You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2018/08/15 00:20:01 UTC
hadoop git commit: HADOOP-14212. Expose SecurityEnabled boolean field
in JMX for other services besides NameNode. Contributed by Adam Antal.
Repository: hadoop
Updated Branches:
refs/heads/trunk 75fc51588 -> 363bd16e3
HADOOP-14212. Expose SecurityEnabled boolean field in JMX for other services besides NameNode. Contributed by Adam Antal.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/363bd16e
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/363bd16e
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/363bd16e
Branch: refs/heads/trunk
Commit: 363bd16e314490e31758cc82de584e75cd8357cc
Parents: 75fc515
Author: Wei-Chiu Chuang <we...@apache.org>
Authored: Tue Aug 14 17:19:00 2018 -0700
Committer: Wei-Chiu Chuang <we...@apache.org>
Committed: Tue Aug 14 17:19:00 2018 -0700
----------------------------------------------------------------------
.../hadoop/hdfs/server/datanode/DataNode.java | 5 ++
.../hdfs/server/datanode/DataNodeMXBean.java | 7 +++
.../hdfs/server/namenode/SecondaryNameNode.java | 5 ++
.../namenode/SecondaryNameNodeInfoMXBean.java | 7 +++
.../server/datanode/TestDataNodeMXBean.java | 47 +++++++++++++++++-
.../server/namenode/TestSecureNameNode.java | 52 +++++++++++++++++++-
.../yarn/server/nodemanager/NodeManager.java | 20 +++++++-
.../server/resourcemanager/ResourceManager.java | 18 ++++++-
8 files changed, 156 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
index aa044f9..ea3bab6 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
@@ -3142,6 +3142,11 @@ public class DataNode extends ReconfigurableBase
}
}
+ @Override
+ public boolean isSecurityEnabled() {
+ return UserGroupInformation.isSecurityEnabled();
+ }
+
public void refreshNamenodes(Configuration conf) throws IOException {
blockPoolManager.refreshNamenodes(conf);
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java
index b5f0cd0..9d11e14 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java
@@ -146,4 +146,11 @@ public interface DataNodeMXBean {
* @return list of slow disks
*/
String getSlowDisks();
+
+ /**
+ * Gets if security is enabled.
+ *
+ * @return true, if security is enabled.
+ */
+ boolean isSecurityEnabled();
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
index ff83e34..4d7b747 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
@@ -722,6 +722,11 @@ public class SecondaryNameNode implements Runnable,
return NetUtils.getHostPortString(nameNodeAddr);
}
+ @Override
+ public boolean isSecurityEnabled() {
+ return UserGroupInformation.isSecurityEnabled();
+ }
+
@Override // SecondaryNameNodeInfoMXBean
public long getStartTime() {
return starttime;
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java
index 785c5ee..a042dc2 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java
@@ -32,6 +32,13 @@ public interface SecondaryNameNodeInfoMXBean extends VersionInfoMXBean {
public String getHostAndPort();
/**
+ * Gets if security is enabled.
+ *
+ * @return true, if security is enabled.
+ */
+ boolean isSecurityEnabled();
+
+ /**
* @return the timestamp of when the SNN starts
*/
public long getStartTime();
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java
index 9107aae..3546ad8 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java
@@ -38,6 +38,8 @@ import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.MiniDFSCluster;
+import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.Test;
@@ -49,7 +51,7 @@ import static org.junit.Assert.assertTrue;
/**
* Class for testing {@link DataNodeMXBean} implementation
*/
-public class TestDataNodeMXBean {
+public class TestDataNodeMXBean extends SaslDataTransferTestCase {
public static final Log LOG = LogFactory.getLog(TestDataNodeMXBean.class);
@@ -117,6 +119,49 @@ public class TestDataNodeMXBean {
}
}
}
+
+ @Test
+ public void testDataNodeMXBeanSecurityEnabled() throws Exception {
+ Configuration simpleConf = new Configuration();
+ Configuration secureConf = createSecureConfig("authentication");
+
+ // get attribute "SecurityEnabled" with simple configuration
+ try (MiniDFSCluster cluster =
+ new MiniDFSCluster.Builder(simpleConf).build()) {
+ List<DataNode> datanodes = cluster.getDataNodes();
+ Assert.assertEquals(datanodes.size(), 1);
+ DataNode datanode = datanodes.get(0);
+
+ MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+ ObjectName mxbeanName = new ObjectName(
+ "Hadoop:service=DataNode,name=DataNodeInfo");
+
+ boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
+ "SecurityEnabled");
+ Assert.assertFalse(securityEnabled);
+ Assert.assertEquals(datanode.isSecurityEnabled(), securityEnabled);
+ }
+
+ // get attribute "SecurityEnabled" with secure configuration
+ try (MiniDFSCluster cluster =
+ new MiniDFSCluster.Builder(secureConf).build()) {
+ List<DataNode> datanodes = cluster.getDataNodes();
+ Assert.assertEquals(datanodes.size(), 1);
+ DataNode datanode = datanodes.get(0);
+
+ MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+ ObjectName mxbeanName = new ObjectName(
+ "Hadoop:service=DataNode,name=DataNodeInfo");
+
+ boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
+ "SecurityEnabled");
+ Assert.assertTrue(securityEnabled);
+ Assert.assertEquals(datanode.isSecurityEnabled(), securityEnabled);
+ }
+
+ // setting back the authentication method
+ UserGroupInformation.setConfiguration(simpleConf);
+ }
private static String replaceDigits(final String s) {
return s.replaceAll("[0-9]+", "_DIGITS_");
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
index 6b6ce53..c90a91c 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
@@ -22,8 +22,10 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import java.io.IOException;
+import java.lang.management.ManagementFactory;
import java.security.PrivilegedExceptionAction;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
@@ -33,10 +35,12 @@ import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
+import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
-
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
public class TestSecureNameNode extends SaslDataTransferTestCase {
final static private int NUM_OF_DATANODES = 0;
@@ -117,4 +121,50 @@ public class TestSecureNameNode extends SaslDataTransferTestCase {
return;
}
+ /**
+ * Test NameNodeStatusMXBean with security enabled and disabled.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testNameNodeStatusMXBeanSecurityEnabled() throws Exception {
+ Configuration simpleConf = new Configuration();
+ Configuration secureConf = createSecureConfig("authentication");
+
+ // disabling security
+ UserGroupInformation.setConfiguration(simpleConf);
+
+ // get attribute "SecurityEnabled" with simple configuration
+ try (MiniDFSCluster cluster =
+ new MiniDFSCluster.Builder(simpleConf).build()) {
+ cluster.waitActive();
+ NameNode namenode = cluster.getNameNode();
+
+ MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+ ObjectName mxbeanName = new ObjectName(
+ "Hadoop:service=NameNode,name=NameNodeStatus");
+
+ boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
+ "SecurityEnabled");
+ Assert.assertFalse(securityEnabled);
+ Assert.assertEquals(namenode.isSecurityEnabled(), securityEnabled);
+ }
+
+ // get attribute "SecurityEnabled" with secure configuration
+ try (MiniDFSCluster cluster =
+ new MiniDFSCluster.Builder(secureConf).build()) {
+ cluster.waitActive();
+ NameNode namenode = cluster.getNameNode();
+
+ MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
+ ObjectName mxbeanName = new ObjectName(
+ "Hadoop:service=NameNode,name=NameNodeStatus");
+
+ boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName,
+ "SecurityEnabled");
+ Assert.assertTrue(securityEnabled);
+ Assert.assertEquals(namenode.isSecurityEnabled(), securityEnabled);
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java
index c8234bd..b54a6b7 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java
@@ -25,8 +25,10 @@ import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
+import org.apache.hadoop.metrics2.util.MBeans;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.service.CompositeService;
import org.apache.hadoop.util.ExitUtil;
import org.apache.hadoop.util.GenericOptionsParser;
@@ -87,8 +89,8 @@ import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ConcurrentSkipListMap;
import java.util.concurrent.atomic.AtomicBoolean;
-public class NodeManager extends CompositeService
- implements EventHandler<NodeManagerEvent> {
+public class NodeManager extends CompositeService
+ implements EventHandler<NodeManagerEvent>, NodeManagerMXBean {
/**
* Node manager return status codes.
@@ -470,6 +472,8 @@ public class NodeManager extends CompositeService
throw new YarnRuntimeException("Failed NodeManager login", e);
}
+ registerMXBean();
+
super.serviceInit(conf);
// TODO add local dirs to del
}
@@ -947,6 +951,18 @@ public class NodeManager extends CompositeService
LOG.warn("Invalid shutdown event " + event.getType() + ". Ignoring.");
}
}
+
+ /**
+ * Register NodeManagerMXBean.
+ */
+ private void registerMXBean() {
+ MBeans.register("NodeManager", "NodeManager", this);
+ }
+
+ @Override
+ public boolean isSecurityEnabled() {
+ return UserGroupInformation.isSecurityEnabled();
+ }
// For testing
NodeManager createNewNodeManager() {
http://git-wip-us.apache.org/repos/asf/hadoop/blob/363bd16e/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
index bb85b67..d459f0e 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
@@ -33,6 +33,7 @@ import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.metrics2.MetricsSystem;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.metrics2.source.JvmMetrics;
+import org.apache.hadoop.metrics2.util.MBeans;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
@@ -140,7 +141,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
*
*/
@SuppressWarnings("unchecked")
-public class ResourceManager extends CompositeService implements Recoverable {
+public class ResourceManager extends CompositeService
+ implements Recoverable, ResourceManagerMXBean {
/**
* Priority of the ResourceManager shutdown hook.
@@ -337,6 +339,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
addIfService(systemMetricsPublisher);
rmContext.setSystemMetricsPublisher(systemMetricsPublisher);
+ registerMXBean();
+
super.serviceInit(this.conf);
}
@@ -1600,4 +1604,16 @@ public class ResourceManager extends CompositeService implements Recoverable {
protected RMAppLifetimeMonitor createRMAppLifetimeMonitor() {
return new RMAppLifetimeMonitor(this.rmContext);
}
+
+ /**
+ * Register ResourceManagerMXBean.
+ */
+ private void registerMXBean() {
+ MBeans.register("ResourceManager", "ResourceManager", this);
+ }
+
+ @Override
+ public boolean isSecurityEnabled() {
+ return UserGroupInformation.isSecurityEnabled();
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org