You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2018/08/11 02:53:05 UTC

hbase git commit: HBASE-21018 RS crashed because AsyncFS was unable to update HDFS data encryption key

Repository: hbase
Updated Branches:
  refs/heads/branch-2.0 a1b690198 -> 9c55577e6


HBASE-21018 RS crashed because AsyncFS was unable to update HDFS data encryption key


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/9c55577e
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/9c55577e
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/9c55577e

Branch: refs/heads/branch-2.0
Commit: 9c55577e612cbe4049f598cd0a9f44e6bdd672ba
Parents: a1b6901
Author: Wei-Chiu Chuang <we...@cloudera.com>
Authored: Mon Aug 6 18:00:58 2018 -0700
Committer: Michael Stack <st...@apache.org>
Committed: Fri Aug 10 19:52:56 2018 -0700

----------------------------------------------------------------------
 .../FanOutOneBlockAsyncDFSOutputSaslHelper.java  | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/9c55577e/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
index ef6c1ca..a56c3d7 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
@@ -367,16 +367,20 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
 
     private final Promise<Void> promise;
 
+    private final DFSClient dfsClient;
+
     private int step = 0;
 
     public SaslNegotiateHandler(Configuration conf, String username, char[] password,
-        Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {
+        Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,
+        DFSClient dfsClient) throws SaslException {
       this.conf = conf;
       this.saslProps = saslProps;
       this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,
         SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));
       this.timeoutMs = timeoutMs;
       this.promise = promise;
+      this.dfsClient = dfsClient;
     }
 
     private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {
@@ -434,6 +438,7 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
 
     private void check(DataTransferEncryptorMessageProto proto) throws IOException {
       if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {
+        dfsClient.clearDataEncryptionKey();
         throw new InvalidEncryptionKeyException(proto.getMessage());
       } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {
         throw new IOException(proto.getMessage());
@@ -737,12 +742,14 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
   }
 
   private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,
-      String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {
+      String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,
+      DFSClient dfsClient) {
     try {
       channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),
         new ProtobufVarint32FrameDecoder(),
         new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),
-        new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));
+        new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,
+            dfsClient));
     } catch (SaslException e) {
       saslPromise.tryFailure(e);
     }
@@ -769,7 +776,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
       }
       doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),
         encryptionKeyToPassword(encryptionKey.encryptionKey),
-        createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);
+        createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,
+          client);
     } else if (!UserGroupInformation.isSecurityEnabled()) {
       if (LOG.isDebugEnabled()) {
         LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr
@@ -794,7 +802,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
           "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);
       }
       doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),
-        buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);
+        buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,
+          client);
     } else {
       // It's a secured cluster using non-privileged ports, but no SASL. The only way this can
       // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare