
* Ignite file system processor adapter.
*/
-public abstract class IgfsProcessorAdapter extends GridProcessorAdapter {
+public abstract class IgfsProcessorAdapter extends GridProcessorAdapter implements IgniteChangeGlobalStateSupport {
/**
* Constructor.
*
http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
index f528184..fd5583d 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
@@ -67,6 +67,8 @@ import org.apache.ignite.internal.util.typedef.internal.SB;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.internal.util.worker.GridWorker;
import org.apache.ignite.internal.util.worker.GridWorkerFuture;
+import org.apache.ignite.internal.visor.compute.VisorGatewayTask;
+import org.apache.ignite.internal.visor.misc.VisorChangeGridActiveStateTask;
import org.apache.ignite.internal.visor.util.VisorClusterGroupEmptyException;
import org.apache.ignite.lang.IgniteBiTuple;
import org.apache.ignite.lang.IgniteInClosure;
@@ -241,21 +243,23 @@ public class GridRestProcessor extends GridProcessorAdapter {
SecurityContext secCtx0 = ses.secCtx;
- try {
- if (secCtx0 == null)
- ses.secCtx = secCtx0 = authenticate(req);
+ if (ctx.state().publicApiActiveState() || !isClusterActivateTaskRequest(req)) {
+ try {
+ if (secCtx0 == null)
+ ses.secCtx = secCtx0 = authenticate(req);
- authorize(req, secCtx0);
- }
- catch (SecurityException e) {
- assert secCtx0 != null;
+ authorize(req, secCtx0);
+ }
+ catch (SecurityException e) {
+ assert secCtx0 != null;
- GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage());
+ GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage());
- return new GridFinishedFuture<>(res);
- }
- catch (IgniteCheckedException e) {
- return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage()));
+ return new GridFinishedFuture<>(res);
+ }
+ catch (IgniteCheckedException e) {
+ return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage()));
+ }
}
}
@@ -317,6 +321,25 @@ public class GridRestProcessor extends GridProcessorAdapter {
}
/**
+ * We skip authentication for activate cluster request.
+ * It's necessary workaround to make possible cluster activation through Visor,
+ * as security checks require working caches.
+ *
+ * @param req Request.
+ */
+ private boolean isClusterActivateTaskRequest(GridRestRequest req) {
+ if (req instanceof GridRestTaskRequest) {
+ GridRestTaskRequest taskReq = (GridRestTaskRequest)req;
+
+ if (VisorGatewayTask.class.getCanonicalName().equals(taskReq.taskName()) &&
+ taskReq.params().contains(VisorChangeGridActiveStateTask.class.getCanonicalName()))
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
* @param req Request.
* @return Not null session.
* @throws IgniteCheckedException If failed.
http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
index d0b88d8..4606b7c 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
@@ -61,6 +61,7 @@ import org.apache.ignite.internal.managers.deployment.GridDeployment;
import org.apache.ignite.internal.managers.eventstorage.GridLocalEventListener;
import org.apache.ignite.internal.processors.GridProcessorAdapter;
import org.apache.ignite.internal.processors.cache.IgniteInternalCache;
+import org.apache.ignite.internal.processors.cluster.IgniteChangeGlobalStateSupport;
import org.apache.ignite.internal.util.GridConcurrentFactory;
import org.apache.ignite.internal.util.GridSpinReadWriteLock;
import org.apache.ignite.internal.util.lang.GridPeerDeployAware;
@@ -91,7 +92,7 @@ import static org.apache.ignite.internal.processors.task.GridTaskThreadContextKe
/**
* This class defines task processor.
*/
-public class GridTaskProcessor extends GridProcessorAdapter {
+public class GridTaskProcessor extends GridProcessorAdapter implements IgniteChangeGlobalStateSupport {
/** Wait for 5 seconds to allow discovery to take effect (best effort). */
private static final long DISCO_TIMEOUT = 5000;
@@ -154,6 +155,9 @@ public class GridTaskProcessor extends GridProcessorAdapter {
/** {@inheritDoc} */
@Override public void onKernalStart(boolean active) throws IgniteCheckedException {
+ if (!active)
+ return;
+
tasksMetaCache = ctx.security().enabled() && !ctx.isDaemon() ?
ctx.cache().<GridTaskNameHashKey, String>utilityCache() : null;
@@ -694,7 +698,7 @@ public class GridTaskProcessor extends GridProcessorAdapter {
IgniteCheckedException securityEx = null;
- if (ctx.security().enabled() && deployEx == null) {
+ if (ctx.security().enabled() && deployEx == null && !dep.internalTask(task, taskCls)) {
try {
saveTaskMetadata(taskName);
}
@@ -1144,6 +1148,16 @@ public class GridTaskProcessor extends GridProcessorAdapter {
}
}
+ /** {@inheritDoc} */
+ @Override public void onActivate(GridKernalContext kctx) throws IgniteCheckedException {
+ onKernalStart(true);
+ }
+
+ /** {@inheritDoc} */
+ @Override public void onDeActivate(GridKernalContext kctx) {
+ onKernalStop(true);
+ }
+
/**
* @return Number of executed tasks.
*/