You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2018/08/11 02:53:05 UTC
hbase git commit: HBASE-21018 RS crashed because AsyncFS was unable
to update HDFS data encryption key
Repository: hbase
Updated Branches:
refs/heads/branch-2.0 a1b690198 -> 9c55577e6
HBASE-21018 RS crashed because AsyncFS was unable to update HDFS data encryption key
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/9c55577e
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/9c55577e
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/9c55577e
Branch: refs/heads/branch-2.0
Commit: 9c55577e612cbe4049f598cd0a9f44e6bdd672ba
Parents: a1b6901
Author: Wei-Chiu Chuang <we...@cloudera.com>
Authored: Mon Aug 6 18:00:58 2018 -0700
Committer: Michael Stack <st...@apache.org>
Committed: Fri Aug 10 19:52:56 2018 -0700
----------------------------------------------------------------------
.../FanOutOneBlockAsyncDFSOutputSaslHelper.java | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/9c55577e/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
index ef6c1ca..a56c3d7 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
@@ -367,16 +367,20 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
private final Promise<Void> promise;
+ private final DFSClient dfsClient;
+
private int step = 0;
public SaslNegotiateHandler(Configuration conf, String username, char[] password,
- Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {
+ Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,
+ DFSClient dfsClient) throws SaslException {
this.conf = conf;
this.saslProps = saslProps;
this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,
SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));
this.timeoutMs = timeoutMs;
this.promise = promise;
+ this.dfsClient = dfsClient;
}
private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {
@@ -434,6 +438,7 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
private void check(DataTransferEncryptorMessageProto proto) throws IOException {
if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {
+ dfsClient.clearDataEncryptionKey();
throw new InvalidEncryptionKeyException(proto.getMessage());
} else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {
throw new IOException(proto.getMessage());
@@ -737,12 +742,14 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
}
private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,
- String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {
+ String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,
+ DFSClient dfsClient) {
try {
channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),
new ProtobufVarint32FrameDecoder(),
new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),
- new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));
+ new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,
+ dfsClient));
} catch (SaslException e) {
saslPromise.tryFailure(e);
}
@@ -769,7 +776,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
}
doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),
encryptionKeyToPassword(encryptionKey.encryptionKey),
- createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);
+ createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,
+ client);
} else if (!UserGroupInformation.isSecurityEnabled()) {
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr
@@ -794,7 +802,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
"SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);
}
doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),
- buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);
+ buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,
+ client);
} else {
// It's a secured cluster using non-privileged ports, but no SASL. The only way this can
// happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare