You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by te...@apache.org on 2017/01/09 16:51:12 UTC
hbase git commit: HBASE-17435 Call to preCommitStoreFile() hook
encounters SaslException in secure deployment
Repository: hbase
Updated Branches:
refs/heads/master f65a439f0 -> 9cbeba6c3
HBASE-17435 Call to preCommitStoreFile() hook encounters SaslException in secure deployment
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/9cbeba6c
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/9cbeba6c
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/9cbeba6c
Branch: refs/heads/master
Commit: 9cbeba6c3de3ac7dd9c031792c70abe32ba8a62b
Parents: f65a439
Author: tedyu <yu...@gmail.com>
Authored: Mon Jan 9 08:51:00 2017 -0800
Committer: tedyu <yu...@gmail.com>
Committed: Mon Jan 9 08:51:00 2017 -0800
----------------------------------------------------------------------
.../hadoop/hbase/regionserver/HRegionServer.java | 8 ++++----
.../regionserver/SecureBulkLoadManager.java | 19 +++++++++++++++++--
2 files changed, 21 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/9cbeba6c/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
index 3c9d54f..5259961 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
@@ -503,7 +503,7 @@ public class HRegionServer extends HasThread implements
private volatile ThroughputController flushThroughputController;
- protected final SecureBulkLoadManager secureBulkLoadManager;
+ protected SecureBulkLoadManager secureBulkLoadManager;
/**
* Starts a HRegionServer at the default location.
@@ -615,9 +615,6 @@ public class HRegionServer extends HasThread implements
}
this.configurationManager = new ConfigurationManager();
- this.secureBulkLoadManager = new SecureBulkLoadManager(this.conf);
- this.secureBulkLoadManager.start();
-
rpcServices.start();
putUpWebUI();
this.walRoller = new LogRoller(this, this);
@@ -785,6 +782,9 @@ public class HRegionServer extends HasThread implements
try {
setupClusterConnection();
+ this.secureBulkLoadManager = new SecureBulkLoadManager(this.conf, clusterConnection);
+ this.secureBulkLoadManager.start();
+
// Health checker thread.
if (isHealthCheckerConfigured()) {
int sleepTime = this.conf.getInt(HConstants.HEALTH_CHORE_WAKE_FREQ,
http://git-wip-us.apache.org/repos/asf/hbase/blob/9cbeba6c/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java
index 7a18cbb..1accae1 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java
@@ -30,6 +30,7 @@ import org.apache.hadoop.hbase.DoNotRetryIOException;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.classification.InterfaceAudience;
+import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.coprocessor.BulkLoadObserver;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
@@ -42,6 +43,7 @@ import org.apache.hadoop.hbase.regionserver.Region.BulkLoadListener;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.hbase.security.token.FsDelegationToken;
+import org.apache.hadoop.hbase.security.token.TokenUtil;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.FSHDFSUtils;
import org.apache.hadoop.hbase.util.FSUtils;
@@ -108,9 +110,11 @@ public class SecureBulkLoadManager {
private Path baseStagingDir;
private UserProvider userProvider;
+ private Connection conn;
- SecureBulkLoadManager(Configuration conf) {
+ SecureBulkLoadManager(Configuration conf, Connection conn) {
this.conf = conf;
+ this.conn = conn;
}
public void start() throws IOException {
@@ -187,7 +191,18 @@ public class SecureBulkLoadManager {
final String bulkToken = request.getBulkToken();
User user = getActiveUser();
final UserGroupInformation ugi = user.getUGI();
- if(userToken != null) {
+ if (userProvider.isHadoopSecurityEnabled()) {
+ try {
+ Token tok = TokenUtil.obtainToken(conn);
+ if (tok != null) {
+ boolean b = ugi.addToken(tok);
+ LOG.debug("token added " + tok + " for user " + ugi + " return=" + b);
+ }
+ } catch (IOException ioe) {
+ LOG.warn("unable to add token", ioe);
+ }
+ }
+ if (userToken != null) {
ugi.addToken(userToken);
} else if (userProvider.isHadoopSecurityEnabled()) {
//we allow this to pass through in "simple" security mode