Java Code Examples for org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter#getDtSecretManager()
The following examples show how to use
org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter#getDtSecretManager() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestDelegationToken.java From hadoop with Apache License 2.0 | 5 votes |
@Before public void setUp() throws Exception { config = new HdfsConfiguration(); config.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true); config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000); config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000); config.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); config.set("hadoop.security.auth_to_local", "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); FileSystem.setDefaultUri(config, "hdfs://localhost:" + "0"); cluster = new MiniDFSCluster.Builder(config).numDataNodes(0).build(); cluster.waitActive(); dtSecretManager = NameNodeAdapter.getDtSecretManager( cluster.getNamesystem()); }
Example 2
Source File: TestDelegationTokensWithHA.java From hadoop with Apache License 2.0 | 5 votes |
@Before public void setupCluster() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); conf.setBoolean( DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); cluster = new MiniDFSCluster.Builder(conf) .nnTopology(MiniDFSNNTopology.simpleHATopology()) .numDataNodes(0) .build(); cluster.waitActive(); String logicalName = HATestUtil.getLogicalHostname(cluster); HATestUtil.setFailoverConfigurations(cluster, conf, logicalName, 0); nn0 = cluster.getNameNode(0); nn1 = cluster.getNameNode(1); fs = HATestUtil.configureFailoverFs(cluster, conf); dfs = (DistributedFileSystem)fs; cluster.transitionToActive(0); dtSecretManager = NameNodeAdapter.getDtSecretManager( nn0.getNamesystem()); }
Example 3
Source File: TestDelegationToken.java From big-c with Apache License 2.0 | 5 votes |
@Before public void setUp() throws Exception { config = new HdfsConfiguration(); config.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true); config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000); config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000); config.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); config.set("hadoop.security.auth_to_local", "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); FileSystem.setDefaultUri(config, "hdfs://localhost:" + "0"); cluster = new MiniDFSCluster.Builder(config).numDataNodes(0).build(); cluster.waitActive(); dtSecretManager = NameNodeAdapter.getDtSecretManager( cluster.getNamesystem()); }
Example 4
Source File: TestDelegationTokensWithHA.java From big-c with Apache License 2.0 | 5 votes |
@Before public void setupCluster() throws Exception { SecurityUtilTestHelper.setTokenServiceUseIp(true); conf.setBoolean( DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//" + "DEFAULT"); cluster = new MiniDFSCluster.Builder(conf) .nnTopology(MiniDFSNNTopology.simpleHATopology()) .numDataNodes(0) .build(); cluster.waitActive(); String logicalName = HATestUtil.getLogicalHostname(cluster); HATestUtil.setFailoverConfigurations(cluster, conf, logicalName, 0); nn0 = cluster.getNameNode(0); nn1 = cluster.getNameNode(1); fs = HATestUtil.configureFailoverFs(cluster, conf); dfs = (DistributedFileSystem)fs; cluster.transitionToActive(0); dtSecretManager = NameNodeAdapter.getDtSecretManager( nn0.getNamesystem()); }
Example 5
Source File: TestDelegationToken.java From hadoop with Apache License 2.0 | 4 votes |
/** * Test that the delegation token secret manager only runs when the * NN is out of safe mode. This is because the secret manager * has to log to the edit log, which should not be written in * safe mode. Regression test for HDFS-2579. */ @Test public void testDTManagerInSafeMode() throws Exception { cluster.startDataNodes(config, 1, true, StartupOption.REGULAR, null); FileSystem fs = cluster.getFileSystem(); for (int i = 0; i < 5; i++) { DFSTestUtil.createFile(fs, new Path("/test-" + i), 100, (short)1, 1L); } cluster.getConfiguration(0).setInt( DFSConfigKeys.DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_KEY, 500); cluster.getConfiguration(0).setInt( DFSConfigKeys.DFS_NAMENODE_SAFEMODE_EXTENSION_KEY, 30000); cluster.setWaitSafeMode(false); cluster.restartNameNode(); NameNode nn = cluster.getNameNode(); assertTrue(nn.isInSafeMode()); DelegationTokenSecretManager sm = NameNodeAdapter.getDtSecretManager(nn.getNamesystem()); assertFalse("Secret manager should not run in safe mode", sm.isRunning()); NameNodeAdapter.leaveSafeMode(nn); assertTrue("Secret manager should start when safe mode is exited", sm.isRunning()); LOG.info("========= entering safemode again"); NameNodeAdapter.enterSafeMode(nn, false); assertFalse("Secret manager should stop again when safe mode " + "is manually entered", sm.isRunning()); // Set the cluster to leave safemode quickly on its own. cluster.getConfiguration(0).setInt( DFSConfigKeys.DFS_NAMENODE_SAFEMODE_EXTENSION_KEY, 0); cluster.setWaitSafeMode(true); cluster.restartNameNode(); nn = cluster.getNameNode(); sm = NameNodeAdapter.getDtSecretManager(nn.getNamesystem()); assertFalse(nn.isInSafeMode()); assertTrue(sm.isRunning()); }
Example 6
Source File: TestDelegationTokensWithHA.java From hadoop with Apache License 2.0 | 4 votes |
/** * Test if StandbyException can be thrown from StandbyNN, when it's requested for * password. (HDFS-6475). With StandbyException, the client can failover to try * activeNN. */ @Test(timeout = 300000) public void testDelegationTokenStandbyNNAppearFirst() throws Exception { // make nn0 the standby NN, and nn1 the active NN cluster.transitionToStandby(0); cluster.transitionToActive(1); final DelegationTokenSecretManager stSecretManager = NameNodeAdapter.getDtSecretManager( nn1.getNamesystem()); // create token final Token<DelegationTokenIdentifier> token = getDelegationToken(fs, "JobTracker"); final DelegationTokenIdentifier identifier = new DelegationTokenIdentifier(); byte[] tokenId = token.getIdentifier(); identifier.readFields(new DataInputStream( new ByteArrayInputStream(tokenId))); assertTrue(null != stSecretManager.retrievePassword(identifier)); final UserGroupInformation ugi = UserGroupInformation .createRemoteUser("JobTracker"); ugi.addToken(token); ugi.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() { try { try { byte[] tmppw = dtSecretManager.retrievePassword(identifier); fail("InvalidToken with cause StandbyException is expected" + " since nn0 is standby"); return tmppw; } catch (IOException e) { // Mimic the UserProvider class logic (server side) by throwing // SecurityException here throw new SecurityException( SecurityUtil.FAILED_TO_GET_UGI_MSG_HEADER + " " + e, e); } } catch (Exception oe) { // // The exception oe caught here is // java.lang.SecurityException: Failed to obtain user group // information: org.apache.hadoop.security.token. // SecretManager$InvalidToken: StandbyException // HttpServletResponse response = mock(HttpServletResponse.class); ExceptionHandler eh = new ExceptionHandler(); eh.initResponse(response); // The Response (resp) below is what the server will send to client // // BEFORE HDFS-6475 fix, the resp.entity is // {"RemoteException":{"exception":"SecurityException", // "javaClassName":"java.lang.SecurityException", // "message":"Failed to obtain user group information: // org.apache.hadoop.security.token.SecretManager$InvalidToken: // StandbyException"}} // AFTER the fix, the resp.entity is // {"RemoteException":{"exception":"StandbyException", // "javaClassName":"org.apache.hadoop.ipc.StandbyException", // "message":"Operation category READ is not supported in // state standby"}} // Response resp = eh.toResponse(oe); // Mimic the client side logic by parsing the response from server // Map<?, ?> m = (Map<?, ?>)JSON.parse(resp.getEntity().toString()); RemoteException re = JsonUtil.toRemoteException(m); Exception unwrapped = ((RemoteException)re).unwrapRemoteException( StandbyException.class); assertTrue (unwrapped instanceof StandbyException); return null; } } }); }
Example 7
Source File: TestDelegationToken.java From big-c with Apache License 2.0 | 4 votes |
/** * Test that the delegation token secret manager only runs when the * NN is out of safe mode. This is because the secret manager * has to log to the edit log, which should not be written in * safe mode. Regression test for HDFS-2579. */ @Test public void testDTManagerInSafeMode() throws Exception { cluster.startDataNodes(config, 1, true, StartupOption.REGULAR, null); FileSystem fs = cluster.getFileSystem(); for (int i = 0; i < 5; i++) { DFSTestUtil.createFile(fs, new Path("/test-" + i), 100, (short)1, 1L); } cluster.getConfiguration(0).setInt( DFSConfigKeys.DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_KEY, 500); cluster.getConfiguration(0).setInt( DFSConfigKeys.DFS_NAMENODE_SAFEMODE_EXTENSION_KEY, 30000); cluster.setWaitSafeMode(false); cluster.restartNameNode(); NameNode nn = cluster.getNameNode(); assertTrue(nn.isInSafeMode()); DelegationTokenSecretManager sm = NameNodeAdapter.getDtSecretManager(nn.getNamesystem()); assertFalse("Secret manager should not run in safe mode", sm.isRunning()); NameNodeAdapter.leaveSafeMode(nn); assertTrue("Secret manager should start when safe mode is exited", sm.isRunning()); LOG.info("========= entering safemode again"); NameNodeAdapter.enterSafeMode(nn, false); assertFalse("Secret manager should stop again when safe mode " + "is manually entered", sm.isRunning()); // Set the cluster to leave safemode quickly on its own. cluster.getConfiguration(0).setInt( DFSConfigKeys.DFS_NAMENODE_SAFEMODE_EXTENSION_KEY, 0); cluster.setWaitSafeMode(true); cluster.restartNameNode(); nn = cluster.getNameNode(); sm = NameNodeAdapter.getDtSecretManager(nn.getNamesystem()); assertFalse(nn.isInSafeMode()); assertTrue(sm.isRunning()); }
Example 8
Source File: TestDelegationTokensWithHA.java From big-c with Apache License 2.0 | 4 votes |
/** * Test if StandbyException can be thrown from StandbyNN, when it's requested for * password. (HDFS-6475). With StandbyException, the client can failover to try * activeNN. */ @Test(timeout = 300000) public void testDelegationTokenStandbyNNAppearFirst() throws Exception { // make nn0 the standby NN, and nn1 the active NN cluster.transitionToStandby(0); cluster.transitionToActive(1); final DelegationTokenSecretManager stSecretManager = NameNodeAdapter.getDtSecretManager( nn1.getNamesystem()); // create token final Token<DelegationTokenIdentifier> token = getDelegationToken(fs, "JobTracker"); final DelegationTokenIdentifier identifier = new DelegationTokenIdentifier(); byte[] tokenId = token.getIdentifier(); identifier.readFields(new DataInputStream( new ByteArrayInputStream(tokenId))); assertTrue(null != stSecretManager.retrievePassword(identifier)); final UserGroupInformation ugi = UserGroupInformation .createRemoteUser("JobTracker"); ugi.addToken(token); ugi.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() { try { try { byte[] tmppw = dtSecretManager.retrievePassword(identifier); fail("InvalidToken with cause StandbyException is expected" + " since nn0 is standby"); return tmppw; } catch (IOException e) { // Mimic the UserProvider class logic (server side) by throwing // SecurityException here throw new SecurityException( SecurityUtil.FAILED_TO_GET_UGI_MSG_HEADER + " " + e, e); } } catch (Exception oe) { // // The exception oe caught here is // java.lang.SecurityException: Failed to obtain user group // information: org.apache.hadoop.security.token. // SecretManager$InvalidToken: StandbyException // HttpServletResponse response = mock(HttpServletResponse.class); ExceptionHandler eh = new ExceptionHandler(); eh.initResponse(response); // The Response (resp) below is what the server will send to client // // BEFORE HDFS-6475 fix, the resp.entity is // {"RemoteException":{"exception":"SecurityException", // "javaClassName":"java.lang.SecurityException", // "message":"Failed to obtain user group information: // org.apache.hadoop.security.token.SecretManager$InvalidToken: // StandbyException"}} // AFTER the fix, the resp.entity is // {"RemoteException":{"exception":"StandbyException", // "javaClassName":"org.apache.hadoop.ipc.StandbyException", // "message":"Operation category READ is not supported in // state standby"}} // Response resp = eh.toResponse(oe); // Mimic the client side logic by parsing the response from server // Map<?, ?> m = (Map<?, ?>)JSON.parse(resp.getEntity().toString()); RemoteException re = JsonUtil.toRemoteException(m); Exception unwrapped = ((RemoteException)re).unwrapRemoteException( StandbyException.class); assertTrue (unwrapped instanceof StandbyException); return null; } } }); }