Repository: hadoop Updated Branches: refs/heads/branch-3.1 44c4928b6 -> 3712b79b3
HADOOP-14212. Expose SecurityEnabled boolean field in JMX for other services besides NameNode. Contributed by Adam Antal. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/78fb14ba Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/78fb14ba Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/78fb14ba Branch: refs/heads/branch-3.1 Commit: 78fb14ba4908cc9222bc5c1239f63f7c203564a0 Parents: 44c4928 Author: Wei-Chiu Chuang <[email protected]> Authored: Tue Aug 14 17:19:00 2018 -0700 Committer: Arpit Agarwal <[email protected]> Committed: Mon Aug 20 14:49:24 2018 -0700 ---------------------------------------------------------------------- .../hadoop/hdfs/server/datanode/DataNode.java | 5 ++ .../hdfs/server/datanode/DataNodeMXBean.java | 7 +++ .../hdfs/server/namenode/SecondaryNameNode.java | 5 ++ .../namenode/SecondaryNameNodeInfoMXBean.java | 7 +++ .../server/datanode/TestDataNodeMXBean.java | 47 +++++++++++++++++- .../server/namenode/TestSecureNameNode.java | 52 +++++++++++++++++++- .../yarn/server/nodemanager/NodeManager.java | 20 +++++++- .../server/resourcemanager/ResourceManager.java | 18 ++++++- 8 files changed, 156 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java index 1e9c57a..4823358 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java @@ -3142,6 +3142,11 @@ public class DataNode extends ReconfigurableBase } } + @Override + public boolean isSecurityEnabled() { + return UserGroupInformation.isSecurityEnabled(); + } + public void refreshNamenodes(Configuration conf) throws IOException { blockPoolManager.refreshNamenodes(conf); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java index b5f0cd0..9d11e14 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNodeMXBean.java @@ -146,4 +146,11 @@ public interface DataNodeMXBean { * @return list of slow disks */ String getSlowDisks(); + + /** + * Gets if security is enabled. + * + * @return true, if security is enabled. + */ + boolean isSecurityEnabled(); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java index ff83e34..4d7b747 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java @@ -722,6 +722,11 @@ public class SecondaryNameNode implements Runnable, return NetUtils.getHostPortString(nameNodeAddr); } + @Override + public boolean isSecurityEnabled() { + return UserGroupInformation.isSecurityEnabled(); + } + @Override // SecondaryNameNodeInfoMXBean public long getStartTime() { return starttime; http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java index 785c5ee..a042dc2 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNodeInfoMXBean.java @@ -32,6 +32,13 @@ public interface SecondaryNameNodeInfoMXBean extends VersionInfoMXBean { public String getHostAndPort(); /** + * Gets if security is enabled. + * + * @return true, if security is enabled. + */ + boolean isSecurityEnabled(); + + /** * @return the timestamp of when the SNN starts */ public long getStartTime(); http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java index 9107aae..3546ad8 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/TestDataNodeMXBean.java @@ -38,6 +38,8 @@ import org.apache.hadoop.fs.Path; import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.DFSTestUtil; import org.apache.hadoop.hdfs.MiniDFSCluster; +import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.test.GenericTestUtils; import org.junit.Assert; import org.junit.Test; @@ -49,7 +51,7 @@ import static org.junit.Assert.assertTrue; /** * Class for testing {@link DataNodeMXBean} implementation */ -public class TestDataNodeMXBean { +public class TestDataNodeMXBean extends SaslDataTransferTestCase { public static final Log LOG = LogFactory.getLog(TestDataNodeMXBean.class); @@ -117,6 +119,49 @@ public class TestDataNodeMXBean { } } } + + @Test + public void testDataNodeMXBeanSecurityEnabled() throws Exception { + Configuration simpleConf = new Configuration(); + Configuration secureConf = createSecureConfig("authentication"); + + // get attribute "SecurityEnabled" with simple configuration + try (MiniDFSCluster cluster = + new MiniDFSCluster.Builder(simpleConf).build()) { + List<DataNode> datanodes = cluster.getDataNodes(); + Assert.assertEquals(datanodes.size(), 1); + DataNode datanode = datanodes.get(0); + + MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); + ObjectName mxbeanName = new ObjectName( + "Hadoop:service=DataNode,name=DataNodeInfo"); + + boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName, + "SecurityEnabled"); + Assert.assertFalse(securityEnabled); + Assert.assertEquals(datanode.isSecurityEnabled(), securityEnabled); + } + + // get attribute "SecurityEnabled" with secure configuration + try (MiniDFSCluster cluster = + new MiniDFSCluster.Builder(secureConf).build()) { + List<DataNode> datanodes = cluster.getDataNodes(); + Assert.assertEquals(datanodes.size(), 1); + DataNode datanode = datanodes.get(0); + + MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); + ObjectName mxbeanName = new ObjectName( + "Hadoop:service=DataNode,name=DataNodeInfo"); + + boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName, + "SecurityEnabled"); + Assert.assertTrue(securityEnabled); + Assert.assertEquals(datanode.isSecurityEnabled(), securityEnabled); + } + + // setting back the authentication method + UserGroupInformation.setConfiguration(simpleConf); + } private static String replaceDigits(final String s) { return s.replaceAll("[0-9]+", "_DIGITS_"); http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java index 6b6ce53..c90a91c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java @@ -22,8 +22,10 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; import java.io.IOException; +import java.lang.management.ManagementFactory; import java.security.PrivilegedExceptionAction; +import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.permission.FsPermission; @@ -33,10 +35,12 @@ import org.apache.hadoop.hdfs.MiniDFSCluster; import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; +import org.junit.Assert; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; - +import javax.management.MBeanServer; +import javax.management.ObjectName; public class TestSecureNameNode extends SaslDataTransferTestCase { final static private int NUM_OF_DATANODES = 0; @@ -117,4 +121,50 @@ public class TestSecureNameNode extends SaslDataTransferTestCase { return; } + /** + * Test NameNodeStatusMXBean with security enabled and disabled. + * + * @throws Exception + */ + @Test + public void testNameNodeStatusMXBeanSecurityEnabled() throws Exception { + Configuration simpleConf = new Configuration(); + Configuration secureConf = createSecureConfig("authentication"); + + // disabling security + UserGroupInformation.setConfiguration(simpleConf); + + // get attribute "SecurityEnabled" with simple configuration + try (MiniDFSCluster cluster = + new MiniDFSCluster.Builder(simpleConf).build()) { + cluster.waitActive(); + NameNode namenode = cluster.getNameNode(); + + MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); + ObjectName mxbeanName = new ObjectName( + "Hadoop:service=NameNode,name=NameNodeStatus"); + + boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName, + "SecurityEnabled"); + Assert.assertFalse(securityEnabled); + Assert.assertEquals(namenode.isSecurityEnabled(), securityEnabled); + } + + // get attribute "SecurityEnabled" with secure configuration + try (MiniDFSCluster cluster = + new MiniDFSCluster.Builder(secureConf).build()) { + cluster.waitActive(); + NameNode namenode = cluster.getNameNode(); + + MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); + ObjectName mxbeanName = new ObjectName( + "Hadoop:service=NameNode,name=NameNodeStatus"); + + boolean securityEnabled = (boolean) mbs.getAttribute(mxbeanName, + "SecurityEnabled"); + Assert.assertTrue(securityEnabled); + Assert.assertEquals(namenode.isSecurityEnabled(), securityEnabled); + } + } + } http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java index c8234bd..b54a6b7 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java @@ -25,8 +25,10 @@ import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem; +import org.apache.hadoop.metrics2.util.MBeans; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.SecurityUtil; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.service.CompositeService; import org.apache.hadoop.util.ExitUtil; import org.apache.hadoop.util.GenericOptionsParser; @@ -87,8 +89,8 @@ import java.util.concurrent.ConcurrentMap; import java.util.concurrent.ConcurrentSkipListMap; import java.util.concurrent.atomic.AtomicBoolean; -public class NodeManager extends CompositeService - implements EventHandler<NodeManagerEvent> { +public class NodeManager extends CompositeService + implements EventHandler<NodeManagerEvent>, NodeManagerMXBean { /** * Node manager return status codes. @@ -470,6 +472,8 @@ public class NodeManager extends CompositeService throw new YarnRuntimeException("Failed NodeManager login", e); } + registerMXBean(); + super.serviceInit(conf); // TODO add local dirs to del } @@ -947,6 +951,18 @@ public class NodeManager extends CompositeService LOG.warn("Invalid shutdown event " + event.getType() + ". Ignoring."); } } + + /** + * Register NodeManagerMXBean. + */ + private void registerMXBean() { + MBeans.register("NodeManager", "NodeManager", this); + } + + @Override + public boolean isSecurityEnabled() { + return UserGroupInformation.isSecurityEnabled(); + } // For testing NodeManager createNewNodeManager() { http://git-wip-us.apache.org/repos/asf/hadoop/blob/78fb14ba/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java index bb85b67..d459f0e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java @@ -33,6 +33,7 @@ import org.apache.hadoop.http.HttpServer2; import org.apache.hadoop.metrics2.MetricsSystem; import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem; import org.apache.hadoop.metrics2.source.JvmMetrics; +import org.apache.hadoop.metrics2.util.MBeans; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; @@ -140,7 +141,8 @@ import java.util.concurrent.atomic.AtomicBoolean; * */ @SuppressWarnings("unchecked") -public class ResourceManager extends CompositeService implements Recoverable { +public class ResourceManager extends CompositeService + implements Recoverable, ResourceManagerMXBean { /** * Priority of the ResourceManager shutdown hook. @@ -337,6 +339,8 @@ public class ResourceManager extends CompositeService implements Recoverable { addIfService(systemMetricsPublisher); rmContext.setSystemMetricsPublisher(systemMetricsPublisher); + registerMXBean(); + super.serviceInit(this.conf); } @@ -1600,4 +1604,16 @@ public class ResourceManager extends CompositeService implements Recoverable { protected RMAppLifetimeMonitor createRMAppLifetimeMonitor() { return new RMAppLifetimeMonitor(this.rmContext); } + + /** + * Register ResourceManagerMXBean. + */ + private void registerMXBean() { + MBeans.register("ResourceManager", "ResourceManager", this); + } + + @Override + public boolean isSecurityEnabled() { + return UserGroupInformation.isSecurityEnabled(); + } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
