private static void initSecurity(ServerContext context, Opts opts, String rootUser) throws AccumuloSecurityException { AuditedSecurityOperation.getInstance(context, true).initializeSecurity(context.rpcCreds(), rootUser, opts.rootpass); }
private void sendQueued(int threshhold) { if (queuedDataSize > threshhold || threshhold == 0) { loadQueue.forEach((server, tabletFiles) -> { if (log.isTraceEnabled()) { log.trace("tid {} asking {} to bulk import {} files for {} tablets", fmtTid, server, tabletFiles.values().stream().mapToInt(Map::size).sum(), tabletFiles.size()); } TabletClientService.Client client = null; try { client = ThriftUtil.getTServerClient(server, master.getContext(), timeInMillis); client.loadFiles(Tracer.traceInfo(), master.getContext().rpcCreds(), tid, bulkDir.toString(), tabletFiles, setTime); } catch (TException ex) { log.debug("rpc failed server: " + server + ", tid:" + fmtTid + " " + ex.getMessage(), ex); } finally { ThriftUtil.returnClient(client); } }); loadQueue.clear(); queuedDataSize = 0; } }
public void splitTablet(KeyExtent extent, Text splitPoint) throws TException, ThriftSecurityException, NotServingTabletException { TabletClientService.Client client = ThriftUtil .getClient(new TabletClientService.Client.Factory(), address, context); try { client.splitTablet(Tracer.traceInfo(), context.rpcCreds(), extent.toThrift(), ByteBuffer.wrap(splitPoint.getBytes(), 0, splitPoint.getLength())); } finally { ThriftUtil.returnClient(client); } }
public void compact(ZooLock lock, String tableId, byte[] startRow, byte[] endRow) throws TException { TabletClientService.Client client = ThriftUtil .getClient(new TabletClientService.Client.Factory(), address, context); try { client.compact(Tracer.traceInfo(), context.rpcCreds(), lockString(lock), tableId, startRow == null ? null : ByteBuffer.wrap(startRow), endRow == null ? null : ByteBuffer.wrap(endRow)); } finally { ThriftUtil.returnClient(client); } }
@Override public void undo(long tid, Master env) throws Exception { AuditedSecurityOperation.getInstance(env.getContext()).deleteTable(env.getContext().rpcCreds(), tableInfo.tableId, tableInfo.namespaceId); } }
private void loadTablet(TabletClientService.Client client, ZooLock lock, KeyExtent extent) throws TException { client.loadTablet(Tracer.traceInfo(), context.rpcCreds(), lockString(lock), extent.toThrift()); }
public void flush(ZooLock lock, Table.ID tableId, byte[] startRow, byte[] endRow) throws TException { TabletClientService.Client client = ThriftUtil .getClient(new TabletClientService.Client.Factory(), address, context); try { client.flush(Tracer.traceInfo(), context.rpcCreds(), lockString(lock), tableId.canonicalID(), startRow == null ? null : ByteBuffer.wrap(startRow), endRow == null ? null : ByteBuffer.wrap(endRow)); } finally { ThriftUtil.returnClient(client); } }
@Override public void undo(long tid, Master environment) throws Exception { AuditedSecurityOperation.getInstance(environment.getContext()) .deleteTable(environment.getContext().rpcCreds(), cloneInfo.tableId, cloneInfo.namespaceId); } }
public TabletServerStatus getTableMap(boolean usePooledConnection) throws TException, ThriftSecurityException { if (usePooledConnection) throw new UnsupportedOperationException(); long start = System.currentTimeMillis(); TTransport transport = ThriftUtil.createTransport(address, context); try { TabletClientService.Client client = ThriftUtil .createClient(new TabletClientService.Client.Factory(), transport); TabletServerStatus status = client.getTabletServerStatus(Tracer.traceInfo(), context.rpcCreds()); if (status != null) { status.setResponseTime(System.currentTimeMillis() - start); } return status; } finally { if (transport != null) transport.close(); } }
@Override public Repo<Master> call(long tid, Master env) throws Exception { // give all table permissions to the creator SecurityOperation security = AuditedSecurityOperation.getInstance(env.getContext()); for (TablePermission permission : TablePermission.values()) { try { security.grantTablePermission(env.getContext().rpcCreds(), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId); } catch (ThriftSecurityException e) { LoggerFactory.getLogger(ImportSetupPermissions.class).error("{}", e.getMessage(), e); throw e; } } // setup permissions in zookeeper before table info in zookeeper // this way concurrent users will not get a spurious permission denied // error return new ImportPopulateZookeeper(tableInfo); }
@Override public Repo<Master> call(long tid, Master env) throws Exception { // give all namespace permissions to the creator SecurityOperation security = AuditedSecurityOperation.getInstance(env.getContext()); for (NamespacePermission permission : NamespacePermission.values()) { try { security.grantNamespacePermission(env.getContext().rpcCreds(), namespaceInfo.user, namespaceInfo.namespaceId, permission); } catch (ThriftSecurityException e) { LoggerFactory.getLogger(SetupNamespacePermissions.class).error("{}", e.getMessage(), e); throw e; } } // setup permissions in zookeeper before table info in zookeeper // this way concurrent users will not get a spurious permission denied // error return new PopulateZookeeperWithNamespace(namespaceInfo); } }
private static GCStatus fetchGcStatus() { GCStatus result = null; HostAndPort address = null; try { // Read the gc location from its lock ZooReaderWriter zk = context.getZooReaderWriter(); String path = context.getZooKeeperRoot() + Constants.ZGC_LOCK; List<String> locks = zk.getChildren(path, null); if (locks != null && locks.size() > 0) { Collections.sort(locks); address = new ServerServices(new String(zk.getData(path + "/" + locks.get(0), null), UTF_8)) .getAddress(Service.GC_CLIENT); GCMonitorService.Client client = ThriftUtil.getClient(new GCMonitorService.Client.Factory(), address, context); try { result = client.getStatus(Tracer.traceInfo(), getContext().rpcCreds()); } finally { ThriftUtil.returnClient(client); } } } catch (Exception ex) { log.warn("Unable to contact the garbage collector at " + address, ex); } return result; }
@Override public void undo(long tid, Master env) throws Exception { AuditedSecurityOperation.getInstance(env.getContext()).deleteTable(env.getContext().rpcCreds(), tableInfo.getTableId(), tableInfo.getNamespaceId()); }
public void fastHalt(ZooLock lock) throws TException { TabletClientService.Client client = ThriftUtil .getClient(new TabletClientService.Client.Factory(), address, context); try { client.fastHalt(Tracer.traceInfo(), context.rpcCreds(), lockString(lock)); } finally { ThriftUtil.returnClient(client); } }
@Override public Repo<Master> call(long id, Master master) { // remove from zookeeper try { master.getTableManager().removeNamespace(namespaceId); } catch (Exception e) { log.error("Failed to find namespace in zookeeper", e); } Tables.clearCache(master.getContext()); // remove any permissions associated with this namespace try { AuditedSecurityOperation.getInstance(master.getContext()) .deleteNamespace(master.getContext().rpcCreds(), namespaceId); } catch (ThriftSecurityException e) { log.error("{}", e.getMessage(), e); } Utils.unreserveNamespace(master, namespaceId, id, true); log.debug("Deleted namespace " + namespaceId); return null; }
public void halt(ZooLock lock) throws TException, ThriftSecurityException { TabletClientService.Client client = ThriftUtil .getClient(new TabletClientService.Client.Factory(), address, context); try { client.halt(Tracer.traceInfo(), context.rpcCreds(), lockString(lock)); } finally { ThriftUtil.returnClient(client); } }
public void unloadTablet(ZooLock lock, KeyExtent extent, TUnloadTabletGoal goal, long requestTime) throws TException { TabletClientService.Client client = ThriftUtil .getClient(new TabletClientService.Client.Factory(), address, context); try { client.unloadTablet(Tracer.traceInfo(), context.rpcCreds(), lockString(lock), extent.toThrift(), goal, requestTime); } finally { ThriftUtil.returnClient(client); } }
@Override public Repo<Master> call(long tid, Master environment) throws Exception { // give all table permissions to the creator for (TablePermission permission : TablePermission.values()) { try { AuditedSecurityOperation.getInstance(environment.getContext()).grantTablePermission( environment.getContext().rpcCreds(), cloneInfo.user, cloneInfo.tableId, permission, cloneInfo.namespaceId); } catch (ThriftSecurityException e) { LoggerFactory.getLogger(ClonePermissions.class).error("{}", e.getMessage(), e); throw e; } } // setup permissions in zookeeper before table info in zookeeper // this way concurrent users will not get a spurious permission denied // error try { return new CloneZookeeper(cloneInfo, environment.getContext()); } catch (NamespaceNotFoundException e) { throw new AcceptableThriftTableOperationException(null, cloneInfo.tableName, TableOperation.CLONE, TableOperationExceptionType.NAMESPACE_NOTFOUND, "Namespace for target table not found"); } }
public void chop(ZooLock lock, KeyExtent extent) throws TException { TabletClientService.Client client = ThriftUtil .getClient(new TabletClientService.Client.Factory(), address, context); try { client.chop(Tracer.traceInfo(), context.rpcCreds(), lockString(lock), extent.toThrift()); } finally { ThriftUtil.returnClient(client); } }
@Override public Repo<Master> call(long tid, Master env) throws Exception { // give all table permissions to the creator SecurityOperation security = AuditedSecurityOperation.getInstance(env.getContext()); if (!tableInfo.getUser().equals(env.getContext().getCredentials().getPrincipal())) { for (TablePermission permission : TablePermission.values()) { try { security.grantTablePermission(env.getContext().rpcCreds(), tableInfo.getUser(), tableInfo.getTableId(), permission, tableInfo.getNamespaceId()); } catch (ThriftSecurityException e) { LoggerFactory.getLogger(SetupPermissions.class).error("{}", e.getMessage(), e); throw e; } } } // setup permissions in zookeeper before table info in zookeeper // this way concurrent users will not get a spurious permission denied // error return new PopulateZookeeper(tableInfo); }