org.apache.hadoop.registry.server.integration.RMRegistryOperationsService Java Examples

The following examples show how to use org.apache.hadoop.registry.server.integration.RMRegistryOperationsService. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: YarnZkRegistryBusiness.java    From PoseidonX with Apache License 2.0 6 votes vote down vote up
private static void initAndStart(){
    try{
        Configuration conf  = new YarnConfiguration();
        conf.set(RegistryConstants.KEY_REGISTRY_ZK_ROOT, YarnZkContant.ZK_AM_REGISTRY_ROOT);
        registryOperations = RegistryOperationsFactory.createInstance(YarnZkContant.ZK_AM_REGISTRY_JSTORM_YARN, conf);
        if (registryOperations instanceof RMRegistryOperationsService) {
            RMRegistryOperationsService rmRegOperations = (RMRegistryOperationsService) registryOperations;
            rmRegOperations.initUserRegistryAsync(StreamContant.HADOOP_USER_NAME);
        }
    }catch(Exception e){
    }
    if(registryOperations==null){
        throw new IllegalArgumentException("YarnZkClientBusiness registryOperations start is error,cann't connect yarn zk!!");
    }
    registryOperations.start();
}
 
Example #2
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Create the RM registry operations as the current user
 * @return the service
 * @throws LoginException
 * @throws FileNotFoundException
 */
public RMRegistryOperationsService startRMRegistryOperations() throws
    LoginException, IOException, InterruptedException {
  // kerberos
  secureConf.set(KEY_REGISTRY_CLIENT_AUTH,
      REGISTRY_CLIENT_AUTH_KERBEROS);
  secureConf.set(KEY_REGISTRY_CLIENT_JAAS_CONTEXT, ZOOKEEPER_CLIENT_CONTEXT);

  RMRegistryOperationsService registryOperations = zookeeperUGI.doAs(
      new PrivilegedExceptionAction<RMRegistryOperationsService>() {
        @Override
        public RMRegistryOperationsService run() throws Exception {
          RMRegistryOperationsService operations
              = new RMRegistryOperationsService("rmregistry", secureZK);
          addToTeardown(operations);
          operations.init(secureConf);
          LOG.info(operations.bindingDiagnosticDetails());
          operations.start();
          return operations;
        }
      });

  return registryOperations;
}
 
Example #3
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testUserHomedirsPermissionsRestricted() throws Throwable {
  // test that the /users/$user permissions are restricted
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  // create Alice's dir, so it should have an ACL for Alice
  final String home = rmRegistryOperations.initUserRegistry(ALICE);
  List<ACL> acls = rmRegistryOperations.zkGetACLS(home);
  ACL aliceACL = null;
  for (ACL acl : acls) {
    LOG.info(RegistrySecurity.aclToString(acl));
    Id id = acl.getId();
    if (id.getScheme().equals(ZookeeperConfigOptions.SCHEME_SASL)
        && id.getId().startsWith(ALICE)) {

      aliceACL = acl;
      break;
    }
  }
  assertNotNull(aliceACL);
  assertEquals(RegistryAdminService.USER_HOMEDIR_ACL_PERMISSIONS,
      aliceACL.getPerms());
}
 
Example #4
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testUserHomedirsPermissionsRestricted() throws Throwable {
  // test that the /users/$user permissions are restricted
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  // create Alice's dir, so it should have an ACL for Alice
  final String home = rmRegistryOperations.initUserRegistry(ALICE);
  List<ACL> acls = rmRegistryOperations.zkGetACLS(home);
  ACL aliceACL = null;
  for (ACL acl : acls) {
    LOG.info(RegistrySecurity.aclToString(acl));
    Id id = acl.getId();
    if (id.getScheme().equals(ZookeeperConfigOptions.SCHEME_SASL)
        && id.getId().startsWith(ALICE)) {

      aliceACL = acl;
      break;
    }
  }
  assertNotNull(aliceACL);
  assertEquals(RegistryAdminService.USER_HOMEDIR_ACL_PERMISSIONS,
      aliceACL.getPerms());
}
 
Example #5
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Create the RM registry operations as the current user
 * @return the service
 * @throws LoginException
 * @throws FileNotFoundException
 */
public RMRegistryOperationsService startRMRegistryOperations() throws
    LoginException, IOException, InterruptedException {
  // kerberos
  secureConf.set(KEY_REGISTRY_CLIENT_AUTH,
      REGISTRY_CLIENT_AUTH_KERBEROS);
  secureConf.set(KEY_REGISTRY_CLIENT_JAAS_CONTEXT, ZOOKEEPER_CLIENT_CONTEXT);

  RMRegistryOperationsService registryOperations = zookeeperUGI.doAs(
      new PrivilegedExceptionAction<RMRegistryOperationsService>() {
        @Override
        public RMRegistryOperationsService run() throws Exception {
          RMRegistryOperationsService operations
              = new RMRegistryOperationsService("rmregistry", secureZK);
          addToTeardown(operations);
          operations.init(secureConf);
          LOG.info(operations.bindingDiagnosticDetails());
          operations.start();
          return operations;
        }
      });

  return registryOperations;
}
 
Example #6
Source File: Executor.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * TODO: purge this once RM is doing the work
 *
 * @throws IOException
 */
protected void setupInitialRegistryPaths() throws IOException {
    if (registryOperations instanceof RMRegistryOperationsService) {
        RMRegistryOperationsService rmRegOperations =
                (RMRegistryOperationsService) registryOperations;
        rmRegOperations.initUserRegistryAsync(RegistryUtils.currentUser());
    }
}
 
Example #7
Source File: JstormMaster.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * TODO: purge this once RM is doing the work
 *
 * @throws IOException
 */
protected void setupInitialRegistryPaths() throws IOException {
    if (registryOperations instanceof RMRegistryOperationsService) {
        RMRegistryOperationsService rmRegOperations =
                (RMRegistryOperationsService) registryOperations;
        rmRegOperations.initUserRegistryAsync(jstormMasterContext.service_user_name);
    }
}
 
Example #8
Source File: AbstractRegistryTest.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Before
public void setupRegistry() throws IOException {
  registry = new RMRegistryOperationsService("yarnRegistry");
  operations = registry;
  registry.init(createRegistryConfiguration());
  registry.start();
  operations.delete("/", true);
  registry.createRootRegistryPaths();
  addToTeardown(registry);
}
 
Example #9
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testAlicePathRestrictedAnonAccess() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  String aliceHome = rmRegistryOperations.initUserRegistry(ALICE);
  describe(LOG, "Creating anonymous accessor");
  RegistryOperations anonOperations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(anonOperations);
  anonOperations.start();
  anonOperations.list(aliceHome);
  expectMkNodeFailure(anonOperations, aliceHome + "/anon");
  expectDeleteFailure(anonOperations, aliceHome, true);
}
 
Example #10
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testAnonNoWriteAccessOffRoot() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  describe(LOG, "testAnonNoWriteAccessOffRoot");
  RegistryOperations operations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(operations);
  operations.start();
  assertFalse("mknode(/)", operations.mknode("/", false));
  expectMkNodeFailure(operations, "/sub");
  expectDeleteFailure(operations, PATH_SYSTEM_SERVICES, true);
}
 
Example #11
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testAnonNoWriteAccess() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  describe(LOG, "testAnonNoWriteAccess");
  RegistryOperations operations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(operations);
  operations.start();

  String servicePath = PATH_SYSTEM_SERVICES + "hdfs";
  expectMkNodeFailure(operations, servicePath);
}
 
Example #12
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testAnonReadAccess() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  describe(LOG, "testAnonReadAccess");
  RegistryOperations operations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(operations);
  operations.start();

  assertFalse("RegistrySecurity.isClientSASLEnabled()==true",
      RegistrySecurity.isClientSASLEnabled());
  operations.list(PATH_SYSTEM_SERVICES);
}
 
Example #13
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * test that ZK can write as itself
 * @throws Throwable
 */
@Test
public void testZookeeperCanWriteUnderSystem() throws Throwable {

  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  RegistryOperations operations = rmRegistryOperations;
  operations.mknode(PATH_SYSTEM_SERVICES + "hdfs",
      false);
  ZKPathDumper pathDumper = rmRegistryOperations.dumpPath(true);
  LOG.info(pathDumper.toString());
}
 
Example #14
Source File: AbstractRegistryTest.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Before
public void setupRegistry() throws IOException {
  registry = new RMRegistryOperationsService("yarnRegistry");
  operations = registry;
  registry.init(createRegistryConfiguration());
  registry.start();
  operations.delete("/", true);
  registry.createRootRegistryPaths();
  addToTeardown(registry);
}
 
Example #15
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testAlicePathRestrictedAnonAccess() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  String aliceHome = rmRegistryOperations.initUserRegistry(ALICE);
  describe(LOG, "Creating anonymous accessor");
  RegistryOperations anonOperations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(anonOperations);
  anonOperations.start();
  anonOperations.list(aliceHome);
  expectMkNodeFailure(anonOperations, aliceHome + "/anon");
  expectDeleteFailure(anonOperations, aliceHome, true);
}
 
Example #16
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testAnonNoWriteAccessOffRoot() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  describe(LOG, "testAnonNoWriteAccessOffRoot");
  RegistryOperations operations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(operations);
  operations.start();
  assertFalse("mknode(/)", operations.mknode("/", false));
  expectMkNodeFailure(operations, "/sub");
  expectDeleteFailure(operations, PATH_SYSTEM_SERVICES, true);
}
 
Example #17
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testAnonNoWriteAccess() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  describe(LOG, "testAnonNoWriteAccess");
  RegistryOperations operations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(operations);
  operations.start();

  String servicePath = PATH_SYSTEM_SERVICES + "hdfs";
  expectMkNodeFailure(operations, servicePath);
}
 
Example #18
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testAnonReadAccess() throws Throwable {
  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  describe(LOG, "testAnonReadAccess");
  RegistryOperations operations =
      RegistryOperationsFactory.createAnonymousInstance(zkClientConf);
  addToTeardown(operations);
  operations.start();

  assertFalse("RegistrySecurity.isClientSASLEnabled()==true",
      RegistrySecurity.isClientSASLEnabled());
  operations.list(PATH_SYSTEM_SERVICES);
}
 
Example #19
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * test that ZK can write as itself
 * @throws Throwable
 */
@Test
public void testZookeeperCanWriteUnderSystem() throws Throwable {

  RMRegistryOperationsService rmRegistryOperations =
      startRMRegistryOperations();
  RegistryOperations operations = rmRegistryOperations;
  operations.mknode(PATH_SYSTEM_SERVICES + "hdfs",
      false);
  ZKPathDumper pathDumper = rmRegistryOperations.dumpPath(true);
  LOG.info(pathDumper.toString());
}
 
Example #20
Source File: TestSecureRMRegistryOperations.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testDigestAccess() throws Throwable {
  RMRegistryOperationsService registryAdmin =
      startRMRegistryOperations();
  String id = "username";
  String pass = "password";
  registryAdmin.addWriteAccessor(id, pass);
  List<ACL> clientAcls = registryAdmin.getClientAcls();
  LOG.info("Client ACLS=\n{}", RegistrySecurity.aclsToString(clientAcls));

  String base = "/digested";
  registryAdmin.mknode(base, false);
  List<ACL> baseACLs = registryAdmin.zkGetACLS(base);
  String aclset = RegistrySecurity.aclsToString(baseACLs);
  LOG.info("Base ACLs=\n{}", aclset);
  ACL found = null;
  for (ACL acl : baseACLs) {
    if (ZookeeperConfigOptions.SCHEME_DIGEST.equals(acl.getId().getScheme())) {
      found = acl;
      break;
    }
  }
  assertNotNull("Did not find digest entry in ACLs " + aclset, found);
  zkClientConf.set(KEY_REGISTRY_USER_ACCOUNTS,
      "sasl:[email protected], sasl:other");
  RegistryOperations operations =
      RegistryOperationsFactory.createAuthenticatedInstance(zkClientConf,
          id,
          pass);
  addToTeardown(operations);
  operations.start();
  RegistryOperationsClient operationsClient =
      (RegistryOperationsClient) operations;
  List<ACL> digestClientACLs = operationsClient.getClientAcls();
  LOG.info("digest client ACLs=\n{}",
      RegistrySecurity.aclsToString(digestClientACLs));
  operations.stat(base);
  operations.mknode(base + "/subdir", false);
  ZKPathDumper pathDumper = registryAdmin.dumpPath(true);
  LOG.info(pathDumper.toString());
}
 
Example #21
Source File: TestSecureRMRegistryOperations.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testDigestAccess() throws Throwable {
  RMRegistryOperationsService registryAdmin =
      startRMRegistryOperations();
  String id = "username";
  String pass = "password";
  registryAdmin.addWriteAccessor(id, pass);
  List<ACL> clientAcls = registryAdmin.getClientAcls();
  LOG.info("Client ACLS=\n{}", RegistrySecurity.aclsToString(clientAcls));

  String base = "/digested";
  registryAdmin.mknode(base, false);
  List<ACL> baseACLs = registryAdmin.zkGetACLS(base);
  String aclset = RegistrySecurity.aclsToString(baseACLs);
  LOG.info("Base ACLs=\n{}", aclset);
  ACL found = null;
  for (ACL acl : baseACLs) {
    if (ZookeeperConfigOptions.SCHEME_DIGEST.equals(acl.getId().getScheme())) {
      found = acl;
      break;
    }
  }
  assertNotNull("Did not find digest entry in ACLs " + aclset, found);
  zkClientConf.set(KEY_REGISTRY_USER_ACCOUNTS,
      "sasl:[email protected], sasl:other");
  RegistryOperations operations =
      RegistryOperationsFactory.createAuthenticatedInstance(zkClientConf,
          id,
          pass);
  addToTeardown(operations);
  operations.start();
  RegistryOperationsClient operationsClient =
      (RegistryOperationsClient) operations;
  List<ACL> digestClientACLs = operationsClient.getClientAcls();
  LOG.info("digest client ACLs=\n{}",
      RegistrySecurity.aclsToString(digestClientACLs));
  operations.stat(base);
  operations.mknode(base + "/subdir", false);
  ZKPathDumper pathDumper = registryAdmin.dumpPath(true);
  LOG.info(pathDumper.toString());
}
 
Example #22
Source File: RegistryClient.java    From PoseidonX with Apache License 2.0 4 votes vote down vote up
private void setupInitialRegistryPaths(String serviceUserName) throws IOException {
    if (registryOperations instanceof RMRegistryOperationsService) {
        RMRegistryOperationsService rmRegOperations = (RMRegistryOperationsService) registryOperations;
        rmRegOperations.initUserRegistryAsync(serviceUserName);
    }
}