Search in sources :

Example 1 with SslConnectionParams

use of org.apache.accumulo.core.rpc.SslConnectionParams in project accumulo by apache.

the class Proxy method createProxyServer.

public static ServerAddress createProxyServer(HostAndPort address, TProtocolFactory protocolFactory, Properties properties, ClientConfiguration clientConf) throws Exception {
    final int numThreads = Integer.parseInt(properties.getProperty(THRIFT_THREAD_POOL_SIZE_KEY, THRIFT_THREAD_POOL_SIZE_DEFAULT));
    final long maxFrameSize = ConfigurationTypeHelper.getFixedMemoryAsBytes(properties.getProperty(THRIFT_MAX_FRAME_SIZE_KEY, THRIFT_MAX_FRAME_SIZE_DEFAULT));
    final int simpleTimerThreadpoolSize = Integer.parseInt(Property.GENERAL_SIMPLETIMER_THREADPOOL_SIZE.getDefaultValue());
    // How frequently to try to resize the thread pool
    final long threadpoolResizeInterval = 1000l * 5;
    // No timeout
    final long serverSocketTimeout = 0l;
    // Use the new hadoop metrics2 support
    final MetricsFactory metricsFactory = new MetricsFactory(false);
    final String serverName = "Proxy", threadName = "Accumulo Thrift Proxy";
    // create the implementation of the proxy interface
    ProxyServer impl = new ProxyServer(properties);
    // Wrap the implementation -- translate some exceptions
    AccumuloProxy.Iface wrappedImpl = RpcWrapper.service(impl);
    // Create the processor from the implementation
    TProcessor processor = new AccumuloProxy.Processor<>(wrappedImpl);
    // Get the type of thrift server to instantiate
    final String serverTypeStr = properties.getProperty(THRIFT_SERVER_TYPE, THRIFT_SERVER_TYPE_DEFAULT);
    ThriftServerType serverType = DEFAULT_SERVER_TYPE;
    if (!THRIFT_SERVER_TYPE_DEFAULT.equals(serverTypeStr)) {
        serverType = ThriftServerType.get(serverTypeStr);
    }
    SslConnectionParams sslParams = null;
    SaslServerConnectionParams saslParams = null;
    switch(serverType) {
        case SSL:
            sslParams = SslConnectionParams.forClient(ClientContext.convertClientConfig(clientConf));
            break;
        case SASL:
            if (!clientConf.hasSasl()) {
                // ACCUMULO-3651 Changed level to error and added FATAL to message for slf4j capability
                log.error("FATAL: SASL thrift server was requested but it is disabled in client configuration");
                throw new RuntimeException("SASL is not enabled in configuration");
            }
            // Kerberos needs to be enabled to use it
            if (!UserGroupInformation.isSecurityEnabled()) {
                // ACCUMULO-3651 Changed level to error and added FATAL to message for slf4j capability
                log.error("FATAL: Hadoop security is not enabled");
                throw new RuntimeException();
            }
            // Login via principal and keytab
            final String kerberosPrincipal = properties.getProperty(KERBEROS_PRINCIPAL, ""), kerberosKeytab = properties.getProperty(KERBEROS_KEYTAB, "");
            if (StringUtils.isBlank(kerberosPrincipal) || StringUtils.isBlank(kerberosKeytab)) {
                // ACCUMULO-3651 Changed level to error and added FATAL to message for slf4j capability
                log.error("FATAL: Kerberos principal and keytab must be provided");
                throw new RuntimeException();
            }
            UserGroupInformation.loginUserFromKeytab(kerberosPrincipal, kerberosKeytab);
            UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
            log.info("Logged in as {}", ugi.getUserName());
            // The kerberosPrimary set in the SASL server needs to match the principal we're logged in as.
            final String shortName = ugi.getShortUserName();
            log.info("Setting server primary to {}", shortName);
            clientConf.setProperty(ClientProperty.KERBEROS_SERVER_PRIMARY, shortName);
            KerberosToken token = new KerberosToken();
            saslParams = new SaslServerConnectionParams(clientConf, token, null);
            processor = new UGIAssumingProcessor(processor);
            break;
        default:
            // nothing to do -- no extra configuration necessary
            break;
    }
    // Hook up support for tracing for thrift calls
    TimedProcessor timedProcessor = new TimedProcessor(metricsFactory, processor, serverName, threadName);
    // Create the thrift server with our processor and properties
    ServerAddress serverAddr = TServerUtils.startTServer(serverType, timedProcessor, protocolFactory, serverName, threadName, numThreads, simpleTimerThreadpoolSize, threadpoolResizeInterval, maxFrameSize, sslParams, saslParams, serverSocketTimeout, address);
    return serverAddr;
}
Also used : SaslServerConnectionParams(org.apache.accumulo.server.rpc.SaslServerConnectionParams) AccumuloProxy(org.apache.accumulo.proxy.thrift.AccumuloProxy) UGIAssumingProcessor(org.apache.accumulo.server.rpc.UGIAssumingProcessor) TimedProcessor(org.apache.accumulo.server.rpc.TimedProcessor) TProcessor(org.apache.thrift.TProcessor) UGIAssumingProcessor(org.apache.accumulo.server.rpc.UGIAssumingProcessor) KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken) ServerAddress(org.apache.accumulo.server.rpc.ServerAddress) SslConnectionParams(org.apache.accumulo.core.rpc.SslConnectionParams) ThriftServerType(org.apache.accumulo.server.rpc.ThriftServerType) TProcessor(org.apache.thrift.TProcessor) MetricsFactory(org.apache.accumulo.server.metrics.MetricsFactory) TimedProcessor(org.apache.accumulo.server.rpc.TimedProcessor) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 2 with SslConnectionParams

use of org.apache.accumulo.core.rpc.SslConnectionParams in project accumulo by apache.

the class ThriftTransportKeyTest method testSslAndSaslErrors.

@Test(expected = RuntimeException.class)
public void testSslAndSaslErrors() {
    ClientContext clientCtx = createMock(ClientContext.class);
    SslConnectionParams sslParams = createMock(SslConnectionParams.class);
    SaslConnectionParams saslParams = createMock(SaslConnectionParams.class);
    expect(clientCtx.getClientSslParams()).andReturn(sslParams).anyTimes();
    expect(clientCtx.getSaslParams()).andReturn(saslParams).anyTimes();
    // We don't care to verify the sslparam or saslparam mocks
    replay(clientCtx);
    try {
        new ThriftTransportKey(HostAndPort.fromParts("localhost", 9999), 120 * 1000, clientCtx);
    } finally {
        verify(clientCtx);
    }
}
Also used : SaslConnectionParams(org.apache.accumulo.core.rpc.SaslConnectionParams) SslConnectionParams(org.apache.accumulo.core.rpc.SslConnectionParams) Test(org.junit.Test)

Aggregations

SslConnectionParams (org.apache.accumulo.core.rpc.SslConnectionParams)2 KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)1 SaslConnectionParams (org.apache.accumulo.core.rpc.SaslConnectionParams)1 AccumuloProxy (org.apache.accumulo.proxy.thrift.AccumuloProxy)1 MetricsFactory (org.apache.accumulo.server.metrics.MetricsFactory)1 SaslServerConnectionParams (org.apache.accumulo.server.rpc.SaslServerConnectionParams)1 ServerAddress (org.apache.accumulo.server.rpc.ServerAddress)1 ThriftServerType (org.apache.accumulo.server.rpc.ThriftServerType)1 TimedProcessor (org.apache.accumulo.server.rpc.TimedProcessor)1 UGIAssumingProcessor (org.apache.accumulo.server.rpc.UGIAssumingProcessor)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 TProcessor (org.apache.thrift.TProcessor)1 Test (org.junit.Test)1