use of alluxio.master.audit.AsyncUserAccessAuditLogWriter in project alluxio by Alluxio.
the class JobMaster method createAuditContext.
/**
* Creates a {@link JobMasterAuditContext} instance.
*
* @param command the command to be logged by this {@link AuditContext}
* @return newly-created {@link JobMasterAuditContext} instance
*/
private JobMasterAuditContext createAuditContext(String command) {
// Audit log may be enabled during runtime
AsyncUserAccessAuditLogWriter auditLogWriter = null;
if (ServerConfiguration.getBoolean(PropertyKey.MASTER_AUDIT_LOGGING_ENABLED)) {
auditLogWriter = mAsyncAuditLogWriter;
}
JobMasterAuditContext auditContext = new JobMasterAuditContext(auditLogWriter);
if (auditLogWriter != null) {
String user = null;
String ugi = "";
try {
user = AuthenticatedClientUser.getClientUser(ServerConfiguration.global());
} catch (AccessControlException e) {
ugi = "N/A";
}
if (user != null) {
try {
String primaryGroup = CommonUtils.getPrimaryGroupName(user, ServerConfiguration.global());
ugi = user + "," + primaryGroup;
} catch (IOException e) {
LOG.debug("Failed to get primary group for user {}.", user);
ugi = user + ",N/A";
}
}
AuthType authType = ServerConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
auditContext.setUgi(ugi).setAuthType(authType).setIp(ClientIpAddressInjector.getIpAddress()).setCommand(command).setAllowed(true).setCreationTimeNs(System.nanoTime());
}
return auditContext;
}
use of alluxio.master.audit.AsyncUserAccessAuditLogWriter in project alluxio by Alluxio.
the class JobMaster method start.
@Override
public void start(Boolean isLeader) throws IOException {
super.start(isLeader);
// Fail any jobs that were still running when the last job master stopped.
for (PlanCoordinator planCoordinator : mPlanTracker.coordinators()) {
if (!planCoordinator.isJobFinished()) {
planCoordinator.setJobAsFailed("JobMasterShutdown", "Job failed: Job master shut down during execution");
}
}
if (isLeader) {
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.JOB_MASTER_LOST_WORKER_DETECTION, new LostWorkerDetectionHeartbeatExecutor(), (int) ServerConfiguration.getMs(PropertyKey.JOB_MASTER_LOST_WORKER_INTERVAL), ServerConfiguration.global(), mMasterContext.getUserState()));
if (ServerConfiguration.getBoolean(PropertyKey.MASTER_AUDIT_LOGGING_ENABLED)) {
mAsyncAuditLogWriter = new AsyncUserAccessAuditLogWriter("JOB_MASTER_AUDIT_LOG");
mAsyncAuditLogWriter.start();
MetricsSystem.registerGaugeIfAbsent(MetricKey.MASTER_AUDIT_LOG_ENTRIES_SIZE.getName(), () -> mAsyncAuditLogWriter != null ? mAsyncAuditLogWriter.getAuditLogEntriesSize() : -1);
}
}
}
use of alluxio.master.audit.AsyncUserAccessAuditLogWriter in project alluxio by Alluxio.
the class DefaultFileSystemMaster method createAuditContext.
/**
* Creates a {@link FileSystemMasterAuditContext} instance.
*
* @param command the command to be logged by this {@link AuditContext}
* @param srcPath the source path of this command
* @param dstPath the destination path of this command
* @param srcInode the source inode of this command
* @return newly-created {@link FileSystemMasterAuditContext} instance
*/
private FileSystemMasterAuditContext createAuditContext(String command, AlluxioURI srcPath, @Nullable AlluxioURI dstPath, @Nullable Inode srcInode) {
// Audit log may be enabled during runtime
AsyncUserAccessAuditLogWriter auditLogWriter = null;
if (ServerConfiguration.getBoolean(PropertyKey.MASTER_AUDIT_LOGGING_ENABLED)) {
auditLogWriter = mAsyncAuditLogWriter;
}
FileSystemMasterAuditContext auditContext = new FileSystemMasterAuditContext(auditLogWriter);
if (auditLogWriter != null) {
String user = null;
String ugi = "";
try {
user = AuthenticatedClientUser.getClientUser(ServerConfiguration.global());
} catch (AccessControlException e) {
ugi = "N/A";
}
if (user != null) {
try {
String primaryGroup = CommonUtils.getPrimaryGroupName(user, ServerConfiguration.global());
ugi = user + "," + primaryGroup;
} catch (IOException e) {
LOG.debug("Failed to get primary group for user {}.", user);
ugi = user + ",N/A";
}
}
AuthType authType = ServerConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
auditContext.setUgi(ugi).setAuthType(authType).setIp(ClientIpAddressInjector.getIpAddress()).setCommand(command).setSrcPath(srcPath).setDstPath(dstPath).setSrcInode(srcInode).setAllowed(true).setCreationTimeNs(System.nanoTime());
}
return auditContext;
}
use of alluxio.master.audit.AsyncUserAccessAuditLogWriter in project alluxio by Alluxio.
the class DefaultFileSystemMaster method start.
@Override
public void start(Boolean isPrimary) throws IOException {
super.start(isPrimary);
if (isPrimary) {
LOG.info("Starting fs master as primary");
InodeDirectory root = mInodeTree.getRoot();
if (root == null) {
try (JournalContext context = createJournalContext()) {
mInodeTree.initializeRoot(SecurityUtils.getOwner(mMasterContext.getUserState()), SecurityUtils.getGroup(mMasterContext.getUserState(), ServerConfiguration.global()), ModeUtils.applyDirectoryUMask(Mode.createFullAccess(), ServerConfiguration.getString(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_UMASK)), context);
}
} else if (!ServerConfiguration.getBoolean(PropertyKey.MASTER_SKIP_ROOT_ACL_CHECK)) {
// For backwards-compatibility:
// Empty root owner indicates that previously the master had no security. In this case, the
// master is allowed to be started with security turned on.
String serverOwner = SecurityUtils.getOwner(mMasterContext.getUserState());
if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global()) && !root.getOwner().isEmpty() && !root.getOwner().equals(serverOwner)) {
// user is not the previous owner
throw new PermissionDeniedException(ExceptionMessage.PERMISSION_DENIED.getMessage(String.format("Unauthorized user on root. inode owner: %s current user: %s", root.getOwner(), serverOwner)));
}
}
// Initialize the ufs manager from the mount table.
for (String key : mMountTable.getMountTable().keySet()) {
if (key.equals(MountTable.ROOT)) {
continue;
}
MountInfo mountInfo = mMountTable.getMountTable().get(key);
UnderFileSystemConfiguration ufsConf = UnderFileSystemConfiguration.defaults(ServerConfiguration.global()).createMountSpecificConf(mountInfo.getOptions().getPropertiesMap()).setReadOnly(mountInfo.getOptions().getReadOnly()).setShared(mountInfo.getOptions().getShared());
mUfsManager.addMount(mountInfo.getMountId(), mountInfo.getUfsUri(), ufsConf);
}
// Startup Checks and Periodic Threads.
// Rebuild the list of persist jobs (mPersistJobs) and map of pending persist requests
// (mPersistRequests)
long persistInitialIntervalMs = ServerConfiguration.getMs(PropertyKey.MASTER_PERSISTENCE_INITIAL_INTERVAL_MS);
long persistMaxIntervalMs = ServerConfiguration.getMs(PropertyKey.MASTER_PERSISTENCE_MAX_INTERVAL_MS);
long persistMaxWaitMs = ServerConfiguration.getMs(PropertyKey.MASTER_PERSISTENCE_MAX_TOTAL_WAIT_TIME_MS);
for (Long id : mInodeTree.getToBePersistedIds()) {
Inode inode = mInodeStore.get(id).get();
if (inode.isDirectory() || // When file is completed it is added to persist reqs
!inode.asFile().isCompleted() || inode.getPersistenceState() != PersistenceState.TO_BE_PERSISTED || inode.asFile().getShouldPersistTime() == Constants.NO_AUTO_PERSIST) {
continue;
}
InodeFile inodeFile = inode.asFile();
if (inodeFile.getPersistJobId() == Constants.PERSISTENCE_INVALID_JOB_ID) {
mPersistRequests.put(inodeFile.getId(), new alluxio.time.ExponentialTimer(persistInitialIntervalMs, persistMaxIntervalMs, getPersistenceWaitTime(inodeFile.getShouldPersistTime()), persistMaxWaitMs));
} else {
AlluxioURI path;
try {
path = mInodeTree.getPath(inodeFile);
} catch (FileDoesNotExistException e) {
LOG.error("Failed to determine path for inode with id {}", id, e);
continue;
}
addPersistJob(id, inodeFile.getPersistJobId(), getPersistenceWaitTime(inodeFile.getShouldPersistTime()), path, inodeFile.getTempUfsPath());
}
}
if (ServerConfiguration.getBoolean(PropertyKey.MASTER_STARTUP_BLOCK_INTEGRITY_CHECK_ENABLED)) {
validateInodeBlocks(true);
}
int blockIntegrityCheckInterval = (int) ServerConfiguration.getMs(PropertyKey.MASTER_PERIODIC_BLOCK_INTEGRITY_CHECK_INTERVAL);
if (blockIntegrityCheckInterval > 0) {
// negative or zero interval implies disabled
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.MASTER_BLOCK_INTEGRITY_CHECK, new BlockIntegrityChecker(this), blockIntegrityCheckInterval, ServerConfiguration.global(), mMasterContext.getUserState()));
}
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.MASTER_TTL_CHECK, new InodeTtlChecker(this, mInodeTree), (int) ServerConfiguration.getMs(PropertyKey.MASTER_TTL_CHECKER_INTERVAL_MS), ServerConfiguration.global(), mMasterContext.getUserState()));
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.MASTER_LOST_FILES_DETECTION, new LostFileDetector(this, mInodeTree), (int) ServerConfiguration.getMs(PropertyKey.MASTER_LOST_WORKER_FILE_DETECTION_INTERVAL), ServerConfiguration.global(), mMasterContext.getUserState()));
mReplicationCheckHeartbeatThread = new HeartbeatThread(HeartbeatContext.MASTER_REPLICATION_CHECK, new alluxio.master.file.replication.ReplicationChecker(mInodeTree, mBlockMaster, mSafeModeManager, mJobMasterClientPool), (int) ServerConfiguration.getMs(PropertyKey.MASTER_REPLICATION_CHECK_INTERVAL_MS), ServerConfiguration.global(), mMasterContext.getUserState());
ReconfigurableRegistry.register(this);
getExecutorService().submit(mReplicationCheckHeartbeatThread);
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.MASTER_PERSISTENCE_SCHEDULER, new PersistenceScheduler(), (int) ServerConfiguration.getMs(PropertyKey.MASTER_PERSISTENCE_SCHEDULER_INTERVAL_MS), ServerConfiguration.global(), mMasterContext.getUserState()));
mPersistCheckerPool = new java.util.concurrent.ThreadPoolExecutor(PERSIST_CHECKER_POOL_THREADS, PERSIST_CHECKER_POOL_THREADS, 1, java.util.concurrent.TimeUnit.MINUTES, new LinkedBlockingQueue<Runnable>(), alluxio.util.ThreadFactoryUtils.build("Persist-Checker-%d", true));
mPersistCheckerPool.allowCoreThreadTimeOut(true);
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.MASTER_PERSISTENCE_CHECKER, new PersistenceChecker(), (int) ServerConfiguration.getMs(PropertyKey.MASTER_PERSISTENCE_CHECKER_INTERVAL_MS), ServerConfiguration.global(), mMasterContext.getUserState()));
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.MASTER_METRICS_TIME_SERIES, new TimeSeriesRecorder(), (int) ServerConfiguration.getMs(PropertyKey.MASTER_METRICS_TIME_SERIES_INTERVAL), ServerConfiguration.global(), mMasterContext.getUserState()));
if (ServerConfiguration.getBoolean(PropertyKey.MASTER_AUDIT_LOGGING_ENABLED)) {
mAsyncAuditLogWriter = new AsyncUserAccessAuditLogWriter("AUDIT_LOG");
mAsyncAuditLogWriter.start();
MetricsSystem.registerGaugeIfAbsent(MetricKey.MASTER_AUDIT_LOG_ENTRIES_SIZE.getName(), () -> mAsyncAuditLogWriter != null ? mAsyncAuditLogWriter.getAuditLogEntriesSize() : -1);
}
if (ServerConfiguration.getBoolean(PropertyKey.UNDERFS_CLEANUP_ENABLED)) {
getExecutorService().submit(new HeartbeatThread(HeartbeatContext.MASTER_UFS_CLEANUP, new UfsCleaner(this), (int) ServerConfiguration.getMs(PropertyKey.UNDERFS_CLEANUP_INTERVAL), ServerConfiguration.global(), mMasterContext.getUserState()));
}
mAccessTimeUpdater.start();
mSyncManager.start();
}
}
Aggregations