org.apache.hadoop.hbase.ipc.RpcServer Java Examples

The following examples show how to use org.apache.hadoop.hbase.ipc.RpcServer. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RangerAuthorizationCoprocessor.java    From ranger with Apache License 2.0 6 votes vote down vote up
private String getRemoteAddress() {
	InetAddress remoteAddr = null;
	try {
		remoteAddr = RpcServer.getRemoteAddress().get();
	} catch (NoSuchElementException e) {
		LOG.info("Unable to get remote Address");
	}

	if(remoteAddr == null) {
		remoteAddr = RpcServer.getRemoteIp();
	}

	String strAddr = remoteAddr != null ? remoteAddr.getHostAddress() : null;

	return strAddr;
}
 
Example #2
Source File: AbstractFSWAL.java    From hbase with Apache License 2.0 6 votes vote down vote up
protected final long stampSequenceIdAndPublishToRingBuffer(RegionInfo hri, WALKeyImpl key,
  WALEdit edits, boolean inMemstore, RingBuffer<RingBufferTruck> ringBuffer)
  throws IOException {
  if (this.closed) {
    throw new IOException(
      "Cannot append; log is closed, regionName = " + hri.getRegionNameAsString());
  }
  MutableLong txidHolder = new MutableLong();
  MultiVersionConcurrencyControl.WriteEntry we = key.getMvcc().begin(() -> {
    txidHolder.setValue(ringBuffer.next());
  });
  long txid = txidHolder.longValue();
  ServerCall<?> rpcCall = RpcServer.getCurrentCall().filter(c -> c instanceof ServerCall)
    .filter(c -> c.getCellScanner() != null).map(c -> (ServerCall) c).orElse(null);
  try (TraceScope scope = TraceUtil.createTrace(implClassName + ".append")) {
    FSWALEntry entry = new FSWALEntry(txid, key, edits, hri, inMemstore, rpcCall);
    entry.stampRegionSequenceId(we);
    ringBuffer.get(txid).load(entry);
  } finally {
    ringBuffer.publish(txid);
  }
  return txid;
}
 
Example #3
Source File: HMaster.java    From hbase with Apache License 2.0 6 votes vote down vote up
/**
 * @return Get remote side's InetAddress
 */
InetAddress getRemoteInetAddress(final int port,
    final long serverStartCode) throws UnknownHostException {
  // Do it out here in its own little method so can fake an address when
  // mocking up in tests.
  InetAddress ia = RpcServer.getRemoteIp();

  // The call could be from the local regionserver,
  // in which case, there is no remote address.
  if (ia == null && serverStartCode == startcode) {
    InetSocketAddress isa = rpcServices.getSocketAddress();
    if (isa != null && isa.getPort() == port) {
      ia = isa.getAddress();
    }
  }
  return ia;
}
 
Example #4
Source File: RegionServerRpcQuotaManager.java    From hbase with Apache License 2.0 6 votes vote down vote up
/**
 * Check the quota for the current (rpc-context) user.
 * Returns the OperationQuota used to get the available quota and
 * to report the data/usage of the operation.
 * @param region the region where the operation will be performed
 * @param numWrites number of writes to perform
 * @param numReads number of short-reads to perform
 * @param numScans number of scan to perform
 * @return the OperationQuota
 * @throws RpcThrottlingException if the operation cannot be executed due to quota exceeded.
 */
private OperationQuota checkQuota(final Region region,
    final int numWrites, final int numReads, final int numScans)
    throws IOException, RpcThrottlingException {
  Optional<User> user = RpcServer.getRequestUser();
  UserGroupInformation ugi;
  if (user.isPresent()) {
    ugi = user.get().getUGI();
  } else {
    ugi = User.getCurrent().getUGI();
  }
  TableName table = region.getTableDescriptor().getTableName();

  OperationQuota quota = getQuota(ugi, table);
  try {
    quota.checkQuota(numWrites, numReads, numScans);
  } catch (RpcThrottlingException e) {
    LOG.debug("Throttling exception for user=" + ugi.getUserName() +
              " table=" + table + " numWrites=" + numWrites +
              " numReads=" + numReads + " numScans=" + numScans +
              ": " + e.getMessage());
    throw e;
  }
  return quota;
}
 
Example #5
Source File: TestTokenAuthentication.java    From hbase with Apache License 2.0 6 votes vote down vote up
@Override
public AuthenticationProtos.GetAuthenticationTokenResponse getAuthenticationToken(
    RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request)
  throws ServiceException {
  LOG.debug("Authentication token request from " + RpcServer.getRequestUserName().orElse(null));
  // Ignore above passed in controller -- it is always null
  ServerRpcController serverController = new ServerRpcController();
  final BlockingRpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse>
    callback = new BlockingRpcCallback<>();
  getAuthenticationToken(null, request, callback);
  try {
    serverController.checkFailed();
    return callback.get();
  } catch (IOException ioe) {
    throw new ServiceException(ioe);
  }
}
 
Example #6
Source File: TestTokenAuthentication.java    From hbase with Apache License 2.0 6 votes vote down vote up
@Override
public AuthenticationProtos.WhoAmIResponse whoAmI(
    RpcController controller, AuthenticationProtos.WhoAmIRequest request)
  throws ServiceException {
  LOG.debug("whoAmI() request from " + RpcServer.getRequestUserName().orElse(null));
  // Ignore above passed in controller -- it is always null
  ServerRpcController serverController = new ServerRpcController();
  BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse> callback =
      new BlockingRpcCallback<>();
  whoAmI(null, request, callback);
  try {
    serverController.checkFailed();
    return callback.get();
  } catch (IOException ioe) {
    throw new ServiceException(ioe);
  }
}
 
Example #7
Source File: TokenProvider.java    From hbase with Apache License 2.0 6 votes vote down vote up
@Override
public void start(CoprocessorEnvironment env) {
  // if running at region
  if (env instanceof RegionCoprocessorEnvironment) {
    RegionCoprocessorEnvironment regionEnv = (RegionCoprocessorEnvironment)env;
    /* Getting the RpcServer from a RegionCE is wrong. There cannot be an expectation that Region
     is hosted inside a RegionServer. If you need RpcServer, then pass in a RegionServerCE.
     TODO: FIX.
     */
    RegionServerServices rss = ((HasRegionServerServices)regionEnv).getRegionServerServices();
    RpcServerInterface server = rss.getRpcServer();
    SecretManager<?> mgr = ((RpcServer)server).getSecretManager();
    if (mgr instanceof AuthenticationTokenSecretManager) {
      secretManager = (AuthenticationTokenSecretManager)mgr;
    }
  }
}
 
Example #8
Source File: SIObserver.java    From spliceengine with GNU Affero General Public License v3.0 6 votes vote down vote up
protected void checkAccess() throws AccessDeniedException {
    if (!spliceTable)
        return;

    if (!UserGroupInformation.isSecurityEnabled())
        return;

    User user = RpcServer.getRequestUser().get();
    if (user == null || user.getShortName().equalsIgnoreCase("hbase"))
        return;

    if (RpcUtils.isAccessAllowed())
        return;

    if (!authTokenEnabled && authManager.authorize(user, Permission.Action.ADMIN))
        return;

    throw new AccessDeniedException("Insufficient permissions for user " +
            user.getShortName());
}
 
Example #9
Source File: TestSerialReplicationEndpoint.java    From hbase with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  UTIL.startMiniCluster();
  CONF = UTIL.getConfiguration();
  CONF.setLong(RpcServer.MAX_REQUEST_SIZE, 102400);
  CONN = UTIL.getConnection();
}
 
Example #10
Source File: ObserverContextImpl.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Instantiates a new ObserverContext instance if the passed reference is <code>null</code> and
 * sets the environment in the new or existing instance. This allows deferring the instantiation
 * of a ObserverContext until it is actually needed.
 * @param <E> The environment type for the context
 * @param env The coprocessor environment to set
 * @return An instance of <code>ObserverContext</code> with the environment set
 */
@Deprecated
@VisibleForTesting
// TODO: Remove this method, ObserverContext should not depend on RpcServer
public static <E extends CoprocessorEnvironment> ObserverContext<E> createAndPrepare(E env) {
  ObserverContextImpl<E> ctx = new ObserverContextImpl<>(RpcServer.getRequestUser().orElse(null));
  ctx.prepare(env);
  return ctx;
}
 
Example #11
Source File: ReplicateHRegionServer.java    From DataLink with Apache License 2.0 5 votes vote down vote up
private List<RpcServer.BlockingServiceAndInterface> getServices() {
    List<RpcServer.BlockingServiceAndInterface> bssi = new ArrayList<>(1);
    bssi.add(new RpcServer.BlockingServiceAndInterface(
            AdminProtos.AdminService.newReflectiveBlockingService(this),
            AdminProtos.AdminService.BlockingInterface.class));
    return bssi;
}
 
Example #12
Source File: MetaTableMetrics.java    From hbase with Apache License 2.0 5 votes vote down vote up
private void clientMetricRegisterAndMark() {
  // Mark client metric
  String clientIP = RpcServer.getRemoteIp() != null ? RpcServer.getRemoteIp().toString() : null;
  if (clientIP == null || clientIP.isEmpty()) {
    return;
  }
  String clientRequestMeter = clientRequestMeterName(clientIP);
  clientMetricsLossyCounting.add(clientRequestMeter);
  registerAndMarkMeter(clientRequestMeter);
}
 
Example #13
Source File: MetricsUserAggregateImpl.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Returns the active user to which authorization checks should be applied.
 * If we are in the context of an RPC call, the remote user is used,
 * otherwise the currently logged in user is used.
 */
private String getActiveUser() {
  Optional<User> user = RpcServer.getRequestUser();
  if (!user.isPresent()) {
    // for non-rpc handling, fallback to system user
    try {
      user = Optional.of(userProvider.getCurrent());
    } catch (IOException ignore) {
    }
  }
  return user.map(User::getShortName).orElse(null);
}
 
Example #14
Source File: SecureBulkLoadManager.java    From hbase with Apache License 2.0 5 votes vote down vote up
private User getActiveUser() throws IOException {
  // for non-rpc handling, fallback to system user
  User user = RpcServer.getRequestUser().orElse(userProvider.getCurrent());
  // this is for testing
  if (userProvider.isHadoopSecurityEnabled() &&
      "simple".equalsIgnoreCase(conf.get(User.HBASE_SECURITY_CONF_KEY))) {
    return User.createUserForTesting(conf, user.getShortName(), new String[] {});
  }

  return user;
}
 
Example #15
Source File: SepConsumer.java    From hbase-indexer with Apache License 2.0 5 votes vote down vote up
private List<RpcServer.BlockingServiceAndInterface> getServices() {
    List<RpcServer.BlockingServiceAndInterface> bssi = new ArrayList<RpcServer.BlockingServiceAndInterface>(1);
    bssi.add(new RpcServer.BlockingServiceAndInterface(
            AdminProtos.AdminService.newReflectiveBlockingService(this),
            AdminProtos.AdminService.BlockingInterface.class));
    return bssi;
}
 
Example #16
Source File: RSRpcServices.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Override
public void logBatchWarning(String firstRegionName, int sum, int rowSizeWarnThreshold) {
  if (LOG.isWarnEnabled()) {
    LOG.warn("Large batch operation detected (greater than " + rowSizeWarnThreshold
        + ") (HBASE-18023)." + " Requested Number of Rows: " + sum + " Client: "
        + RpcServer.getRequestUserName().orElse(null) + "/"
        + RpcServer.getRemoteAddress().orElse(null)
        + " first region in multi=" + firstRegionName);
  }
}
 
Example #17
Source File: RSRpcServices.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Override
@QosPriority(priority=HConstants.ADMIN_QOS)
public ClearCompactionQueuesResponse clearCompactionQueues(RpcController controller,
  ClearCompactionQueuesRequest request) throws ServiceException {
  LOG.debug("Client=" + RpcServer.getRequestUserName().orElse(null) + "/"
      + RpcServer.getRemoteAddress().orElse(null) + " clear compactions queue");
  ClearCompactionQueuesResponse.Builder respBuilder = ClearCompactionQueuesResponse.newBuilder();
  requestCount.increment();
  if (clearCompactionQueues.compareAndSet(false,true)) {
    try {
      checkOpen();
      regionServer.getRegionServerCoprocessorHost().preClearCompactionQueues();
      for (String queueName : request.getQueueNameList()) {
        LOG.debug("clear " + queueName + " compaction queue");
        switch (queueName) {
          case "long":
            regionServer.compactSplitThread.clearLongCompactionsQueue();
            break;
          case "short":
            regionServer.compactSplitThread.clearShortCompactionsQueue();
            break;
          default:
            LOG.warn("Unknown queue name " + queueName);
            throw new IOException("Unknown queue name " + queueName);
        }
      }
      regionServer.getRegionServerCoprocessorHost().postClearCompactionQueues();
    } catch (IOException ie) {
      throw new ServiceException(ie);
    } finally {
      clearCompactionQueues.set(false);
    }
  } else {
    LOG.warn("Clear compactions queue is executing by other admin.");
  }
  return respBuilder.build();
}
 
Example #18
Source File: PhoenixAccessController.java    From phoenix with Apache License 2.0 5 votes vote down vote up
private void logResult(AuthResult result) {
    if (AUDITLOG.isTraceEnabled()) {
        Optional<InetAddress> remoteAddr = RpcServer.getRemoteAddress();
        AUDITLOG.trace("Access " + (result.isAllowed() ? "allowed" : "denied") + " for user "
                + (result.getUser() != null ? result.getUser().getShortName() : "UNKNOWN") + "; reason: "
                + result.getReason() + "; remote address: " + (remoteAddr.isPresent() ? remoteAddr.get() : "") + "; request: "
                + result.getRequest() + "; context: " + result.toContextString());
    }
}
 
Example #19
Source File: TestSecureIPC.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Test
public void testRpcFallbackToSimpleAuth() throws Exception {
  String clientUsername = "testuser";
  UserGroupInformation clientUgi = UserGroupInformation.createUserForTesting(clientUsername,
    new String[] { clientUsername });

  // check that the client user is insecure
  assertNotSame(ugi, clientUgi);
  assertEquals(AuthenticationMethod.SIMPLE, clientUgi.getAuthenticationMethod());
  assertEquals(clientUsername, clientUgi.getUserName());

  clientConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");
  serverConf.setBoolean(RpcServer.FALLBACK_TO_INSECURE_CLIENT_AUTH, true);
  callRpcService(User.create(clientUgi));
}
 
Example #20
Source File: TestSecureIPC.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Sets up a RPC Server and a Client. Does a RPC checks the result. If an exception is thrown from
 * the stub, this function will throw root cause of that exception.
 */
private void callRpcService(User clientUser) throws Exception {
  SecurityInfo securityInfoMock = Mockito.mock(SecurityInfo.class);
  Mockito.when(securityInfoMock.getServerPrincipal())
      .thenReturn(HBaseKerberosUtils.KRB_PRINCIPAL);
  SecurityInfo.addInfo("TestProtobufRpcProto", securityInfoMock);

  InetSocketAddress isa = new InetSocketAddress(HOST, 0);

  RpcServerInterface rpcServer = RpcServerFactory.createRpcServer(null, "AbstractTestSecureIPC",
      Lists.newArrayList(new RpcServer.BlockingServiceAndInterface((BlockingService) SERVICE, null)), isa,
      serverConf, new FifoRpcScheduler(serverConf, 1));
  rpcServer.start();
  try (RpcClient rpcClient = RpcClientFactory.createClient(clientConf,
    HConstants.DEFAULT_CLUSTER_ID.toString())) {
    BlockingInterface stub = newBlockingStub(rpcClient, rpcServer.getListenerAddress(),
      clientUser);
    TestThread th1 = new TestThread(stub);
    final Throwable exception[] = new Throwable[1];
    Collections.synchronizedList(new ArrayList<Throwable>());
    Thread.UncaughtExceptionHandler exceptionHandler = new Thread.UncaughtExceptionHandler() {
      @Override
      public void uncaughtException(Thread th, Throwable ex) {
        exception[0] = ex;
      }
    };
    th1.setUncaughtExceptionHandler(exceptionHandler);
    th1.start();
    th1.join();
    if (exception[0] != null) {
      // throw root cause.
      while (exception[0].getCause() != null) {
        exception[0] = exception[0].getCause();
      }
      throw (Exception) exception[0];
    }
  } finally {
    rpcServer.stop();
  }
}
 
Example #21
Source File: HadoopShim.java    From pentaho-hadoop-shims with Apache License 2.0 5 votes vote down vote up
@Override
public Class[] getHbaseDependencyClasses() {
  return new Class[] {
    HConstants.class, org.apache.hadoop.hbase.protobuf.generated.ClientProtos.class,
    org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.class, Put.class,
    RpcServer.class, CompatibilityFactory.class, JobUtil.class, TableMapper.class, FastLongHistogram.class,
    Snapshot.class, ZooKeeper.class, Channel.class, Message.class, UnsafeByteOperations.class, Lists.class,
    Tracer.class, MetricRegistry.class, ArrayUtils.class, ObjectMapper.class, Versioned.class, JsonView.class,
    ZKWatcher.class
  };
}
 
Example #22
Source File: HadoopShim.java    From pentaho-hadoop-shims with Apache License 2.0 5 votes vote down vote up
@Override
public Class[] getHbaseDependencyClasses() {
  return new Class[] {
    HConstants.class, org.apache.hadoop.hbase.protobuf.generated.ClientProtos.class,
    org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.class, Put.class,
    RpcServer.class, CompatibilityFactory.class, JobUtil.class, TableMapper.class, FastLongHistogram.class,
    Snapshot.class, ZooKeeper.class, Channel.class, Message.class, UnsafeByteOperations.class, Lists.class,
    Tracer.class, MetricRegistry.class, ArrayUtils.class, ObjectMapper.class, Versioned.class, JsonView.class,
    ZKWatcher.class
  };
}
 
Example #23
Source File: TestRegionProcedureStore.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Test for HBASE-23895
 */
@Test
public void testInsertWithRpcCall() throws Exception {
  RpcServer.setCurrentCall(newRpcCallWithDeadline());
  RegionProcedureStoreTestProcedure proc1 = new RegionProcedureStoreTestProcedure();
  store.insert(proc1, null);
  RpcServer.setCurrentCall(null);
}
 
Example #24
Source File: TestRSGroupsWithACL.java    From hbase with Apache License 2.0 5 votes vote down vote up
private User getActiveUser() throws IOException {
  // for non-rpc handling, fallback to system user
  Optional<User> optionalUser = RpcServer.getRequestUser();
  if (optionalUser.isPresent()) {
    return optionalUser.get();
  }
  return userProvider.getCurrent();
}
 
Example #25
Source File: HadoopShim.java    From pentaho-hadoop-shims with Apache License 2.0 5 votes vote down vote up
@Override
public Class[] getHbaseDependencyClasses() {
  return new Class[] {
    HConstants.class, org.apache.hadoop.hbase.protobuf.generated.ClientProtos.class,
    org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.class, Put.class,
    RpcServer.class, CompatibilityFactory.class, JobUtil.class, TableMapper.class, FastLongHistogram.class,
    Snapshot.class, ZooKeeper.class, Channel.class, Message.class, UnsafeByteOperations.class, Lists.class,
    Tracer.class, MetricRegistry.class, ArrayUtils.class, ObjectMapper.class, Versioned.class,
    JsonView.class, ZKWatcher.class, CacheLoader.class
  };
}
 
Example #26
Source File: PhoenixAccessController.java    From phoenix with Apache License 2.0 5 votes vote down vote up
private User getActiveUser() throws IOException {
    Optional<User> user = RpcServer.getRequestUser();
    if (!user.isPresent()) {
        // for non-rpc handling, fallback to system user
        return userProvider.getCurrent();
    }
    return user.get();
}
 
Example #27
Source File: MasterRpcServices.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Override
public RevokeResponse revoke(RpcController controller, RevokeRequest request)
    throws ServiceException {
  try {
    master.checkInitialized();
    if (master.cpHost != null && hasAccessControlServiceCoprocessor(master.cpHost)) {
      final UserPermission userPermission =
          ShadedAccessControlUtil.toUserPermission(request.getUserPermission());
      master.cpHost.preRevoke(userPermission);
      try (Table table = master.getConnection().getTable(PermissionStorage.ACL_TABLE_NAME)) {
        PermissionStorage.removeUserPermission(master.getConfiguration(), userPermission, table);
      }
      master.cpHost.postRevoke(userPermission);
      User caller = RpcServer.getRequestUser().orElse(null);
      if (AUDITLOG.isTraceEnabled()) {
        // audit log should record all permission changes
        String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
        AUDITLOG.trace("User {} (remote address: {}) revoked permission {}", caller,
          remoteAddress, userPermission);
      }
      return RevokeResponse.getDefaultInstance();
    } else {
      throw new DoNotRetryIOException(
          new UnsupportedOperationException(AccessController.class.getName() + " is not loaded"));
    }
  } catch (IOException ioe) {
    throw new ServiceException(ioe);
  }
}
 
Example #28
Source File: RangerAuthorizationCoprocessor.java    From ranger with Apache License 2.0 5 votes vote down vote up
private void requireScannerOwner(ObserverContext<?> ctx, InternalScanner s) throws AccessDeniedException {
    if (!RpcServer.isInRpcCallContext()) {
      return;
    }

    User user = getActiveUser(ctx);
 String requestUserName = user.getShortName();
    String owner = scannerOwners.get(s);
    if (owner != null && !owner.equals(requestUserName)) {
      throw new AccessDeniedException("User '"+ requestUserName +"' is not the scanner owner!");
    }	
}
 
Example #29
Source File: Export.java    From hbase with Apache License 2.0 5 votes vote down vote up
private static User getActiveUser(final UserProvider userProvider, final Token userToken)
    throws IOException {
  User user = RpcServer.getRequestUser().orElse(userProvider.getCurrent());
  if (user == null && userToken != null) {
    LOG.warn("No found of user credentials, but a token was got from user request");
  } else if (user != null && userToken != null) {
    user.addToken(userToken);
  }
  return user;
}
 
Example #30
Source File: VisibilityController.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Verify, when servicing an RPC, that the caller is the scanner owner. If so, we assume that
 * access control is correctly enforced based on the checks performed in preScannerOpen()
 */
private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
  if (!RpcServer.isInRpcCallContext())
    return;
  String requestUName = RpcServer.getRequestUserName().orElse(null);
  String owner = scannerOwners.get(s);
  if (authorizationEnabled && owner != null && !owner.equals(requestUName)) {
    throw new AccessDeniedException("User '" + requestUName + "' is not the scanner owner!");
  }
}