@Override public void recover(RMState rmState) throws Exception { LOG.info("recovering RMDelegationTokenSecretManager."); // recover RMDTMasterKeys for (DelegationKey dtKey : rmState.getRMDTSecretManagerState() .getMasterKeyState()) { addKey(dtKey); } // recover RMDelegationTokens Map<RMDelegationTokenIdentifier, Long> rmDelegationTokens = rmState.getRMDTSecretManagerState().getTokenState(); this.delegationTokenSequenceNumber = rmState.getRMDTSecretManagerState().getDTSequenceNumber(); for (Map.Entry<RMDelegationTokenIdentifier, Long> entry : rmDelegationTokens .entrySet()) { addPersistedDelegationToken(entry.getKey(), entry.getValue()); } }
@Override protected void storeRMDTMasterKeyState(DelegationKey masterKey) throws IOException { String dbKey = getRMDTMasterKeyNodeKey(masterKey); if (LOG.isDebugEnabled()) { LOG.debug("Storing token master key to " + dbKey); } ByteArrayOutputStream os = new ByteArrayOutputStream(); DataOutputStream out = new DataOutputStream(os); try { masterKey.write(out); } finally { out.close(); } try { db.put(bytes(dbKey), os.toByteArray()); } catch (DBException e) { throw new IOException(e); } }
@Override protected synchronized void storeRMDTMasterKeyState( DelegationKey delegationKey) throws Exception { String nodeCreatePath = getNodePath(dtMasterKeysRootPath, DELEGATION_KEY_PREFIX + delegationKey.getKeyId()); ByteArrayOutputStream os = new ByteArrayOutputStream(); DataOutputStream fsOut = new DataOutputStream(os); if (LOG.isDebugEnabled()) { LOG.debug("Storing RMDelegationKey_" + delegationKey.getKeyId()); } delegationKey.write(fsOut); try { createWithRetries(nodeCreatePath, os.toByteArray(), zkAcl, CreateMode.PERSISTENT); } finally { os.close(); } }
@Override public synchronized void storeRMDTMasterKeyState(DelegationKey delegationKey) throws Exception { Set<DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.getMasterKeyState(); if (rmDTMasterKeyState.contains(delegationKey)) { IOException e = new IOException("RMDTMasterKey with keyID: " + delegationKey.getKeyId() + " is already stored"); LOG.info("Error storing info for RMDTMasterKey with keyID: " + delegationKey.getKeyId(), e); throw e; } state.getRMDTSecretManagerState().getMasterKeyState().add(delegationKey); LOG.info("Store RMDT master key with key id: " + delegationKey.getKeyId() + ". Currently rmDTMasterKeyState size: " + rmDTMasterKeyState.size()); }
@Override public void storeTokenMasterKey(DelegationKey masterKey) throws IOException { if (LOG.isDebugEnabled()) { LOG.debug("Storing master key " + masterKey.getKeyId()); } ByteArrayOutputStream memStream = new ByteArrayOutputStream(); DataOutputStream dataStream = new DataOutputStream(memStream); try { masterKey.write(dataStream); dataStream.close(); dataStream = null; } finally { IOUtils.cleanup(LOG, dataStream); } String dbKey = getTokenMasterKeyDatabaseKey(masterKey); try { db.put(bytes(dbKey), memStream.toByteArray()); } catch (DBException e) { throw new IOException(e); } }
@Override public void storeTokenMasterKey(DelegationKey key) throws IOException { if (LOG.isDebugEnabled()) { LOG.debug("Storing master key " + key.getKeyId()); } Path keyPath = new Path(tokenKeysStatePath, TOKEN_MASTER_KEY_FILE_PREFIX + key.getKeyId()); if (fs.exists(keyPath)) { throw new IOException(keyPath + " already exists"); } ByteArrayOutputStream memStream = new ByteArrayOutputStream(); DataOutputStream dataStream = new DataOutputStream(memStream); try { key.write(dataStream); dataStream.close(); dataStream = null; } finally { IOUtils.cleanup(LOG, dataStream); } createNewFile(keyPath, memStream.toByteArray()); }
public synchronized void loadSecretManagerState(SecretManagerState state) throws IOException { Preconditions.checkState(!running, "Can't load state from image in a running SecretManager."); currentId = state.section.getCurrentId(); delegationTokenSequenceNumber = state.section.getTokenSequenceNumber(); for (SecretManagerSection.DelegationKey k : state.keys) { addKey(new DelegationKey(k.getId(), k.getExpiryDate(), k.hasKey() ? k .getKey().toByteArray() : null)); } for (SecretManagerSection.PersistToken t : state.tokens) { DelegationTokenIdentifier id = new DelegationTokenIdentifier(new Text( t.getOwner()), new Text(t.getRenewer()), new Text(t.getRealUser())); id.setIssueDate(t.getIssueDate()); id.setMaxDate(t.getMaxDate()); id.setSequenceNumber(t.getSequenceNumber()); id.setMasterKeyId(t.getMasterKeyId()); addPersistedDelegationToken(id, t.getExpiryDate()); } }
/** * Call namesystem to update editlogs for new master key. */ @Override //AbstractDelegationTokenManager protected void logUpdateMasterKey(DelegationKey key) throws IOException { synchronized (noInterruptsLock) { // The edit logging code will fail catastrophically if it // is interrupted during a logSync, since the interrupt // closes the edit log files. Doing this inside the // above lock and then checking interruption status // prevents this bug. if (Thread.interrupted()) { throw new InterruptedIOException( "Interrupted before updating master key"); } namesystem.logUpdateMasterKey(key); } }
/** * Private helper method to load delegation keys from fsimage. * @throws IOException on error */ private synchronized void loadAllKeys(DataInput in) throws IOException { StartupProgress prog = NameNode.getStartupProgress(); Step step = new Step(StepType.DELEGATION_KEYS); prog.beginStep(Phase.LOADING_FSIMAGE, step); int numberOfKeys = in.readInt(); prog.setTotal(Phase.LOADING_FSIMAGE, step, numberOfKeys); Counter counter = prog.getCounter(Phase.LOADING_FSIMAGE, step); for (int i = 0; i < numberOfKeys; i++) { DelegationKey value = new DelegationKey(); value.readFields(in); addKey(value); counter.increment(); } prog.endStep(Phase.LOADING_FSIMAGE, step); }
@Override protected void storeNewMasterKey(DelegationKey newKey) { try { LOG.info("storing master key with keyID " + newKey.getKeyId()); rmContext.getStateStore().storeRMDTMasterKey(newKey); } catch (Exception e) { LOG.error("Error in storing master key with KeyID: " + newKey.getKeyId()); ExitUtil.terminate(1, e); } }
@Override protected void removeStoredMasterKey(DelegationKey key) { try { LOG.info("removing master key with keyID " + key.getKeyId()); rmContext.getStateStore().removeRMDTMasterKey(key); } catch (Exception e) { LOG.error("Error in removing master key with KeyID: " + key.getKeyId()); ExitUtil.terminate(1, e); } }
@Private @VisibleForTesting public synchronized Set<DelegationKey> getAllMasterKeys() { HashSet<DelegationKey> keySet = new HashSet<DelegationKey>(); keySet.addAll(allKeys.values()); return keySet; }
private DelegationKey loadDelegationKey(byte[] data) throws IOException { DelegationKey key = new DelegationKey(); DataInputStream in = new DataInputStream(new ByteArrayInputStream(data)); try { key.readFields(in); } finally { IOUtils.cleanup(LOG, in); } return key; }
@Override protected void removeRMDTMasterKeyState(DelegationKey masterKey) throws IOException { String dbKey = getRMDTMasterKeyNodeKey(masterKey); if (LOG.isDebugEnabled()) { LOG.debug("Removing token master key at " + dbKey); } try { db.delete(bytes(dbKey)); } catch (DBException e) { throw new IOException(e); } }
private void loadRMDelegationKeyState(RMState rmState) throws Exception { List<String> childNodes = getChildrenWithRetries(dtMasterKeysRootPath, false); for (String childNodeName : childNodes) { String childNodePath = getNodePath(dtMasterKeysRootPath, childNodeName); byte[] childData = getDataWithRetries(childNodePath, false); if (childData == null) { LOG.warn("Content of " + childNodePath + " is broken."); continue; } ByteArrayInputStream is = new ByteArrayInputStream(childData); DataInputStream fsIn = new DataInputStream(is); try { if (childNodeName.startsWith(DELEGATION_KEY_PREFIX)) { DelegationKey key = new DelegationKey(); key.readFields(fsIn); rmState.rmSecretManagerState.masterKeyState.add(key); if (LOG.isDebugEnabled()) { LOG.debug("Loaded delegation key: keyId=" + key.getKeyId() + ", expirationDate=" + key.getExpiryDate()); } } } finally { is.close(); } } }
@Override protected synchronized void removeRMDTMasterKeyState( DelegationKey delegationKey) throws Exception { String nodeRemovePath = getNodePath(dtMasterKeysRootPath, DELEGATION_KEY_PREFIX + delegationKey.getKeyId()); if (LOG.isDebugEnabled()) { LOG.debug("Removing RMDelegationKey_" + delegationKey.getKeyId()); } if (existsWithRetries(nodeRemovePath, false) != null) { doDeleteMultiWithRetries(Op.delete(nodeRemovePath, -1)); } else { LOG.debug("Attempted to delete a non-existing znode " + nodeRemovePath); } }
@Override public synchronized void removeRMDTMasterKeyState(DelegationKey delegationKey) throws Exception { LOG.info("Remove RMDT master key with key id: " + delegationKey.getKeyId()); Set<DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.getMasterKeyState(); rmDTMasterKeyState.remove(delegationKey); }
@Override public synchronized void storeRMDTMasterKeyState(DelegationKey masterKey) throws Exception { Path nodeCreatePath = getNodePath(rmDTSecretManagerRoot, DELEGATION_KEY_PREFIX + masterKey.getKeyId()); ByteArrayOutputStream os = new ByteArrayOutputStream(); try (DataOutputStream fsOut = new DataOutputStream(os)) { LOG.info("Storing RMDelegationKey_" + masterKey.getKeyId()); masterKey.write(fsOut); writeFileWithRetries(nodeCreatePath, os.toByteArray(), true); } }
@Override public synchronized void removeRMDTMasterKeyState(DelegationKey masterKey) throws Exception { Path nodeCreatePath = getNodePath(rmDTSecretManagerRoot, DELEGATION_KEY_PREFIX + masterKey.getKeyId()); LOG.info("Removing RMDelegationKey_"+ masterKey.getKeyId()); deleteFileWithRetries(nodeCreatePath); }
@Test(timeout = 15000) public void testRemoveExpiredMasterKeyInRMStateStore() throws Exception { MemoryRMStateStore memStore = new MemoryRMStateStore(); memStore.init(conf); RMState rmState = memStore.getState(); Set<DelegationKey> rmDTMasterKeyState = rmState.getRMDTSecretManagerState().getMasterKeyState(); MockRM rm1 = new MyMockRM(conf, memStore); rm1.start(); RMDelegationTokenSecretManager dtSecretManager = rm1.getRMContext().getRMDelegationTokenSecretManager(); // assert all master keys are saved Assert.assertEquals(dtSecretManager.getAllMasterKeys(), rmDTMasterKeyState); Set<DelegationKey> expiringKeys = new HashSet<DelegationKey>(); expiringKeys.addAll(dtSecretManager.getAllMasterKeys()); // wait for expiringKeys to expire while (true) { boolean allExpired = true; for (DelegationKey key : expiringKeys) { if (rmDTMasterKeyState.contains(key)) { allExpired = false; } } if (allExpired) break; Thread.sleep(500); } }
public synchronized DelegationKey checkCurrentKeyInStateStore( Set<DelegationKey> rmDTMasterKeyState) { for (int keyId : allKeys.keySet()) { if (keyId == currentId) { DelegationKey currentKey = allKeys.get(keyId); Assert.assertTrue(rmDTMasterKeyState.contains(currentKey)); return currentKey; } } return null; }
@Override protected void storeNewMasterKey(DelegationKey key) throws IOException { if (LOG.isDebugEnabled()) { LOG.debug("Storing master key " + key.getKeyId()); } try { if (stateStore != null) { stateStore.storeTokenMasterKey(key); } } catch (IOException e) { LOG.error("Unable to store master key " + key.getKeyId(), e); } }
@Override protected void removeStoredMasterKey(DelegationKey key) { if (LOG.isDebugEnabled()) { LOG.debug("Removing master key " + key.getKeyId()); } try { if (stateStore != null) { stateStore.removeTokenMasterKey(key); } } catch (IOException e) { LOG.error("Unable to remove master key " + key.getKeyId(), e); } }
public void recover(TimelineServiceState state) throws IOException { LOG.info("Recovering " + getClass().getSimpleName()); for (DelegationKey key : state.getTokenMasterKeyState()) { addKey(key); } this.delegationTokenSequenceNumber = state.getLatestSequenceNumber(); for (Entry<TimelineDelegationTokenIdentifier, Long> entry : state.getTokenState().entrySet()) { addPersistedDelegationToken(entry.getKey(), entry.getValue()); } }
@Override public void storeTokenMasterKey(DelegationKey key) throws IOException { try { byte[] k = createTokenMasterKeyEntryKey(key.getKeyId()); if (db.get(k) != null) { throw new IOException(key + " already exists"); } byte[] v = buildTokenMasterKeyData(key); db.put(k, v); } catch (DBException e) { throw new IOException(e); } }
@Override public void removeTokenMasterKey(DelegationKey key) throws IOException { try { byte[] k = createTokenMasterKeyEntryKey(key.getKeyId()); db.delete(k); } catch (DBException e) { throw new IOException(e); } }
private static byte[] buildTokenMasterKeyData(DelegationKey key) throws IOException { ByteArrayOutputStream memStream = new ByteArrayOutputStream(); DataOutputStream dataStream = new DataOutputStream(memStream); try { key.write(dataStream); dataStream.close(); } finally { IOUtils.cleanup(LOG, dataStream); } return memStream.toByteArray(); }
