You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2016/10/12 00:55:20 UTC
[jira] [Resolved] (HBASE-16663) JMX ConnectorServer stopped when
unauthorized user try to stop HM/RS/cluster
[ https://issues.apache.org/jira/browse/HBASE-16663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Purtell resolved HBASE-16663.
------------------------------------
Resolution: Fixed
Fix Version/s: 0.98.24
1.2.5
1.3.0
> JMX ConnectorServer stopped when unauthorized user try to stop HM/RS/cluster
> ----------------------------------------------------------------------------
>
> Key: HBASE-16663
> URL: https://issues.apache.org/jira/browse/HBASE-16663
> Project: HBase
> Issue Type: Bug
> Components: metrics, security
> Reporter: Pankaj Kumar
> Assignee: Pankaj Kumar
> Priority: Critical
> Fix For: 2.0.0, 1.3.0, 1.4.0, 1.2.5, 0.98.24
>
> Attachments: HBASE-16663-0.98-V4.patch, HBASE-16663-0.98.patch, HBASE-16663-V2.patch, HBASE-16663-V3.patch, HBASE-16663-V4.patch, HBASE-16663-branch-1.patch, HBASE-16663.patch
>
>
> After HBASE-16284, unauthorized user will not able allowed to stop HM/RS/cluster, but while executing "cpHost.preStopMaster()", ConnectorServer will be stopped before AccessController validation.
> hbase-site.xml,
> {noformat}
> <property>
> <name>hbase.coprocessor.master.classes</name>
> <value>org.apache.hadoop.hbase.JMXListener,org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> <property>
> <name>hbase.coprocessor.regionserver.classes</name>
> <value>org.apache.hadoop.hbase.JMXListener,org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> {noformat}
> HBaseAdmin.stopMaster(),
> {noformat}
> 2016-09-20 21:12:26,796 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] hbase.JMXListener: ConnectorServer stopped!
> 2016-09-20 21:13:55,380 WARN [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981
> ExitCodeException exitCode=1: id: P72981: No such user
> 2016-09-20 21:14:00,495 ERROR [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Exception occurred while stopping master
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN)
> at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546)
> at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522)
> at org.apache.hadoop.hbase.security.access.AccessController.preStopMaster(AccessController.java:1297)
> at org.apache.hadoop.hbase.master.MasterCoprocessorHost$68.call(MasterCoprocessorHost.java:821)
> at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1188)
> at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preStopMaster(MasterCoprocessorHost.java:817)
> at org.apache.hadoop.hbase.master.HMaster.stopMaster(HMaster.java:2352)
> at org.apache.hadoop.hbase.master.MasterRpcServices.stopMaster(MasterRpcServices.java:1364)
> {noformat}
> HBaseAdmin.stopRegionServer(rs-host-port),
> {noformat}
> 2016-09-20 20:59:01,234 INFO [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] hbase.JMXListener: ConnectorServer stopped!
> 2016-09-20 20:59:01,250 WARN [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981
> ExitCodeException exitCode=1: id: P72981: No such user
> 2016-09-20 20:59:01,253 WARN [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] regionserver.HRegionServer: The region server did not stop
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN)
> at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546)
> at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522)
> at org.apache.hadoop.hbase.security.access.AccessController.preStopRegionServer(AccessController.java:2501)
> at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost$1.call(RegionServerCoprocessorHost.java:84)
> at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost.execOperation(RegionServerCoprocessorHost.java:256)
> at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost.preStop(RegionServerCoprocessorHost.java:80)
> at org.apache.hadoop.hbase.regionserver.HRegionServer.stop(HRegionServer.java:1905)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.stopServer(RSRpcServices.java:1961)
> {noformat}
> HBaseAdmin.shutdown(),
> {noformat}
> 2016-09-21 12:09:08,259 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Client=P72981//10.18.248.96 shutdown
> 2016-09-21 12:09:08,261 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] hbase.JMXListener: ConnectorServer stopped!
> 2016-09-21 12:09:08,276 WARN [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981
> ExitCodeException exitCode=1: id: P72981: No such user
> 2016-09-21 12:09:08,280 ERROR [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Exception occurred in HMaster.shutdown()
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN)
> at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546)
> at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522)
> at org.apache.hadoop.hbase.security.access.AccessController.preShutdown(AccessController.java:1291)
> at org.apache.hadoop.hbase.master.MasterCoprocessorHost$67.call(MasterCoprocessorHost.java:806)
> at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1188)
> at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preShutdown(MasterCoprocessorHost.java:802)
> at org.apache.hadoop.hbase.master.HMaster.shutdown(HMaster.java:2335)
> at org.apache.hadoop.hbase.master.MasterRpcServices.shutdown(MasterRpcServices.java:1322)
> at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:58551)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2270)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:123)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:188)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:168)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)