You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by mb...@apache.org on 2015/05/27 19:46:32 UTC
[2/5] hbase git commit: HBASE-13767 Allow ZKAclReset to set and not
just clear ZK ACLs
HBASE-13767 Allow ZKAclReset to set and not just clear ZK ACLs
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/cb7675c5
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/cb7675c5
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/cb7675c5
Branch: refs/heads/branch-1
Commit: cb7675c57f93a82ec85f1f474dd42aae8de23ff0
Parents: 534c603
Author: Matteo Bertozzi <ma...@cloudera.com>
Authored: Wed May 27 18:30:55 2015 +0100
Committer: Matteo Bertozzi <ma...@cloudera.com>
Committed: Wed May 27 18:34:17 2015 +0100
----------------------------------------------------------------------
.../apache/hadoop/hbase/zookeeper/ZKUtil.java | 7 +-
.../hadoop/hbase/zookeeper/ZkAclReset.java | 92 +++++++++++---------
2 files changed, 55 insertions(+), 44 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/cb7675c5/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
index e5639bc..55492e4 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
@@ -1015,10 +1015,15 @@ public class ZKUtil {
}
private static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node) {
+ return createACL(zkw, node, isSecureZooKeeper(zkw.getConfiguration()));
+ }
+
+ protected static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node,
+ boolean isSecureZooKeeper) {
if (!node.startsWith(zkw.baseZNode)) {
return Ids.OPEN_ACL_UNSAFE;
}
- if (isSecureZooKeeper(zkw.getConfiguration())) {
+ if (isSecureZooKeeper) {
String superUser = zkw.getConfiguration().get("hbase.superuser");
ArrayList<ACL> acls = new ArrayList<ACL>();
// add permission to hbase supper user
http://git-wip-us.apache.org/repos/asf/hbase/blob/cb7675c5/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java
index f5a41df..9bb6bf7 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java
@@ -25,14 +25,12 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
-import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.ZooKeeper;
-import org.apache.zookeeper.Watcher;
-import org.apache.zookeeper.WatchedEvent;
/**
* You may add the jaas.conf option
@@ -41,70 +39,78 @@ import org.apache.zookeeper.WatchedEvent;
* You may also specify -D to set options
* "hbase.zookeeper.quorum" (it should be in hbase-site.xml)
* "zookeeper.znode.parent" (it should be in hbase-site.xml)
+ *
+ * Use -set-acls to set the ACLs, no option to erase ACLs
*/
@InterfaceAudience.Private
public class ZkAclReset extends Configured implements Tool {
private static final Log LOG = LogFactory.getLog(ZkAclReset.class);
- private static final int ZK_SESSION_TIMEOUT_DEFAULT = 5 * 1000;
-
- private static class ZkWatcher implements Watcher {
- public ZkWatcher() {
- }
-
- @Override
- public void process(WatchedEvent event) {
- LOG.info("Received ZooKeeper Event, " +
- "type=" + event.getType() + ", " +
- "state=" + event.getState() + ", " +
- "path=" + event.getPath());
- }
- }
-
- private static void resetAcls(final ZooKeeper zk, final String znode)
- throws Exception {
- List<String> children = zk.getChildren(znode, false);
+ private static void resetAcls(final ZooKeeperWatcher zkw, final String znode,
+ final boolean eraseAcls) throws Exception {
+ List<String> children = ZKUtil.listChildrenNoWatch(zkw, znode);
if (children != null) {
for (String child: children) {
- resetAcls(zk, znode + '/' + child);
+ resetAcls(zkw, ZKUtil.joinZNode(znode, child), eraseAcls);
}
}
- LOG.info(" - reset acl for " + znode);
- zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1);
+
+ ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper();
+ if (eraseAcls) {
+ LOG.info(" - erase ACLs for " + znode);
+ zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1);
+ } else {
+ LOG.info(" - set ACLs for " + znode);
+ zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1);
+ }
}
- private static void resetAcls(final String quorumServers, final int zkTimeout, final String znode)
+ private static void resetAcls(final Configuration conf, boolean eraseAcls)
throws Exception {
- ZooKeeper zk = new ZooKeeper(quorumServers, zkTimeout, new ZkWatcher());
+ ZooKeeperWatcher zkw = new ZooKeeperWatcher(conf, "ZkAclReset", null);
try {
- resetAcls(zk, znode);
+ LOG.info((eraseAcls ? "Erase" : "Set") + " HBase ACLs for " +
+ zkw.getQuorum() + " " + zkw.getBaseZNode());
+ resetAcls(zkw, zkw.getBaseZNode(), eraseAcls);
} finally {
- zk.close();
+ zkw.close();
}
}
- private void resetHBaseAcls(final Configuration conf) throws Exception {
- String quorumServers = conf.get("hbase.zookeeper.quorum", HConstants.LOCALHOST);
- int sessionTimeout = conf.getInt("zookeeper.session.timeout", ZK_SESSION_TIMEOUT_DEFAULT);
- String znode = conf.get("zookeeper.znode.parent", HConstants.DEFAULT_ZOOKEEPER_ZNODE_PARENT);
- if (quorumServers == null) {
- LOG.error("Unable to load hbase.zookeeper.quorum (try with: -conf hbase-site.xml)");
- return;
- }
-
- LOG.info("Reset HBase ACLs for " + quorumServers + " " + znode);
- resetAcls(quorumServers, sessionTimeout, znode);
+ private void printUsageAndExit() {
+ System.err.printf("Usage: bin/hbase %s [options]%n", getClass().getName());
+ System.err.println(" where [options] are:");
+ System.err.println(" -h|-help Show this help and exit.");
+ System.err.println(" -set-acls Setup the hbase znode ACLs for a secure cluster");
+ System.err.println();
+ System.err.println("Examples:");
+ System.err.println(" To reset the ACLs to the unsecure cluster behavior:");
+ System.err.println(" hbase " + getClass().getName());
+ System.err.println();
+ System.err.println(" To reset the ACLs to the secure cluster behavior:");
+ System.err.println(" hbase " + getClass().getName() + " -set-acls");
+ System.exit(1);
}
-
@Override
public int run(String[] args) throws Exception {
- Configuration conf = getConf();
- resetHBaseAcls(conf);
+ boolean eraseAcls = true;
+
+ for (int i = 0; i < args.length; ++i) {
+ if (args[i].equals("-help")) {
+ printUsageAndExit();
+ } else if (args[i].equals("-set-acls")) {
+ eraseAcls = false;
+ } else {
+ printUsageAndExit();
+ }
+ }
+
+ resetAcls(getConf(), eraseAcls);
return(0);
}
public static void main(String[] args) throws Exception {
- System.exit(ToolRunner.run(new Configuration(), new ZkAclReset(), args));
+ System.exit(ToolRunner.run(HBaseConfiguration.create(), new ZkAclReset(), args));
}
}