You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by sa...@apache.org on 2020/01/24 19:28:53 UTC

[hbase] branch branch-2 updated: HBASE-23728 Include HBASE-21018 in 2.2 & 2.3

This is an automated email from the ASF dual-hosted git repository.

sakthi pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2 by this push:
     new ee64aa0  HBASE-23728 Include HBASE-21018 in 2.2 & 2.3
ee64aa0 is described below

commit ee64aa044d3f132b20bec5aa87c9e23ca9c3886d
Author: Wei-Chiu Chuang <we...@cloudera.com>
AuthorDate: Fri Jan 24 11:21:39 2020 -0800

    HBASE-23728 Include HBASE-21018 in 2.2 & 2.3
    
    HBASE-21018 - RS crashed because AsyncFS was unable to update HDFS data encryption key
    
    Signed-off-by: Peter Somogyi <ps...@apache.org>
    Signed-off-by: Sakthi <sa...@apache.org>
    (cherry picked from commit 656cba9fe7b4f1f42228582dea789a6f88ed638c)
---
 .../FanOutOneBlockAsyncDFSOutputSaslHelper.java       | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
index c160391..59215de 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
@@ -320,16 +320,20 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
 
     private final Promise<Void> promise;
 
+    private final DFSClient dfsClient;
+
     private int step = 0;
 
     public SaslNegotiateHandler(Configuration conf, String username, char[] password,
-        Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {
+        Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,
+        DFSClient dfsClient) throws SaslException {
       this.conf = conf;
       this.saslProps = saslProps;
       this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,
         SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));
       this.timeoutMs = timeoutMs;
       this.promise = promise;
+      this.dfsClient = dfsClient;
     }
 
     private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {
@@ -387,6 +391,7 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
 
     private void check(DataTransferEncryptorMessageProto proto) throws IOException {
       if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {
+        dfsClient.clearDataEncryptionKey();
         throw new InvalidEncryptionKeyException(proto.getMessage());
       } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {
         throw new IOException(proto.getMessage());
@@ -689,12 +694,14 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
   }
 
   private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,
-      String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {
+      String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,
+      DFSClient dfsClient) {
     try {
       channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),
         new ProtobufVarint32FrameDecoder(),
         new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),
-        new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));
+        new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,
+            dfsClient));
     } catch (SaslException e) {
       saslPromise.tryFailure(e);
     }
@@ -721,7 +728,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
       }
       doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),
         encryptionKeyToPassword(encryptionKey.encryptionKey),
-        createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);
+        createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,
+          client);
     } else if (!UserGroupInformation.isSecurityEnabled()) {
       if (LOG.isDebugEnabled()) {
         LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr
@@ -746,7 +754,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
           "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);
       }
       doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),
-        buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);
+        buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,
+          client);
     } else {
       // It's a secured cluster using non-privileged ports, but no SASL. The only way this can
       // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare