public synchronized ServerContext getServerContext() { if (context == null) { if (instance == null) { context = new ServerContext(new SiteConfiguration()); } else { context = new ServerContext(new SiteConfiguration(), getClientProperties()); } } return context; } }
/** * Create warning message related to initial password, if appropriate. * * ACCUMULO-2907 Remove unnecessary security warning from console message unless its actually * appropriate. The warning message should only be displayed when the value of * <code>instance.security.authenticator</code> differs between the SiteConfiguration and the * DefaultConfiguration values. * * @return String containing warning portion of console message. */ private String getInitialPasswordWarning(SiteConfiguration siteConfig) { String optionalWarning; Property authenticatorProperty = Property.INSTANCE_SECURITY_AUTHENTICATOR; if (siteConfig.get(authenticatorProperty).equals(authenticatorProperty.getDefaultValue())) optionalWarning = ": "; else optionalWarning = " (this may not be applicable for your security setup): "; return optionalWarning; }
SiteConfiguration siteConf = new SiteConfiguration(); Configuration hadoopConf = new Configuration(); if (siteConf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { SecurityUtil.serverLogin(siteConf); String path = siteConf.get(Property.TRACE_ZK_PATH); try { zapDirectory(zoo, path, opts);
public static SystemCredentials get(String instanceID, SiteConfiguration siteConfig) { String principal = SYSTEM_PRINCIPAL; if (siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { // Use the server's kerberos principal as the Accumulo principal. We could also unwrap the // principal server-side, but the principal for SystemCredentials // isn't actually used anywhere, so it really doesn't matter. We can't include the kerberos // principal in the SystemToken as it would break equality when // different Accumulo servers are using different kerberos principals are their accumulo // principal principal = SecurityUtil .getServerPrincipal(siteConfig.get(Property.GENERAL_KERBEROS_PRINCIPAL)); } return new SystemCredentials(instanceID, principal, SystemToken.get(instanceID, siteConfig)); }
public static void main(String[] args) { opts.parseArgs(ListInstances.class.getName(), args); if (opts.keepers == null) { SiteConfiguration siteConfig = new SiteConfiguration(); opts.keepers = siteConfig.get(Property.INSTANCE_ZK_HOST); } String keepers = opts.keepers; boolean printAll = opts.printAll; boolean printErrors = opts.printErrors; listInstances(keepers, printAll, printErrors); }
ServerInfo(SiteConfiguration config) { SingletonManager.setMode(Mode.SERVER); siteConfig = config; hadoopConf = new Configuration(); try { volumeManager = VolumeManagerImpl.get(siteConfig, hadoopConf); } catch (IOException e) { throw new IllegalStateException(e); } Path instanceIdPath = ServerUtil.getAccumuloInstanceIdPath(volumeManager); instanceID = ZooUtil.getInstanceIDFromHdfs(instanceIdPath, config, hadoopConf); zooKeepers = config.get(Property.INSTANCE_ZK_HOST); zooKeepersSessionTimeOut = (int) config.getTimeInMillis(Property.INSTANCE_ZK_TIMEOUT); zooCache = new ZooCacheFactory().getZooCache(zooKeepers, zooKeepersSessionTimeOut); instanceName = InstanceOperationsImpl.lookupInstanceName(zooCache, UUID.fromString(instanceID)); }
public synchronized SiteConfiguration getSiteConfiguration() { if (siteConfig == null) { checkPermissions(); siteConfig = SiteConfiguration.getInstance(); } return siteConfig; }
private static String getDefaultKeyPassword() { return SiteConfiguration.getInstance().get(Property.INSTANCE_SECRET); }
protected static PermissionHandler getPermHandler(String instanceId, boolean initialize) { PermissionHandler toRet = SiteConfiguration.getInstance().instantiateClassProperty( Property.INSTANCE_SECURITY_PERMISSION_HANDLER, PermissionHandler.class, ZKPermHandler.getInstance()); toRet.initialize(instanceId, initialize); return toRet; }
String[] configuredVolumes = VolumeConfiguration.getVolumeUris(SiteConfiguration.getInstance()); final String rootTabletDir = new Path(fs.choose(Optional.<String> absent(), configuredVolumes) + Path.SEPARATOR + ServerConstants.TABLE_DIR + Path.SEPARATOR + RootTable.ID log.error("FATAL Failed to initialize filesystem", e); if (SiteConfiguration.getInstance().get(Property.INSTANCE_VOLUMES).trim().equals("")) { Configuration fsConf = CachedConfiguration.getInstance(); if (siteConf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { final UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); final String accumuloKeytab = siteConf.get(Property.GENERAL_KERBEROS_KEYTAB), accumuloPrincipal = siteConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
log.error("FATAL Failed to initialize filesystem", e); if (siteConfig.get(Property.INSTANCE_VOLUMES).trim().equals("")) { if (siteConf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { final UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); final String accumuloKeytab = siteConf.get(Property.GENERAL_KERBEROS_KEYTAB), accumuloPrincipal = siteConf.get(Property.GENERAL_KERBEROS_PRINCIPAL); + " Properties that cannot be set in Zookeeper will be skipped:"); Map<String,String> entries = new TreeMap<>(); siteConfig.getProperties(entries, x -> true, false); for (Map.Entry<String,String> entry : entries.entrySet()) { String key = entry.getKey();
EasyMock.expect(siteConfig.get(EasyMock.anyObject(Property.class))) .andAnswer(new IAnswer<String>() { @Override EasyMock.expect(siteConfig.getBoolean(EasyMock.anyObject(Property.class))) .andAnswer(new IAnswer<Boolean>() { @Override EasyMock.expect(siteConfig.iterator()).andAnswer(new IAnswer<Iterator<Entry<String,String>>>() { @Override public Iterator<Entry<String,String>> answer() {
@Override public boolean saslEnabled() { return getSiteConfiguration().getBoolean(Property.INSTANCE_RPC_SASL_ENABLED); }
@Override public void getProperties(Map<String,String> props, Predicate<String> filter) { getProperties(props, filter, true); }
@Override public int getZooKeepersSessionTimeOut() { return (int) ServerConfiguration.getSiteConfiguration().getTimeInMillis(Property.INSTANCE_ZK_TIMEOUT); }
public static VolumeManager get() throws IOException { AccumuloConfiguration conf = SiteConfiguration.getInstance(); return get(conf); }
public static void main(String[] args) { opts.parseArgs(ListInstances.class.getName(), args); if (opts.keepers == null) { opts.keepers = SiteConfiguration.getInstance().get(Property.INSTANCE_ZK_HOST); } String keepers = opts.keepers; boolean printAll = opts.printAll; boolean printErrors = opts.printErrors; listInstances(keepers, printAll, printErrors); }
protected static Authorizor getAuthorizor(String instanceId, boolean initialize) { Authorizor toRet = SiteConfiguration.getInstance().instantiateClassProperty( Property.INSTANCE_SECURITY_AUTHORIZOR, Authorizor.class, ZKAuthorizor.getInstance()); toRet.initialize(instanceId, initialize); return toRet; }
private String getRootUserName(SiteConfiguration siteConfig, Opts opts) throws IOException { final String keytab = siteConfig.get(Property.GENERAL_KERBEROS_KEYTAB); if (keytab.equals(Property.GENERAL_KERBEROS_KEYTAB.getDefaultValue()) || !siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { return DEFAULT_ROOT_USER; } ConsoleReader c = getConsoleReader(); c.println("Running against secured HDFS"); if (opts.rootUser != null) { return opts.rootUser; } do { String user = c.readLine("Principal (user) to grant administrative privileges to : "); if (user == null) { // should not happen System.exit(1); } if (!user.isEmpty()) { return user; } } while (true); }
public boolean doInit(SiteConfiguration siteConfig, Opts opts, Configuration conf, VolumeManager fs) throws IOException { if (!checkInit(conf, fs, siteConfig, conf)) { return false; } // prompt user for instance name and root password early, in case they // abort, we don't leave an inconsistent HDFS/ZooKeeper structure String instanceNamePath; try { instanceNamePath = getInstanceNamePath(opts); } catch (Exception e) { log.error("FATAL: Failed to talk to zookeeper", e); return false; } String rootUser; try { rootUser = getRootUserName(siteConfig, opts); } catch (Exception e) { log.error("FATAL: Failed to obtain user for administrative privileges"); return false; } // Don't prompt for a password when we're running SASL(Kerberos) if (siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { opts.rootpass = UUID.randomUUID().toString().getBytes(UTF_8); } else { opts.rootpass = getRootPassword(siteConfig, opts, rootUser); } return initialize(siteConfig, conf, opts, instanceNamePath, fs, rootUser); }