You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by sa...@apache.org on 2020/01/24 19:28:53 UTC
[hbase] branch branch-2 updated: HBASE-23728 Include HBASE-21018 in
2.2 & 2.3
This is an automated email from the ASF dual-hosted git repository.
sakthi pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new ee64aa0 HBASE-23728 Include HBASE-21018 in 2.2 & 2.3
ee64aa0 is described below
commit ee64aa044d3f132b20bec5aa87c9e23ca9c3886d
Author: Wei-Chiu Chuang <we...@cloudera.com>
AuthorDate: Fri Jan 24 11:21:39 2020 -0800
HBASE-23728 Include HBASE-21018 in 2.2 & 2.3
HBASE-21018 - RS crashed because AsyncFS was unable to update HDFS data encryption key
Signed-off-by: Peter Somogyi <ps...@apache.org>
Signed-off-by: Sakthi <sa...@apache.org>
(cherry picked from commit 656cba9fe7b4f1f42228582dea789a6f88ed638c)
---
.../FanOutOneBlockAsyncDFSOutputSaslHelper.java | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
index c160391..59215de 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
@@ -320,16 +320,20 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
private final Promise<Void> promise;
+ private final DFSClient dfsClient;
+
private int step = 0;
public SaslNegotiateHandler(Configuration conf, String username, char[] password,
- Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {
+ Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,
+ DFSClient dfsClient) throws SaslException {
this.conf = conf;
this.saslProps = saslProps;
this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,
SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));
this.timeoutMs = timeoutMs;
this.promise = promise;
+ this.dfsClient = dfsClient;
}
private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {
@@ -387,6 +391,7 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
private void check(DataTransferEncryptorMessageProto proto) throws IOException {
if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {
+ dfsClient.clearDataEncryptionKey();
throw new InvalidEncryptionKeyException(proto.getMessage());
} else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {
throw new IOException(proto.getMessage());
@@ -689,12 +694,14 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
}
private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,
- String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {
+ String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,
+ DFSClient dfsClient) {
try {
channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),
new ProtobufVarint32FrameDecoder(),
new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),
- new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));
+ new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,
+ dfsClient));
} catch (SaslException e) {
saslPromise.tryFailure(e);
}
@@ -721,7 +728,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
}
doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),
encryptionKeyToPassword(encryptionKey.encryptionKey),
- createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);
+ createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,
+ client);
} else if (!UserGroupInformation.isSecurityEnabled()) {
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr
@@ -746,7 +754,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
"SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);
}
doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),
- buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);
+ buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,
+ client);
} else {
// It's a secured cluster using non-privileged ports, but no SASL. The only way this can
// happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare