diff --git a/hdfs/CHANGES.txt b/hdfs/CHANGES.txt index 232cdc5483..a44224779e 100644 --- a/hdfs/CHANGES.txt +++ b/hdfs/CHANGES.txt @@ -9,6 +9,8 @@ Trunk (unreleased changes) HDFS-1536. Improve HDFS WebUI. (hairong) + HDFS-2210. Remove hdfsproxy. (eli) + NEW FEATURES HDFS-1359. Add BlockPoolID to Block. (suresh) diff --git a/hdfs/build.xml b/hdfs/build.xml index 311195a2f0..3660120d50 100644 --- a/hdfs/build.xml +++ b/hdfs/build.xml @@ -1397,7 +1397,6 @@ - diff --git a/hdfs/src/contrib/build.xml b/hdfs/src/contrib/build.xml index 5326d37864..e69640ace7 100644 --- a/hdfs/src/contrib/build.xml +++ b/hdfs/src/contrib/build.xml @@ -48,12 +48,6 @@ - - diff --git a/hdfs/src/contrib/hdfsproxy/README b/hdfs/src/contrib/hdfsproxy/README deleted file mode 100644 index abf0dc6d04..0000000000 --- a/hdfs/src/contrib/hdfsproxy/README +++ /dev/null @@ -1,47 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -HDFS Proxy is a proxy server through which a hadoop client (through HSFTP) or a standard -HTTPS client (wget, curl, etc) can talk to a hadoop server and more importantly pull data -from the sever. It put an access control layer in front of hadoop namenode server and extends -its functionalities to allow hadoop cross-version data transfer. - -HDFSPROXY can be configured/started via either Jetty or Tomcat with different supporting features. - -A) With Jetty-based Installation, supporting features include: -> Single Hadoop source cluster data transfer -> Single Hadoop version data transfer -> Authenticate users via user SSL certificates with ProxyFilter installed -> Enforce access control based on configuration files. - -B) With Tomcat-based Installation, supporting features include: -> Multiple Hadoop source cluster data transfer -> Multiple Hadoop version data transfer -> Authenticate users via user SSL certificates with ProxyFilter installed -> Authentication and authorization via LDAP with LdapIpDirFilter installed -> Access control based on configuration files if ProxyFilter is installed. -> Access control based on LDAP entries if LdapIpDirFilter is installed. -> Standard HTTPS Get Support for file transfer - -The detailed configuration/set-up guide is in the Forrest -documentation, which can be found at $HADOOP_PREFIX/docs. In order to build the -documentation on your own from source please use the following command in -the downloaded source folder: - -ant docs -Dforrest.home=path to forrest -Djava5.home= path to jdk5. - -The documentation so built would be under $HADOOP_PREFIX/build/docs diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy deleted file mode 100755 index 18be9d46e7..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# The HdfsProxy command script -# -# Environment Variables -# -# JAVA_HOME The java implementation to use. Overrides JAVA_HOME. -# -# HDFSPROXY_CLASSPATH Extra Java CLASSPATH entries. -# -# HDFSPROXY_HEAPSIZE The maximum amount of heap to use, in MB. -# Default is 1000. -# -# HDFSPROXY_OPTS Extra Java runtime options. -# -# HDFSPROXY_NAMENODE_OPTS These options are added to HDFSPROXY_OPTS -# HDFSPROXY_CLIENT_OPTS when the respective command is run. -# HDFSPROXY_{COMMAND}_OPTS etc HDFSPROXY_JT_OPTS applies to JobTracker -# for e.g. HDFSPROXY_CLIENT_OPTS applies to -# more than one command (fs, dfs, fsck, -# dfsadmin etc) -# -# HDFSPROXY_CONF_DIR Alternate conf dir. Default is ${HDFSPROXY_HOME}/conf. -# -# HDFSPROXY_ROOT_LOGGER The root appender. Default is INFO,console -# - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -cygwin=false -case "`uname`" in -CYGWIN*) cygwin=true;; -esac - -if [ -f "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" ]; then - . "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" -fi - -# some Java parameters -if [ "$JAVA_HOME" != "" ]; then - #echo "run java in $JAVA_HOME" - JAVA_HOME=$JAVA_HOME -fi - -if [ "$JAVA_HOME" = "" ]; then - echo "Error: JAVA_HOME is not set." - exit 1 -fi - -JAVA=$JAVA_HOME/bin/java -JAVA_HEAP_MAX=-Xmx1000m - -# check envvars which might override default args -if [ "$HDFSPROXY_HEAPSIZE" != "" ]; then - #echo "run with heapsize $HDFSPROXY_HEAPSIZE" - JAVA_HEAP_MAX="-Xmx""$HDFSPROXY_HEAPSIZE""m" - #echo $JAVA_HEAP_MAX -fi - -# CLASSPATH initially contains $HDFSPROXY_CONF_DIR -CLASSPATH="${HDFSPROXY_CONF_DIR}" -CLASSPATH=${CLASSPATH}:$JAVA_HOME/lib/tools.jar - -# for developers, add HdfsProxy classes to CLASSPATH -if [ -d "$HDFSPROXY_HOME/build/classes" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME/build/classes -fi -if [ -d "$HDFSPROXY_HOME/build/web/webapps" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME/build/web -fi -if [ -d "$HDFSPROXY_HOME/build/test/hdfs/classes" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME/build/test/hdfs/classes -fi - -# so that filenames w/ spaces are handled correctly in loops below -IFS= - -# for releases, add hdfsproxy jar & webapps to CLASSPATH -if [ -d "$HDFSPROXY_HOME/webapps" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME -fi -for f in $HDFSPROXY_HOME/hdfsproxy-*.jar; do - CLASSPATH=${CLASSPATH}:$f; -done - -# add libs to CLASSPATH -if [ -d "$HDFSPROXY_HOME/lib" ]; then - for f in $HDFSPROXY_HOME/lib/*.jar; do - CLASSPATH=${CLASSPATH}:$f; - done -fi - -if [ -d "$HDFSPROXY_HOME/../../" ]; then - for f in $HDFSPROXY_HOME/../../*.jar; do - CLASSPATH=${CLASSPATH}:$f; - done -fi -if [ -d "$HDFSPROXY_HOME/../../lib" ]; then - for f in $HDFSPROXY_HOME/../../lib/*.jar; do - CLASSPATH=${CLASSPATH}:$f; - done -fi -if [ -d "$HDFSPROXY_HOME/../../lib/jsp-2.1" ]; then - for f in $HDFSPROXY_HOME/../../lib/jsp-2.1/*.jar; do - CLASSPATH=${CLASSPATH}:$f; - done -fi - - -# add user-specified CLASSPATH last -if [ "$HDFSPROXY_CLASSPATH" != "" ]; then - CLASSPATH=${CLASSPATH}:${HDFSPROXY_CLASSPATH} -fi - -# default log directory & file -if [ "$HDFSPROXY_LOG_DIR" = "" ]; then - HDFSPROXY_LOG_DIR="$HDFSPROXY_HOME/logs" -fi -if [ "$HDFSPROXY_LOGFILE" = "" ]; then - HDFSPROXY_LOGFILE='hdfsproxy.log' -fi - -# restore ordinary behaviour -unset IFS - -# figure out which class to run -CLASS='org.apache.hadoop.hdfsproxy.HdfsProxy' - -# cygwin path translation -if $cygwin; then - CLASSPATH=`cygpath -p -w "$CLASSPATH"` - HDFSPROXY_HOME=`cygpath -d "$HDFSPROXY_HOME"` - HDFSPROXY_LOG_DIR=`cygpath -d "$HDFSPROXY_LOG_DIR"` -fi - -# cygwin path translation -if $cygwin; then - JAVA_LIBRARY_PATH=`cygpath -p "$JAVA_LIBRARY_PATH"` -fi - -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.log.dir=$HDFSPROXY_LOG_DIR" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.log.file=$HDFSPROXY_LOGFILE" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.home.dir=$HDFSPROXY_HOME" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.id.str=$HDFSPROXY_IDENT_STRING" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.root.logger=${HDFSPROXY_ROOT_LOGGER:-INFO,console}" -if [ "x$JAVA_LIBRARY_PATH" != "x" ]; then - HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Djava.library.path=$JAVA_LIBRARY_PATH" -fi - -# run it -exec "$JAVA" $JAVA_HEAP_MAX $HDFSPROXY_OPTS -classpath "$CLASSPATH" $CLASS "$@" diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-config.sh b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-config.sh deleted file mode 100755 index 8fe6aac68b..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-config.sh +++ /dev/null @@ -1,67 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# included in all the hadoop scripts with source command -# should not be executable directly -# also should not be passed any arguments, since we need original $* - -# resolve links - $0 may be a softlink - -this="$0" -while [ -h "$this" ]; do - ls=`ls -ld "$this"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '.*/.*' > /dev/null; then - this="$link" - else - this=`dirname "$this"`/"$link" - fi -done - -# convert relative path to absolute path -bin=`dirname "$this"` -script=`basename "$this"` -bin=`cd "$bin"; pwd` -this="$bin/$script" - -# the root of the HdfsProxy installation -export HDFSPROXY_HOME=`dirname "$this"`/.. - -#check to see if the conf dir is given as an optional argument -if [ $# -gt 1 ] -then - if [ "--config" = "$1" ] - then - shift - confdir=$1 - shift - HDFSPROXY_CONF_DIR=$confdir - fi -fi - -# Allow alternate conf dir location. -HDFSPROXY_CONF_DIR="${HDFSPROXY_CONF_DIR:-$HDFSPROXY_HOME/conf}" - -#check to see it is specified whether to use the slaves file -if [ $# -gt 1 ] -then - if [ "--hosts" = "$1" ] - then - shift - slavesfile=$1 - shift - export HDFSPROXY_SLAVES="${HDFSPROXY_CONF_DIR}/$slavesfile" - fi -fi diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-daemon.sh b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-daemon.sh deleted file mode 100755 index 6d5a75247f..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-daemon.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Runs a HdfsProxy as a daemon. -# -# Environment Variables -# -# HDFSPROXY_CONF_DIR Alternate conf dir. Default is ${HDFSPROXY_HOME}/conf. -# HDFSPROXY_LOG_DIR Where log files are stored. PWD by default. -# HDFSPROXY_MASTER host:path where hdfsproxy code should be rsync'd from -# HDFSPROXY_PID_DIR The pid files are stored. /tmp by default. -# HDFSPROXY_IDENT_STRING A string representing this instance of hdfsproxy. $USER by default -# HDFSPROXY_NICENESS The scheduling priority for daemons. Defaults to 0. -## - -usage="Usage: hdfsproxy-daemon.sh [--config ] [--hosts hostlistfile] (start|stop) " - -# if no args specified, show usage -if [ $# -le 1 ]; then - echo $usage - exit 1 -fi - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# get arguments -startStop=$1 -shift - -hdfsproxy_rotate_log () -{ - log=$1; - num=5; - if [ -n "$2" ]; then - num=$2 - fi - if [ -f "$log" ]; then # rotate logs - while [ $num -gt 1 ]; do - prev=`expr $num - 1` - [ -f "$log.$prev" ] && mv "$log.$prev" "$log.$num" - num=$prev - done - mv "$log" "$log.$num"; - fi -} - -if [ -f "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" ]; then - . "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" -fi - -# get log directory -if [ "$HDFSPROXY_LOG_DIR" = "" ]; then - export HDFSPROXY_LOG_DIR="$HDFSPROXY_HOME/logs" -fi -mkdir -p "$HDFSPROXY_LOG_DIR" - -if [ "$HDFSPROXY_PID_DIR" = "" ]; then - HDFSPROXY_PID_DIR=/tmp -fi - -if [ "$HDFSPROXY_IDENT_STRING" = "" ]; then - export HDFSPROXY_IDENT_STRING="$USER" -fi - -# some variables -export HDFSPROXY_LOGFILE=hdfsproxy-$HDFSPROXY_IDENT_STRING-$HOSTNAME.log -export HDFSPROXY_ROOT_LOGGER="INFO,DRFA" -log=$HDFSPROXY_LOG_DIR/hdfsproxy-$HDFSPROXY_IDENT_STRING-$HOSTNAME.out -pid=$HDFSPROXY_PID_DIR/hdfsproxy-$HDFSPROXY_IDENT_STRING.pid - -# Set default scheduling priority -if [ "$HDFSPROXY_NICENESS" = "" ]; then - export HDFSPROXY_NICENESS=0 -fi - -case $startStop in - - (start) - - mkdir -p "$HDFSPROXY_PID_DIR" - - if [ -f $pid ]; then - if kill -0 `cat $pid` > /dev/null 2>&1; then - echo hdfsproxy running as process `cat $pid`. Stop it first. - exit 1 - fi - fi - - if [ "$HDFSPROXY_MASTER" != "" ]; then - echo rsync from $HDFSPROXY_MASTER - rsync -a -e ssh --delete --exclude=.svn --exclude='logs/*' --exclude='contrib/hod/logs/*' $HDFSPROXY_MASTER/ "$HDFSPROXY_HOME" - fi - - hdfsproxy_rotate_log $log - echo starting hdfsproxy, logging to $log - cd "$HDFSPROXY_HOME" - nohup nice -n $HDFSPROXY_NICENESS "$HDFSPROXY_HOME"/bin/hdfsproxy --config $HDFSPROXY_CONF_DIR "$@" > "$log" 2>&1 < /dev/null & - echo $! > $pid - sleep 1; head "$log" - ;; - - (stop) - - if [ -f $pid ]; then - if kill -0 `cat $pid` > /dev/null 2>&1; then - echo stopping hdfsproxy - kill `cat $pid` - else - echo no hdfsproxy to stop - fi - else - echo no hdfsproxy to stop - fi - ;; - - (*) - echo $usage - exit 1 - ;; - -esac - - diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-daemons.sh b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-daemons.sh deleted file mode 100755 index 7dd8568a3b..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-daemons.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Run a HdfsProxy command on all slave hosts. - -usage="Usage: hdfsproxy-daemons.sh [--config confdir] [--hosts hostlistfile] [start|stop] " - -# if no args specified, show usage -if [ $# -le 1 ]; then - echo $usage - exit 1 -fi - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. $bin/hdfsproxy-config.sh - -exec "$bin/hdfsproxy-slaves.sh" --config $HDFSPROXY_CONF_DIR cd "$HDFSPROXY_HOME" \; "$bin/hdfsproxy-daemon.sh" --config $HDFSPROXY_CONF_DIR "$@" diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-slaves.sh b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-slaves.sh deleted file mode 100755 index db54bd5b38..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-slaves.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Run a shell command on all slave hosts. -# -# Environment Variables -# -# HDFSPROXY_SLAVES File naming remote hosts. -# Default is ${HDFSPROXY_CONF_DIR}/hdfsproxy-hosts. -# HDFSPROXY_CONF_DIR Alternate conf dir. Default is ${HDFSPROXY_HOME}/conf. -# HDFSPROXY_SLAVE_SLEEP Seconds to sleep between spawning remote commands. -# HDFSPROXY_SSH_OPTS Options passed to ssh when running remote commands. -## - -usage="Usage: hdfsproxy-slaves.sh [--config confdir] command..." - -# if no args specified, show usage -if [ $# -le 0 ]; then - echo $usage - exit 1 -fi - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# If the slaves file is specified in the command line, -# then it takes precedence over the definition in -# hdfsproxy-env.sh. Save it here. -HOSTLIST=$HDFSPROXY_SLAVES - -if [ -f "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" ]; then - . "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" -fi - -if [ "$HOSTLIST" = "" ]; then - if [ "$HDFSPROXY_SLAVES" = "" ]; then - export HOSTLIST="${HDFSPROXY_CONF_DIR}/hdfsproxy-hosts" - else - export HOSTLIST="${HDFSPROXY_SLAVES}" - fi -fi - -for slave in `cat "$HOSTLIST"`; do - ssh $HDFSPROXY_SSH_OPTS $slave $"${@// /\\ }" \ - 2>&1 | sed "s/^/$slave: /" & - if [ "$HDFSPROXY_SLAVE_SLEEP" != "" ]; then - sleep $HDFSPROXY_SLAVE_SLEEP - fi -done - -wait diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-server.sh b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-server.sh deleted file mode 100644 index 78debe68f7..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-server.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Runs a HdfsProxy as a daemon. -# -# Environment Variables -# -# HDFSPROXY_CONF_DIR Alternate conf dir. Default is ${HDFSPROXY_HOME}/conf. -# HDFSPROXY_MASTER host:path where hdfsproxy code should be rsync'd from -# HDFSPROXY_PID_DIR The pid files are stored. /tmp by default. -# HDFSPROXY_IDENT_STRING A string representing this instance of hdfsproxy. $USER by default -# HDFSPROXY_NICENESS The scheduling priority for daemons. Defaults to 0. -# TOMCAT_HOME_DIR tomcat home directory. -## - -usage="Usage: hdfsproxy-tomcat-server.sh [--config ] [--hosts hostlistfile] (start|stop) " - -# if no args specified, show usage -if [ $# -le 1 ]; then - echo $usage - exit 1 -fi - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# get arguments -startStop=$1 -shift - - -if [ -f "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" ]; then - . "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" -fi - - -if [ "$HDFSPROXY_IDENT_STRING" = "" ]; then - export HDFSPROXY_IDENT_STRING="$USER" -fi - - -# Set default scheduling priority -if [ "$HDFSPROXY_NICENESS" = "" ]; then - export HDFSPROXY_NICENESS=0 -fi - -case $startStop in - - (start) - if [ "$HDFSPROXY_MASTER" != "" ]; then - echo rsync from $HDFSPROXY_MASTER - rsync -a -e ssh --delete --exclude=.svn --exclude='logs/*' --exclude='contrib/hod/logs/*' $HDFSPROXY_MASTER/ "$HDFSPROXY_HOME" - fi - - echo starting hdfsproxy tomcat server - cd "$HDFSPROXY_HOME" - nohup nice -n $HDFSPROXY_NICENESS "$TOMCAT_HOME_DIR"/bin/startup.sh >& /dev/null & - sleep 1 - ;; - - (stop) - - echo stopping hdfsproxy tomcat server - cd "$HDFSPROXY_HOME" - nohup nice -n $HDFSPROXY_NICENESS "$TOMCAT_HOME_DIR"/bin/shutdown.sh >& /dev/null & - ;; - - (*) - echo $usage - exit 1 - ;; - -esac - - diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-servers.sh b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-servers.sh deleted file mode 100644 index 33675a841a..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-servers.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Run a HdfsProxy command on all slave hosts. - -usage="Usage: hdfsproxy-tomcat-servers.sh [--config confdir] [--hosts hostlistfile] [start|stop] " - -# if no args specified, show usage -if [ $# -le 1 ]; then - echo $usage - exit 1 -fi - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. $bin/hdfsproxy-config.sh - -exec "$bin/hdfsproxy-tomcat-slaves.sh" --config $HDFSPROXY_CONF_DIR cd "$HDFSPROXY_HOME" \; "$bin/hdfsproxy-tomcat-server.sh" --config $HDFSPROXY_CONF_DIR "$@" diff --git a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-slaves.sh b/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-slaves.sh deleted file mode 100644 index 2a8e68e964..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/hdfsproxy-tomcat-slaves.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Run a shell command on all slave hosts. -# -# Environment Variables -# -# HDFSPROXY_SLAVES File naming remote hosts. -# Default is ${HDFSPROXY_CONF_DIR}/hdfsproxy-hosts. -# HDFSPROXY_CONF_DIR Alternate conf dir. Default is ${HDFSPROXY_HOME}/conf. -# HDFSPROXY_SLAVE_SLEEP Seconds to sleep between spawning remote commands. -# HDFSPROXY_SSH_OPTS Options passed to ssh when running remote commands. -## - -usage="Usage: hdfsproxy-tomcat-slaves.sh [--config confdir] command..." - -# if no args specified, show usage -if [ $# -le 0 ]; then - echo $usage - exit 1 -fi - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# If the slaves file is specified in the command line, -# then it takes precedence over the definition in -# hdfsproxy-env.sh. Save it here. -HOSTLIST=$HDFSPROXY_SLAVES - -if [ -f "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" ]; then - . "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" -fi - -if [ "$HOSTLIST" = "" ]; then - if [ "$HDFSPROXY_SLAVES" = "" ]; then - export HOSTLIST="${HDFSPROXY_CONF_DIR}/hdfsproxy-hosts" - else - export HOSTLIST="${HDFSPROXY_SLAVES}" - fi -fi - -for slave in `cat "$HOSTLIST"`; do - ssh $HDFSPROXY_SSH_OPTS $slave $"${@// /\\ }" \ - 2>&1 | sed "s/^/$slave: /" & - if [ "$HDFSPROXY_SLAVE_SLEEP" != "" ]; then - sleep $HDFSPROXY_SLAVE_SLEEP - fi -done - -wait diff --git a/hdfs/src/contrib/hdfsproxy/bin/proxy-util b/hdfs/src/contrib/hdfsproxy/bin/proxy-util deleted file mode 100644 index 22094e0a6f..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/proxy-util +++ /dev/null @@ -1,152 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# The Proxy command utility script -# -# Environment Variables -# -# JAVA_HOME The java implementation to use. Overrides JAVA_HOME. -# -# HDFSPROXY_CLASSPATH Extra Java CLASSPATH entries. -# -# HDFSPROXY_HEAPSIZE The maximum amount of heap to use, in MB. -# Default is 1000. -# -# HDFSPROXY_OPTS Extra Java runtime options. -# -# HDFSPROXY_NAMENODE_OPTS These options are added to HDFSPROXY_OPTS -# HDFSPROXY_CLIENT_OPTS when the respective command is run. -# HDFSPROXY_{COMMAND}_OPTS etc HDFSPROXY_JT_OPTS applies to JobTracker -# for e.g. HDFSPROXY_CLIENT_OPTS applies to -# more than one command (fs, dfs, fsck, -# dfsadmin etc) -# -# HDFSPROXY_CONF_DIR Alternate conf dir. Default is ${HDFSPROXY_HOME}/conf. -# -# HDFSPROXY_ROOT_LOGGER The root appender. Default is INFO,console -# - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -cygwin=false -case "`uname`" in -CYGWIN*) cygwin=true;; -esac - -if [ -f "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" ]; then - . "${HDFSPROXY_CONF_DIR}/hdfsproxy-env.sh" -fi - -# some Java parameters -if [ "$JAVA_HOME" != "" ]; then - #echo "run java in $JAVA_HOME" - JAVA_HOME=$JAVA_HOME -fi - -if [ "$JAVA_HOME" = "" ]; then - echo "Error: JAVA_HOME is not set." - exit 1 -fi - -JAVA=$JAVA_HOME/bin/java -JAVA_HEAP_MAX=-Xmx1000m - -# check envvars which might override default args -if [ "$HDFSPROXY_HEAPSIZE" != "" ]; then - #echo "run with heapsize $HDFSPROXY_HEAPSIZE" - JAVA_HEAP_MAX="-Xmx""$HDFSPROXY_HEAPSIZE""m" - #echo $JAVA_HEAP_MAX -fi - -# CLASSPATH initially contains $HDFSPROXY_CONF_DIR -CLASSPATH="${HADOOP_CONF_DIR}" -CLASSPATH="${CLASSPATH}:${HDFSPROXY_CONF_DIR}" -CLASSPATH=${CLASSPATH}:$JAVA_HOME/lib/tools.jar - -# for developers, add HdfsProxy classes to CLASSPATH -if [ -d "$HDFSPROXY_HOME/build/classes" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME/build/classes -fi -if [ -d "$HDFSPROXY_HOME/build/web/webapps" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME/build/web -fi -if [ -d "$HDFSPROXY_HOME/build/test/hdfs/classes" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME/build/test/hdfs/classes -fi - -# so that filenames w/ spaces are handled correctly in loops below -IFS= - -# for releases, add hdfsproxy jar & webapps to CLASSPATH -if [ -d "$HDFSPROXY_HOME/webapps" ]; then - CLASSPATH=${CLASSPATH}:$HDFSPROXY_HOME -fi -for f in $HDFSPROXY_HOME/hdfsproxy-*.jar; do - CLASSPATH=${CLASSPATH}:$f; -done - -# add libs to CLASSPATH -for f in $HDFSPROXY_HOME/lib/*.jar; do - CLASSPATH=${CLASSPATH}:$f; -done - -# add user-specified CLASSPATH last -if [ "$HDFSPROXY_CLASSPATH" != "" ]; then - CLASSPATH=${CLASSPATH}:${HDFSPROXY_CLASSPATH} -fi - -# default log directory & file -if [ "$HDFSPROXY_LOG_DIR" = "" ]; then - HDFSPROXY_LOG_DIR="$HDFSPROXY_HOME/logs" -fi -if [ "$HDFSPROXY_LOGFILE" = "" ]; then - HDFSPROXY_LOGFILE='proxy-util.log' -fi - -# restore ordinary behaviour -unset IFS - -# figure out which class to run -CLASS='org.apache.hadoop.hdfsproxy.ProxyUtil' - -# cygwin path translation -if $cygwin; then - CLASSPATH=`cygpath -p -w "$CLASSPATH"` - HDFSPROXY_HOME=`cygpath -d "$HDFSPROXY_HOME"` - HDFSPROXY_LOG_DIR=`cygpath -d "$HDFSPROXY_LOG_DIR"` -fi - -# cygwin path translation -if $cygwin; then - JAVA_LIBRARY_PATH=`cygpath -p "$JAVA_LIBRARY_PATH"` -fi - -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.log.dir=$HDFSPROXY_LOG_DIR" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.log.file=$HDFSPROXY_LOGFILE" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.home.dir=$HDFSPROXY_HOME" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.id.str=$HDFSPROXY_IDENT_STRING" -HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Dhdfsproxy.root.logger=${HDFSPROXY_ROOT_LOGGER:-INFO,console}" -if [ "x$JAVA_LIBRARY_PATH" != "x" ]; then - HDFSPROXY_OPTS="$HDFSPROXY_OPTS -Djava.library.path=$JAVA_LIBRARY_PATH" -fi - -# run it -exec "$JAVA" $JAVA_HEAP_MAX $HDFSPROXY_OPTS -classpath "$CLASSPATH" $CLASS "$@" diff --git a/hdfs/src/contrib/hdfsproxy/bin/start-hdfsproxy-tomcat.sh b/hdfs/src/contrib/hdfsproxy/bin/start-hdfsproxy-tomcat.sh deleted file mode 100644 index 7b208ee905..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/start-hdfsproxy-tomcat.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Start hdfsproxy tomcat servers. -# Run this on master node. - -usage="Usage: start-hdfsproxy-tomcat.sh" - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# get arguments -if [ $# -ge 1 ]; then - echo $usage - exit 1 -fi - -# start hdfsproxy tomcat servers -"$bin"/hdfsproxy-tomcat-servers.sh --config $HDFSPROXY_CONF_DIR --hosts hdfsproxy-hosts start diff --git a/hdfs/src/contrib/hdfsproxy/bin/start-hdfsproxy.sh b/hdfs/src/contrib/hdfsproxy/bin/start-hdfsproxy.sh deleted file mode 100755 index 2592d9c8cc..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/start-hdfsproxy.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Start hdfsproxy daemons. -# Run this on master node. - -usage="Usage: start-hdfsproxy.sh" - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# get arguments -if [ $# -ge 1 ]; then - echo $usage - exit 1 -fi - -# start hdfsproxy daemons -# "$bin"/hdfsproxy-daemon.sh --config $HDFSPROXY_CONF_DIR start -"$bin"/hdfsproxy-daemons.sh --config $HDFSPROXY_CONF_DIR --hosts hdfsproxy-hosts start diff --git a/hdfs/src/contrib/hdfsproxy/bin/stop-hdfsproxy-tomcat.sh b/hdfs/src/contrib/hdfsproxy/bin/stop-hdfsproxy-tomcat.sh deleted file mode 100644 index c03badc5c9..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/stop-hdfsproxy-tomcat.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Stop hdfsproxy tomcat servers. Run this on master node. - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# "$bin"/hdfsproxy-daemon.sh --config $HDFSPROXY_CONF_DIR stop -"$bin"/hdfsproxy-tomcat-servers.sh --config $HDFSPROXY_CONF_DIR --hosts hdfsproxy-hosts stop - diff --git a/hdfs/src/contrib/hdfsproxy/bin/stop-hdfsproxy.sh b/hdfs/src/contrib/hdfsproxy/bin/stop-hdfsproxy.sh deleted file mode 100755 index 78089e31cf..0000000000 --- a/hdfs/src/contrib/hdfsproxy/bin/stop-hdfsproxy.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Stop hdfsproxy daemons. Run this on master node. - -bin=`dirname "$0"` -bin=`cd "$bin"; pwd` - -. "$bin"/hdfsproxy-config.sh - -# "$bin"/hdfsproxy-daemon.sh --config $HDFSPROXY_CONF_DIR stop -"$bin"/hdfsproxy-daemons.sh --config $HDFSPROXY_CONF_DIR --hosts hdfsproxy-hosts stop - diff --git a/hdfs/src/contrib/hdfsproxy/build.xml b/hdfs/src/contrib/hdfsproxy/build.xml deleted file mode 100644 index 7119c50f48..0000000000 --- a/hdfs/src/contrib/hdfsproxy/build.xml +++ /dev/null @@ -1,492 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Building the .jar files. - - - -
- - - -
-
-
-
- - - - - - - - - Building the .war file - - - - - - - - - - - - - - - - - - - - - - - - - Building the forward war file - - - - - - - - - - - - - - - - - - - - - - - - - - - - Building the testing .war file - - - - - - - - - - - - - - - - - - - - - - - no clover found ... - - - - - - - - - - - Including clover.jar in the war file ... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Tests failed! - - - - - - - - - - - - - - - Free Ports: startup-${cargo.servlet.admin.port} / http-${cargo.servlet.http.port} / https-${cargo.servlet.https.port} - Please take a deep breath while Cargo gets the Tomcat for running the servlet tests... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Tests failed! - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/hdfs/src/contrib/hdfsproxy/conf/configuration.xsl b/hdfs/src/contrib/hdfsproxy/conf/configuration.xsl deleted file mode 100644 index 377cdbeb93..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/configuration.xsl +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - - - - - - - - - - - - - -
namevaluedescription
- - -
-
diff --git a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-default.xml b/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-default.xml deleted file mode 100644 index 32152466a0..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-default.xml +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - - - - hdfsproxy.https.address - 0.0.0.0:8443 - the SSL port that hdfsproxy listens on - - - - - hdfsproxy.hosts - hdfsproxy-hosts - location of hdfsproxy-hosts file - - - - - hdfsproxy.dfs.namenode.address - localhost:54321 - namenode address of the HDFS cluster being proxied - - - - - hdfsproxy.https.server.keystore.resource - ssl-server.xml - location of the resource from which ssl server keystore - information will be extracted - - - - - hdfsproxy.user.permissions.file.location - user-permissions.xml - location of the user permissions file - - - - - hdfsproxy.user.certs.file.location - user-certs.xml - location of the user certs file - - - - - hdfsproxy.ugi.cache.ugi.lifetime - 15 - The lifetime (in minutes) of a cached ugi - - - - - hdfsproxy.ldap.initial.context.factory - com.sun.jndi.ldap.LdapCtxFactory - ldap initial context factory - - - - - hdfsproxy.ldap.provider.url - ldap://localhost:389 - ldap server address - - - - - hdfsproxy.ldap.role.base - ou=proxyroles,dc=mycompany,dc=com - ldap role base - - - - - fs.default.name - - hdfs://localhost:54321 - The name of the default file system. Either the - literal string "local" or a host:port for NDFS. - true - - - - dfs.blocksize - 134217728 - The default block size for new files. - - - - io.file.buffer.size - 131072 - The size of buffer for use in sequence files. - The size of this buffer should probably be a multiple of hardware - page size (4096 on Intel x86), and it determines how much data is - buffered during read and write operations. - - - - hdfsproxy.kerberos.principal - user@REALM - kerberos principal to be used by hdfsproxy - - - - hdfsproxy.kerberos.keytab - proxy.prod.headless.keytab - kerberos keytab to be used by hdfsproxy - - - - hdfsproxy.kerberos.default.realm - /instance@REALM - kerberos default realm appended to non-qualified userIds - - - - dfs.namenode.kerberos.principal - hdfs@REALM - Namenode user name key. - - - - diff --git a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-env.sh b/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-env.sh deleted file mode 100644 index a0ff7a5d27..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-env.sh +++ /dev/null @@ -1,44 +0,0 @@ -# Set HdfsProxy-specific environment variables here. - -# The only required environment variable is JAVA_HOME. All others are -# optional. When running a distributed configuration it is best to -# set JAVA_HOME in this file, so that it is correctly defined on -# remote nodes. - -# The java implementation to use. Required. -# export JAVA_HOME=/usr/lib/j2sdk1.5-sun - -# Extra Java CLASSPATH elements. Optional. -# export HDFSPROXY_CLASSPATH= - -# The maximum amount of heap to use, in MB. Default is 1000. -# export HDFSPROXY_HEAPSIZE=2000 - -# Extra Java runtime options. Empty by default. -# export HDFSPROXY_OPTS= - -# Extra ssh options. Empty by default. -# export HDFSPROXY_SSH_OPTS="-o ConnectTimeout=1 -o SendEnv=HDFSPROXY_CONF_DIR" - -# Where log files are stored. $HDFSPROXY_HOME/logs by default. -# export HDFSPROXY_LOG_DIR=${HDFSPROXY_HOME}/logs - -# File naming remote slave hosts. $HDFSPROXY_HOME/conf/slaves by default. -# export HDFSPROXY_SLAVES=${HDFSPROXY_HOME}/conf/slaves - -# host:path where hdfsproxy code should be rsync'd from. Unset by default. -# export HDFSPROXY_MASTER=master:/home/$USER/src/hdfsproxy - -# Seconds to sleep between slave commands. Unset by default. This -# can be useful in large clusters, where, e.g., slave rsyncs can -# otherwise arrive faster than the master can service them. -# export HDFSPROXY_SLAVE_SLEEP=0.1 - -# The directory where pid files are stored. /tmp by default. -# export HDFSPROXY_PID_DIR=/var/hdfsproxy/pids - -# A string representing this instance of hdfsproxy. $USER by default. -# export HDFSPROXY_IDENT_STRING=$USER - -# The scheduling priority for daemon processes. See 'man nice'. -# export HDFSPROXY_NICENESS=10 diff --git a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-env.sh.template b/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-env.sh.template deleted file mode 100644 index a0ff7a5d27..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-env.sh.template +++ /dev/null @@ -1,44 +0,0 @@ -# Set HdfsProxy-specific environment variables here. - -# The only required environment variable is JAVA_HOME. All others are -# optional. When running a distributed configuration it is best to -# set JAVA_HOME in this file, so that it is correctly defined on -# remote nodes. - -# The java implementation to use. Required. -# export JAVA_HOME=/usr/lib/j2sdk1.5-sun - -# Extra Java CLASSPATH elements. Optional. -# export HDFSPROXY_CLASSPATH= - -# The maximum amount of heap to use, in MB. Default is 1000. -# export HDFSPROXY_HEAPSIZE=2000 - -# Extra Java runtime options. Empty by default. -# export HDFSPROXY_OPTS= - -# Extra ssh options. Empty by default. -# export HDFSPROXY_SSH_OPTS="-o ConnectTimeout=1 -o SendEnv=HDFSPROXY_CONF_DIR" - -# Where log files are stored. $HDFSPROXY_HOME/logs by default. -# export HDFSPROXY_LOG_DIR=${HDFSPROXY_HOME}/logs - -# File naming remote slave hosts. $HDFSPROXY_HOME/conf/slaves by default. -# export HDFSPROXY_SLAVES=${HDFSPROXY_HOME}/conf/slaves - -# host:path where hdfsproxy code should be rsync'd from. Unset by default. -# export HDFSPROXY_MASTER=master:/home/$USER/src/hdfsproxy - -# Seconds to sleep between slave commands. Unset by default. This -# can be useful in large clusters, where, e.g., slave rsyncs can -# otherwise arrive faster than the master can service them. -# export HDFSPROXY_SLAVE_SLEEP=0.1 - -# The directory where pid files are stored. /tmp by default. -# export HDFSPROXY_PID_DIR=/var/hdfsproxy/pids - -# A string representing this instance of hdfsproxy. $USER by default. -# export HDFSPROXY_IDENT_STRING=$USER - -# The scheduling priority for daemon processes. See 'man nice'. -# export HDFSPROXY_NICENESS=10 diff --git a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-hosts b/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-hosts deleted file mode 100644 index 2fbb50c4a8..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/hdfsproxy-hosts +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/hdfs/src/contrib/hdfsproxy/conf/log4j.properties b/hdfs/src/contrib/hdfsproxy/conf/log4j.properties deleted file mode 100644 index 2520ab3795..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/log4j.properties +++ /dev/null @@ -1,61 +0,0 @@ -# Define some default values that can be overridden by system properties -hdfsproxy.root.logger=INFO,console -hdfsproxy.log.dir=. -hdfsproxy.log.file=hdfsproxy.log - -# Define the root logger to the system property "hdfsproxy.root.logger". -log4j.rootLogger=${hdfsproxy.root.logger} - -# Logging Threshold -log4j.threshhold=ALL - -# -# Daily Rolling File Appender -# - -log4j.appender.DRFA=org.apache.log4j.DailyRollingFileAppender -log4j.appender.DRFA.File=${hdfsproxy.log.dir}/${hdfsproxy.log.file} - -# Rollver at midnight -log4j.appender.DRFA.DatePattern=.yyyy-MM-dd - -# 30-day backup -#log4j.appender.DRFA.MaxBackupIndex=30 -log4j.appender.DRFA.layout=org.apache.log4j.PatternLayout - -# Pattern format: Date LogLevel LoggerName LogMessage -log4j.appender.DRFA.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n -# Debugging Pattern format -#log4j.appender.DRFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n - - -# -# console -# Add "console" to rootlogger above if you want to use this -# - -log4j.appender.console=org.apache.log4j.ConsoleAppender -log4j.appender.console.target=System.err -log4j.appender.console.layout=org.apache.log4j.PatternLayout -log4j.appender.console.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n - -# -# Rolling File Appender -# - -#log4j.appender.RFA=org.apache.log4j.RollingFileAppender -#log4j.appender.RFA.File=${hdfsproxy.log.dir}/${hdfsproxy.log.file} - -# Logfile size and and 30-day backups -#log4j.appender.RFA.MaxFileSize=1MB -#log4j.appender.RFA.MaxBackupIndex=30 - -#log4j.appender.RFA.layout=org.apache.log4j.PatternLayout -#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} - %m%n -#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n - -# Custom Logging levels - -#log4j.logger.org.apache.hadoop.hdfsproxy.HttpsProxy=DEBUG -#log4j.logger.org.apache.hadoop.hdfsproxy.ProxyFilter=DEBUG - diff --git a/hdfs/src/contrib/hdfsproxy/conf/ssl-server.xml b/hdfs/src/contrib/hdfsproxy/conf/ssl-server.xml deleted file mode 100644 index 641da1a894..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/ssl-server.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - ssl.server.truststore.location - ${javax.net.ssl.keyStore.proxy} - - - - ssl.server.truststore.password - changeme - - - - ssl.server.keystore.location - ${javax.net.ssl.keyStore.proxy} - - - - ssl.server.keystore.password - changeme - - - - ssl.server.keystore.keypassword - changeme - - - diff --git a/hdfs/src/contrib/hdfsproxy/conf/tomcat-forward-web.xml b/hdfs/src/contrib/hdfsproxy/conf/tomcat-forward-web.xml deleted file mode 100644 index cf30667d28..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/tomcat-forward-web.xml +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - - - - - HDFS Proxy - - get data from grid forward war - - - - webmaster - zhiyong1@yahoo-inc.com - - The EMAIL address of the administrator to whom questions - and comments about this application should be addressed. - - - - - ldapIpDirFilter - org.apache.hadoop.hdfsproxy.LdapIpDirFilter - - - - ldapIpDirFilter - /* - - - - - - - proxyForward - forward data access to specifc servlets - org.apache.hadoop.hdfsproxy.ProxyForwardServlet - - - - proxyForward - /listPaths/* - - - proxyForward - /data/* - - - proxyForward - /streamFile/* - - - - fileForward - forward file data access to streamFile - org.apache.hadoop.hdfsproxy.ProxyFileForward - - - - fileForward - /file/* - - - - - - index.html - - - - - - 30 - - - - - - - - - - - - diff --git a/hdfs/src/contrib/hdfsproxy/conf/tomcat-web.xml b/hdfs/src/contrib/hdfsproxy/conf/tomcat-web.xml deleted file mode 100644 index 74f8af54b8..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/tomcat-web.xml +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - - - HDFS Proxy - - get data from grid - - - - - - - webmaster - zhiyong1@yahoo-inc.com - - The EMAIL address of the administrator to whom questions - and comments about this application should be addressed. - - - - - ldapIpDirFilter - org.apache.hadoop.hdfsproxy.LdapIpDirFilter - - - - authorizationFilter - org.apache.hadoop.hdfsproxy.KerberosAuthorizationFilter - - - - ldapIpDirFilter - /* - REQUEST - FORWARD - - - - authorizationFilter - /* - REQUEST - FORWARD - - - - - - - listPaths - list paths data access - org.apache.hadoop.hdfsproxy.ProxyListPathsServlet - - - - listPaths - /listPaths/* - - - - data - data access - org.apache.hadoop.hdfsproxy.ProxyFileDataServlet - - - - data - /data/* - - - - streamFile - stream file access - org.apache.hadoop.hdfsproxy.ProxyStreamFile - - - - streamFile - /streamFile/* - - - - - index.html - - - - - - 30 - - - - - - - - - - - - diff --git a/hdfs/src/contrib/hdfsproxy/conf/user-certs.xml b/hdfs/src/contrib/hdfsproxy/conf/user-certs.xml deleted file mode 100644 index 3e3c08f48b..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/user-certs.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - - nobody - ,6 ,, 3 , 9a2cf0be9ddf8280 - - - - - - - - Admin - , 6, ,, 3 , 9a2cf0be9ddf8280 - - - - - - - diff --git a/hdfs/src/contrib/hdfsproxy/conf/user-permissions.xml b/hdfs/src/contrib/hdfsproxy/conf/user-permissions.xml deleted file mode 100644 index 819c1a691d..0000000000 --- a/hdfs/src/contrib/hdfsproxy/conf/user-permissions.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - - - nobody - , - - - - /input, /user, /data - - - - diff --git a/hdfs/src/contrib/hdfsproxy/ivy.xml b/hdfs/src/contrib/hdfsproxy/ivy.xml deleted file mode 100644 index e32783b173..0000000000 --- a/hdfs/src/contrib/hdfsproxy/ivy.xml +++ /dev/null @@ -1,127 +0,0 @@ - - - - - - - - - Apache Hadoop contrib - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/hdfs/src/contrib/hdfsproxy/ivy/libraries.properties b/hdfs/src/contrib/hdfsproxy/ivy/libraries.properties deleted file mode 100644 index 6b2e55f912..0000000000 --- a/hdfs/src/contrib/hdfsproxy/ivy/libraries.properties +++ /dev/null @@ -1,18 +0,0 @@ -#This properties file lists the versions of the various artifacts used by hadoop. -#It drives ivy and the generation of a maven POM -#These are the versions of our dependencies (in alphabetical order) -ivy.version=2.1.0 - -log4j.version=1.2.15 -slf4j-api.version=1.5.11 -slf4j-log4j12.version=1.5.11 -jetty.version=6.1.14 -jetty-util.version=6.1.14 -servlet-api-2.5.version=6.1.14 -cactus.version=1.8.0 -commons-logging.version=1.1.1 -commons-logging-api.version=1.1 -junit.version=4.8.1 -jsp.version=2.1 -core.version=3.1.1 -xmlenc.version=0.52 \ No newline at end of file diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java deleted file mode 100644 index 2a32320fce..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java +++ /dev/null @@ -1,166 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.conf.Configuration; - -import javax.servlet.*; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.List; -import java.util.Arrays; -import java.util.regex.Pattern; -import java.util.regex.Matcher; - -public class AuthorizationFilter implements Filter { - public static final Log LOG = LogFactory.getLog(AuthorizationFilter.class); - - private static final Pattern HDFS_PATH_PATTERN = Pattern - .compile("(^hdfs://([\\w\\-]+(\\.)?)+:\\d+|^hdfs://([\\w\\-]+(\\.)?)+)"); - - /** Pattern for a filter to find out if a request is HFTP/HSFTP request */ - protected static final Pattern HFTP_PATTERN = Pattern - .compile("^(/listPaths|/data|/streamFile|/file)$"); - - protected String namenode; - - /** {@inheritDoc} **/ - public void init(FilterConfig filterConfig) throws ServletException { - Configuration conf = new Configuration(false); - conf.addResource("hdfsproxy-default.xml"); - conf.addResource("hdfsproxy-site.xml"); - namenode = conf.get("fs.default.name"); - } - - /** {@inheritDoc} **/ - @SuppressWarnings("unchecked") - public void doFilter(ServletRequest request, - ServletResponse response, - FilterChain chain) - throws IOException, ServletException { - - HttpServletResponse rsp = (HttpServletResponse) response; - HttpServletRequest rqst = (HttpServletRequest) request; - - String userId = getUserId(request); - String groups = getGroups(request); - List allowedPaths = getAllowedPaths(request); - - UserGroupInformation ugi = - UserGroupInformation.createRemoteUser(userId); - - String filePath = getPathFromRequest(rqst); - - if (filePath == null || !checkHdfsPath(filePath, allowedPaths)) { - String msg = "User " + userId + " (" + groups - + ") is not authorized to access path " + filePath; - LOG.warn(msg); - rsp.sendError(HttpServletResponse.SC_FORBIDDEN, msg); - return; - } - request.setAttribute("authorized.ugi", ugi); - - LOG.info("User: " + userId + "(" + groups + - ") Request: " + rqst.getPathInfo() + " From: " + - rqst.getRemoteAddr()); - - chain.doFilter(request, response); - } - - protected String getUserId(ServletRequest rqst) { - String userId = (String) rqst. - getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - if (userId != null) - userId = userId.split("[/@]")[0]; - return userId; - } - - protected String getGroups(ServletRequest request) { - UserGroupInformation ugi = UserGroupInformation. - createRemoteUser(getUserId(request)); - return Arrays.toString(ugi.getGroupNames()); - } - - @SuppressWarnings("unchecked") - protected List getAllowedPaths(ServletRequest request) { - return (List)request. - getAttribute("org.apache.hadoop.hdfsproxy.authorized.paths"); - } - - protected String getPathFromRequest(HttpServletRequest rqst) { - String filePath = null; - // check request path - String servletPath = rqst.getServletPath(); - if (HFTP_PATTERN.matcher(servletPath).matches()) { - // file path as part of the URL - filePath = rqst.getPathInfo() != null ? rqst.getPathInfo() : "/"; - } - return filePath; - } - - /** check that the requested path is listed in the ldap entry - * @param pathInfo - Path to check access - * @param ldapPaths - List of paths allowed access - * @return true if access allowed, false otherwise */ - public boolean checkHdfsPath(String pathInfo, - List ldapPaths) { - if (pathInfo == null || pathInfo.length() == 0) { - LOG.info("Can't get file path from the request"); - return false; - } - for (Path ldapPathVar : ldapPaths) { - String ldapPath = ldapPathVar.toString(); - if (isPathQualified(ldapPath) && - isPathAuthroized(ldapPath)) { - String allowedPath = extractPath(ldapPath); - if (pathInfo.startsWith(allowedPath)) - return true; - } else { - if (pathInfo.startsWith(ldapPath)) - return true; - } - } - return false; - } - - private String extractPath(String ldapPath) { - return HDFS_PATH_PATTERN.split(ldapPath)[1]; - } - - private boolean isPathAuthroized(String pathStr) { - Matcher namenodeMatcher = HDFS_PATH_PATTERN.matcher(pathStr); - return namenodeMatcher.find() && namenodeMatcher.group().contains(namenode); - } - - private boolean isPathQualified(String pathStr) { - if (pathStr == null || pathStr.trim().isEmpty()) { - return false; - } else { - return HDFS_PATH_PATTERN.matcher(pathStr).find(); - } - } - - /** {@inheritDoc} **/ - public void destroy() { - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/HdfsProxy.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/HdfsProxy.java deleted file mode 100644 index 1837adb123..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/HdfsProxy.java +++ /dev/null @@ -1,157 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; - -import java.net.InetSocketAddress; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.util.StringUtils; -import org.apache.hadoop.hdfs.HdfsConfiguration; -import org.apache.hadoop.hdfs.server.common.JspHelper; -import org.apache.hadoop.hdfs.server.namenode.NameNode; -import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer; - -/** - * A HTTPS/SSL proxy to HDFS, implementing certificate based access control. - */ -public class HdfsProxy { - public static final Log LOG = LogFactory.getLog(HdfsProxy.class); - - private ProxyHttpServer server; - private InetSocketAddress sslAddr; - - /** Construct a proxy from the given configuration */ - public HdfsProxy(Configuration conf) throws IOException { - try { - initialize(conf); - } catch (IOException e) { - this.stop(); - throw e; - } - } - - private void initialize(Configuration conf) throws IOException { - sslAddr = getSslAddr(conf); - String nn = conf.get("hdfsproxy.dfs.namenode.address"); - if (nn == null) - throw new IOException("HDFS NameNode address is not specified"); - InetSocketAddress nnAddr = NetUtils.createSocketAddr(nn); - LOG.info("HDFS NameNode is at: " + nnAddr.getHostName() + ":" + nnAddr.getPort()); - - Configuration sslConf = new HdfsConfiguration(false); - sslConf.addResource(conf.get("hdfsproxy.https.server.keystore.resource", - "ssl-server.xml")); - // unit testing - sslConf.set("proxy.http.test.listener.addr", - conf.get("proxy.http.test.listener.addr")); - - this.server = new ProxyHttpServer(sslAddr, sslConf); - this.server.setAttribute("proxy.https.port", server.getPort()); - this.server.setAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY, nnAddr); - this.server.setAttribute(JspHelper.CURRENT_CONF, new HdfsConfiguration()); - this.server.addGlobalFilter("ProxyFilter", ProxyFilter.class.getName(), null); - this.server.addServlet("listPaths", "/listPaths/*", ProxyListPathsServlet.class); - this.server.addServlet("data", "/data/*", ProxyFileDataServlet.class); - this.server.addServlet("streamFile", "/streamFile/*", ProxyStreamFile.class); - } - - /** return the http port if any, only for testing purposes */ - int getPort() throws IOException { - return server.getPort(); - } - - /** - * Start the server. - */ - public void start() throws IOException { - this.server.start(); - LOG.info("HdfsProxy server up at: " + sslAddr.getHostName() + ":" - + sslAddr.getPort()); - } - - /** - * Stop all server threads and wait for all to finish. - */ - public void stop() { - try { - if (server != null) { - server.stop(); - server.join(); - } - } catch (Exception e) { - LOG.warn("Got exception shutting down proxy", e); - } - } - - /** - * Wait for service to finish. - * (Normally, it runs forever.) - */ - public void join() { - try { - this.server.join(); - } catch (InterruptedException ie) { - } - } - - static InetSocketAddress getSslAddr(Configuration conf) throws IOException { - String addr = conf.get("hdfsproxy.https.address"); - if (addr == null) - throw new IOException("HdfsProxy address is not specified"); - return NetUtils.createSocketAddr(addr); - } - - - - public static HdfsProxy createHdfsProxy(String argv[], Configuration conf) - throws IOException { - if (argv.length > 0) { - System.err.println("Usage: HdfsProxy"); - return null; - } - if (conf == null) { - conf = new HdfsConfiguration(false); - conf.addResource("hdfsproxy-default.xml"); - } - - StringUtils.startupShutdownMessage(HdfsProxy.class, argv, LOG); - HdfsProxy proxy = new HdfsProxy(conf); - proxy.start(); - return proxy; - } - - public static void main(String[] argv) throws Exception { - try { - HdfsProxy proxy = createHdfsProxy(argv, null); - if (proxy != null) - proxy.join(); - } catch (Throwable e) { - LOG.error(StringUtils.stringifyException(e)); - System.exit(-1); - } - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java deleted file mode 100644 index e34fc3172b..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java +++ /dev/null @@ -1,83 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.CommonConfigurationKeys; -import org.apache.hadoop.security.UserGroupInformation; - -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import java.io.IOException; - -/** - * This filter is required for hdfsproxies connecting to HDFS - * with kerberos authentication. Keytab file and principal to - * use for proxy user is retrieved from a configuration file. - * If user attribute in ldap doesn't kerberos realm, the - * default realm is picked up from configuration. - */ -public class KerberosAuthorizationFilter - extends AuthorizationFilter { - - private String defaultRealm; - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - super.init(filterConfig); - Configuration conf = new Configuration(false); - conf.addResource("hdfsproxy-default.xml"); - conf.addResource("hdfsproxy-site.xml"); - initializeUGI(conf); - initDefaultRealm(conf); - } - - private void initializeUGI(Configuration conf) { - try { - conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, - "kerberos"); - - UserGroupInformation.setConfiguration(conf); - UserGroupInformation.loginUserFromKeytab( - conf.get("hdfsproxy.kerberos.principal"), - conf.get("hdfsproxy.kerberos.keytab")); - - LOG.info("Logged in user: " + - UserGroupInformation.getLoginUser().getUserName() + - ", Current User: " + UserGroupInformation.getCurrentUser().getUserName()); - - } catch (IOException e) { - throw new RuntimeException("Unable to initialize credentials", e); - } - } - - private void initDefaultRealm(Configuration conf) { - defaultRealm = conf.get("hdfsproxy.kerberos.default.realm",""); - } - - @Override - /** If the userid does not have realm, add the default realm */ - protected String getUserId(ServletRequest request) { - String userId = (String) request. - getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - return userId + - (userId.indexOf('@') > 0 ? "" : defaultRealm); - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java deleted file mode 100644 index 3c763a40c2..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java +++ /dev/null @@ -1,241 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; -import java.net.InetSocketAddress; -import java.util.ArrayList; -import java.util.Hashtable; -import java.util.regex.Pattern; - -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.Attributes; -import javax.naming.directory.BasicAttribute; -import javax.naming.directory.BasicAttributes; -import javax.naming.directory.SearchResult; -import javax.naming.ldap.InitialLdapContext; -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.UserGroupInformation; - -import org.apache.hadoop.hdfs.HdfsConfiguration; - -public class LdapIpDirFilter implements Filter { - public static final Log LOG = LogFactory.getLog(LdapIpDirFilter.class); - - private static String baseName; - private static String hdfsIpSchemaStr; - private static String hdfsIpSchemaStrPrefix; - private static String hdfsUidSchemaStr; - private static String hdfsPathSchemaStr; - - private InitialLdapContext lctx; - - private class LdapRoleEntry { - String userId; - ArrayList paths; - - void init(String userId, ArrayList paths) { - this.userId = userId; - this.paths = paths; - } - - boolean contains(Path path) { - return paths != null && paths.contains(path); - } - - @Override - public String toString() { - return "LdapRoleEntry{" + - ", userId='" + userId + '\'' + - ", paths=" + paths + - '}'; - } - } - - public void initialize(String bName, InitialLdapContext ctx) { - // hook to cooperate unit test - baseName = bName; - hdfsIpSchemaStr = "uniqueMember"; - hdfsIpSchemaStrPrefix = "cn="; - hdfsUidSchemaStr = "uid"; - hdfsPathSchemaStr = "documentLocation"; - lctx = ctx; - } - - /** {@inheritDoc} */ - public void init(FilterConfig filterConfig) throws ServletException { - ServletContext context = filterConfig.getServletContext(); - Configuration conf = new HdfsConfiguration(false); - conf.addResource("hdfsproxy-default.xml"); - conf.addResource("hdfsproxy-site.xml"); - // extract namenode from source conf. - String nn = ProxyUtil.getNamenode(conf); - InetSocketAddress nAddr = NetUtils.createSocketAddr(nn); - context.setAttribute("name.node.address", nAddr); - context.setAttribute("name.conf", conf); - - // for storing hostname <--> cluster mapping to decide which source cluster - // to forward - context.setAttribute("org.apache.hadoop.hdfsproxy.conf", conf); - - if (lctx == null) { - Hashtable env = new Hashtable(); - env.put(InitialLdapContext.INITIAL_CONTEXT_FACTORY, conf.get( - "hdfsproxy.ldap.initial.context.factory", - "com.sun.jndi.ldap.LdapCtxFactory")); - env.put(InitialLdapContext.PROVIDER_URL, conf - .get("hdfsproxy.ldap.provider.url")); - - try { - lctx = new InitialLdapContext(env, null); - } catch (NamingException ne) { - throw new ServletException("NamingException in initializing ldap" - + ne.toString()); - } - - baseName = conf.get("hdfsproxy.ldap.role.base"); - hdfsIpSchemaStr = conf.get("hdfsproxy.ldap.ip.schema.string", - "uniqueMember"); - hdfsIpSchemaStrPrefix = conf.get( - "hdfsproxy.ldap.ip.schema.string.prefix", "cn="); - hdfsUidSchemaStr = conf.get("hdfsproxy.ldap.uid.schema.string", "uid"); - hdfsPathSchemaStr = conf.get("hdfsproxy.ldap.hdfs.path.schema.string", - "documentLocation"); - } - LOG.info("LdapIpDirFilter initialization successful"); - } - - /** {@inheritDoc} */ - public void destroy() { - } - - /** {@inheritDoc} */ - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - - String prevThreadName = Thread.currentThread().getName(); - - try { - HttpServletRequest rqst = (HttpServletRequest) request; - HttpServletResponse rsp = (HttpServletResponse) response; - - String contextPath = rqst.getContextPath(); - Thread.currentThread().setName(contextPath); - - if (LOG.isDebugEnabled()) { - StringBuilder b = new StringBuilder("Request from ").append( - rqst.getRemoteHost()).append("/").append(rqst.getRemoteAddr()) - .append(":").append(rqst.getRemotePort()); - b.append("\n The Scheme is " + rqst.getScheme()); - b.append("\n The Path Info is " + rqst.getPathInfo()); - b.append("\n The Translated Path Info is " + rqst.getPathTranslated()); - b.append("\n The Context Path is " + rqst.getContextPath()); - b.append("\n The Query String is " + rqst.getQueryString()); - b.append("\n The Request URI is " + rqst.getRequestURI()); - b.append("\n The Request URL is " + rqst.getRequestURL()); - b.append("\n The Servlet Path is " + rqst.getServletPath()); - LOG.debug(b.toString()); - } - LdapRoleEntry ldapent = new LdapRoleEntry(); - // check ip address - String userIp = rqst.getRemoteAddr(); - try { - boolean isAuthorized = getLdapRoleEntryFromUserIp(userIp, ldapent); - if (!isAuthorized) { - rsp.sendError(HttpServletResponse.SC_FORBIDDEN, "IP " + userIp - + " is not authorized to access"); - return; - } - } catch (NamingException ne) { - throw new IOException("NamingException while searching ldap" - + ne.toString()); - } - - // since we cannot pass ugi object cross context as they are from - // different - // classloaders in different war file, we have to use String attribute. - rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID", - ldapent.userId); - rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths", - ldapent.paths); - LOG.info("User: " + ldapent.userId + ", Request: " + rqst.getPathInfo() + - " From: " + rqst.getRemoteAddr()); - chain.doFilter(request, response); - } finally { - Thread.currentThread().setName(prevThreadName); - } - } - - /** - * check if client's ip is listed in the Ldap Roles if yes, return true and - * update ldapent. if not, return false - * */ - @SuppressWarnings("unchecked") - private boolean getLdapRoleEntryFromUserIp(String userIp, - LdapRoleEntry ldapent) throws NamingException { - String ipMember = hdfsIpSchemaStrPrefix + userIp; - Attributes matchAttrs = new BasicAttributes(true); - matchAttrs.put(new BasicAttribute(hdfsIpSchemaStr, ipMember)); - matchAttrs.put(new BasicAttribute(hdfsUidSchemaStr)); - matchAttrs.put(new BasicAttribute(hdfsPathSchemaStr)); - - String[] attrIDs = { hdfsUidSchemaStr, hdfsPathSchemaStr }; - - NamingEnumeration results = lctx.search(baseName, matchAttrs, - attrIDs); - if (results.hasMore()) { - String userId = null; - ArrayList paths = new ArrayList(); - SearchResult sr = results.next(); - Attributes attrs = sr.getAttributes(); - for (NamingEnumeration ne = attrs.getAll(); ne.hasMore();) { - Attribute attr = (Attribute) ne.next(); - if (hdfsUidSchemaStr.equalsIgnoreCase(attr.getID())) { - userId = (String) attr.get(); - } else if (hdfsPathSchemaStr.equalsIgnoreCase(attr.getID())) { - for (NamingEnumeration e = attr.getAll(); e.hasMore();) { - String pathStr = (String) e.next(); - paths.add(new Path(pathStr)); - } - } - } - ldapent.init(userId, paths); - if (LOG.isDebugEnabled()) LOG.debug(ldapent); - return true; - } - LOG.info("Ip address " + userIp - + " is not authorized to access the proxy server"); - return false; - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java deleted file mode 100644 index c9c8abd083..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java +++ /dev/null @@ -1,69 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; -import java.net.InetSocketAddress; -import java.net.URI; -import java.net.URISyntaxException; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.hdfs.protocol.ClientProtocol; -import org.apache.hadoop.hdfs.protocol.HdfsFileStatus; -import org.apache.hadoop.hdfs.server.common.JspHelper; -import org.apache.hadoop.hdfs.server.namenode.FileDataServlet; -import org.apache.hadoop.hdfs.server.namenode.NameNode; -import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer; -import org.apache.hadoop.security.UserGroupInformation; - -/** {@inheritDoc} */ -public class ProxyFileDataServlet extends FileDataServlet { - /** For java.io.Serializable */ - private static final long serialVersionUID = 1L; - - /** {@inheritDoc} */ - @Override - protected URI createUri(String parent, HdfsFileStatus i, UserGroupInformation ugi, - ClientProtocol nnproxy, HttpServletRequest request, String dt) throws IOException, - URISyntaxException { - String dtParam=""; - if (dt != null) { - dtParam=JspHelper.getDelegationTokenUrlParam(dt); - } - InetSocketAddress nnAddress = (InetSocketAddress) getServletContext() - .getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY); - String nnHostPort = nnAddress == null ? null : NameNode - .getHostPortString(nnAddress); - String addrParam = JspHelper.getUrlParam(JspHelper.NAMENODE_ADDRESS, - nnHostPort); - return new URI(request.getScheme(), null, request.getServerName(), request - .getServerPort(), "/streamFile" + i.getFullName(parent), - "&ugi=" + ugi.getShortUserName() + dtParam + addrParam, null); - } - - /** {@inheritDoc} */ - @Override - protected UserGroupInformation getUGI(HttpServletRequest request, - Configuration conf) { - String userID = (String) request - .getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - return ProxyUtil.getProxyUGIFor(userID); - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileForward.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileForward.java deleted file mode 100644 index 1f99ef40a0..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileForward.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.hadoop.security.UserGroupInformation; - - -public class ProxyFileForward extends ProxyForwardServlet { - /** For java.io.Serializable */ - private static final long serialVersionUID = 1L; - - /** {@inheritDoc} */ - @Override - protected String buildForwardPath(HttpServletRequest request, String pathInfo) { - String path = "/streamFile"; - path += request.getPathInfo(); - String userID = (String) request. - getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - UserGroupInformation ugi = ProxyUtil.getProxyUGIFor(userID); - if (ugi != null) { - path += "?ugi=" + ugi.getShortUserName(); - } - return path; - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFilter.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFilter.java deleted file mode 100644 index e74627096a..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFilter.java +++ /dev/null @@ -1,368 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; -import java.util.regex.Pattern; -import java.net.InetSocketAddress; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.ServletContext; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.net.NetUtils; - -import org.apache.hadoop.hdfs.HdfsConfiguration; - -public class ProxyFilter implements Filter { - public static final Log LOG = LogFactory.getLog(ProxyFilter.class); - - /** Pattern for triggering reload of user permissions */ - protected static final Pattern RELOAD_PATTERN = Pattern - .compile("^(/reloadPermFiles)$"); - /** Pattern for a filter to find out if a request is HFTP/HSFTP request */ - protected static final Pattern HFTP_PATTERN = Pattern - .compile("^(/listPaths|/data|/streamFile|/file)$"); - /** - * Pattern for a filter to find out if an HFTP/HSFTP request stores its file - * path in the extra path information associated with the URL; if not, the - * file path is stored in request parameter "filename" - */ - protected static final Pattern FILEPATH_PATTERN = Pattern - .compile("^(/listPaths|/data|/file)$"); - - private static volatile Map> permsMap; - private static volatile Map> certsMap; - static { - Configuration conf = new HdfsConfiguration(false); - conf.addResource("hdfsproxy-default.xml"); - Map> pMap = getPermMap(conf); - permsMap = pMap != null ? pMap : new HashMap>(); - Map> cMap = getCertsMap(conf); - certsMap = cMap != null ? cMap : new HashMap>(); - } - - - /** {@inheritDoc} */ - public void init(FilterConfig filterConfig) throws ServletException { - ServletContext context = filterConfig.getServletContext(); - Configuration conf = new HdfsConfiguration(false); - conf.addResource("hdfsproxy-default.xml"); - conf.addResource("ssl-server.xml"); - conf.addResource("hdfsproxy-site.xml"); - String nn = conf.get("hdfsproxy.dfs.namenode.address"); - if (nn == null) { - throw new ServletException("Proxy source cluster name node address not speficied"); - } - InetSocketAddress nAddr = NetUtils.createSocketAddr(nn); - context.setAttribute("name.node.address", nAddr); - context.setAttribute("name.conf", new HdfsConfiguration()); - - context.setAttribute("org.apache.hadoop.hdfsproxy.conf", conf); - LOG.info("proxyFilter initialization success: " + nn); - } - - private static Map> getPermMap(Configuration conf) { - String permLoc = conf.get("hdfsproxy.user.permissions.file.location", - "user-permissions.xml"); - if (conf.getResource(permLoc) == null) { - LOG.warn("HdfsProxy user permissions file not found"); - return null; - } - Configuration permConf = new HdfsConfiguration(false); - permConf.addResource(permLoc); - Map> map = new HashMap>(); - for (Map.Entry e : permConf) { - String k = e.getKey(); - String v = e.getValue(); - if (k != null && k.length() != 0 && v != null && v.length() != 0) { - Set pathSet = new HashSet(); - String[] paths = v.split(",\\s*"); - for (String p : paths) { - if (p.length() != 0) { - pathSet.add(new Path(p)); - } - } - map.put(k, pathSet); - } - } - return map; - } - - private static Map> getCertsMap(Configuration conf) { - String certsLoc = conf.get("hdfsproxy.user.certs.file.location", - "user-certs.xml"); - if (conf.getResource(certsLoc) == null) { - LOG.warn("HdfsProxy user certs file not found"); - return null; - } - Configuration certsConf = new HdfsConfiguration(false); - certsConf.addResource(certsLoc); - Map> map = new HashMap>(); - for (Map.Entry e : certsConf) { - String k = e.getKey(); - String v = e.getValue().trim(); - if (k != null && k.length() != 0 && v != null && v.length() != 0) { - Set numSet = new HashSet(); - String[] serialnumbers = v.split("\\s*,\\s*"); - for (String num : serialnumbers) { - if (num.length() != 0) { - numSet.add(new BigInteger(num, 16)); - } - } - map.put(k, numSet); - } - } - return map; - } - - /** {@inheritDoc} */ - public void destroy() { - } - - - - /** {@inheritDoc} */ - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - - HttpServletRequest rqst = (HttpServletRequest) request; - HttpServletResponse rsp = (HttpServletResponse) response; - - if (LOG.isDebugEnabled()) { - StringBuilder b = new StringBuilder("Request from ").append( - rqst.getRemoteHost()).append("/").append(rqst.getRemoteAddr()) - .append(":").append(rqst.getRemotePort()); - - @SuppressWarnings("unchecked") - Enumeration e = rqst.getAttributeNames(); - for (; e.hasMoreElements();) { - String attribute = e.nextElement(); - b.append("\n " + attribute + " => " + rqst.getAttribute(attribute)); - } - - X509Certificate[] userCerts = (X509Certificate[]) rqst - .getAttribute("javax.servlet.request.X509Certificate"); - if (userCerts != null) - for (X509Certificate cert : userCerts) - b.append("\n Client certificate Subject Name is " - + cert.getSubjectX500Principal().getName()); - - b.append("\n The Scheme is " + rqst.getScheme()); - b.append("\n The Auth Type is " + rqst.getAuthType()); - b.append("\n The Path Info is " + rqst.getPathInfo()); - b.append("\n The Translated Path Info is " + rqst.getPathTranslated()); - b.append("\n The Context Path is " + rqst.getContextPath()); - b.append("\n The Query String is " + rqst.getQueryString()); - b.append("\n The Remote User is " + rqst.getRemoteUser()); - b.append("\n The User Principal is " + rqst.getUserPrincipal()); - b.append("\n The Request URI is " + rqst.getRequestURI()); - b.append("\n The Request URL is " + rqst.getRequestURL()); - b.append("\n The Servlet Path is " + rqst.getServletPath()); - - LOG.debug(b.toString()); - } - - boolean unitTest = false; - if (rqst.getScheme().equalsIgnoreCase("http") && rqst.getParameter("UnitTest") != null) unitTest = true; - - if (rqst.getScheme().equalsIgnoreCase("https") || unitTest) { - boolean isAuthorized = false; - X509Certificate[] certs = (X509Certificate[]) rqst.getAttribute("javax.servlet.request.X509Certificate"); - - if (unitTest) { - try { - if (LOG.isDebugEnabled()) { - LOG.debug("==> Entering https unit test"); - } - String SslPath = rqst.getParameter("SslPath"); - InputStream inStream = new FileInputStream(SslPath); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); - inStream.close(); - certs = new X509Certificate[] {cert}; - } catch (Exception e) { - // do nothing here - } - } - - if (certs == null || certs.length == 0) { - rsp.sendError(HttpServletResponse.SC_BAD_REQUEST, - "No client SSL certificate received"); - LOG.info("No Client SSL certificate received"); - return; - } - for (X509Certificate cert : certs) { - try { - cert.checkValidity(); - } catch (CertificateExpiredException e) { - LOG.info("Received cert for " - + cert.getSubjectX500Principal().getName() + " expired"); - rsp - .sendError(HttpServletResponse.SC_FORBIDDEN, - "Certificate expired"); - return; - } catch (CertificateNotYetValidException e) { - LOG.info("Received cert for " - + cert.getSubjectX500Principal().getName() + " is not yet valid"); - rsp.sendError(HttpServletResponse.SC_FORBIDDEN, - "Certificate is not yet valid"); - return; - } - } - - String[] tokens = certs[0].getSubjectX500Principal().getName().split( - "\\s*,\\s*"); - String userID = null; - for (String s : tokens) { - if (s.startsWith("CN=")) { - userID = s; - break; - } - } - if (userID == null || userID.length() < 4) { - LOG.info("Can't retrieve user ID from SSL certificate"); - rsp.sendError(HttpServletResponse.SC_FORBIDDEN, - "Can't retrieve user ID from SSL certificate"); - return; - } - userID = userID.substring(3); - - String servletPath = rqst.getServletPath(); - if (unitTest) { - servletPath = rqst.getParameter("TestSevletPathInfo"); - LOG.info("this is for unit test purpose only"); - } - - if (HFTP_PATTERN.matcher(servletPath).matches()) { - // request is an HSFTP request - if (FILEPATH_PATTERN.matcher(servletPath).matches()) { - // file path as part of the URL - isAuthorized = checkPath(userID, certs[0], - rqst.getPathInfo() != null ? rqst.getPathInfo() : "/"); - } else { - // file path is stored in "filename" parameter - isAuthorized = checkPath(userID, certs[0], rqst - .getParameter("filename")); - } - } else if (RELOAD_PATTERN.matcher(servletPath).matches() - && checkUser("Admin", certs[0])) { - Configuration conf = new HdfsConfiguration(false); - conf.addResource("hdfsproxy-default.xml"); - Map> permsMap = getPermMap(conf); - Map> certsMap = getCertsMap(conf); - if (permsMap == null || certsMap == null) { - LOG.warn("Permission files reloading failed"); - rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, - "Permission files reloading failed"); - return; - } - ProxyFilter.permsMap = permsMap; - ProxyFilter.certsMap = certsMap; - LOG.info("User permissions and user certs files reloaded"); - rsp.setStatus(HttpServletResponse.SC_OK); - return; - } - - if (!isAuthorized) { - rsp.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized access"); - return; - } - - // request is authorized, set ugi for servlets - UserGroupInformation ugi = UserGroupInformation.createRemoteUser(userID); - rqst.setAttribute("authorized.ugi", ugi); - rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID", userID); - } else if(rqst.getScheme().equalsIgnoreCase("http")) { // http request, set ugi for servlets, only for testing purposes - String ugi = rqst.getParameter("ugi"); - if (ugi != null) { - rqst.setAttribute("authorized.ugi", UserGroupInformation.createRemoteUser(ugi)); - rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID", ugi.split(",")[0]); - } - } - chain.doFilter(request, response); - } - - /** check that client's cert is listed in the user certs file */ - private boolean checkUser(String userID, X509Certificate cert) { - Set numSet = certsMap.get(userID); - if (numSet == null) { - LOG.info("User " + userID + " is not configured in the user certs file"); - return false; - } - if (!numSet.contains(cert.getSerialNumber())) { - LOG.info("Cert with serial number " + cert.getSerialNumber() - + " is not listed for user " + userID); - return false; - } - return true; - } - - /** check that the requested path is listed in the user permissions file */ - private boolean checkPath(String userID, X509Certificate cert, String pathInfo) { - if (!checkUser(userID, cert)) { - return false; - } - - Set pathSet = permsMap.get(userID); - if (pathSet == null) { - LOG.info("User " + userID - + " is not listed in the user permissions file"); - return false; - } - if (pathInfo == null || pathInfo.length() == 0) { - LOG.info("Can't get file path from HTTPS request; user is " + userID); - return false; - } - - Path userPath = new Path(pathInfo); - while (userPath != null) { - if (LOG.isDebugEnabled()) { - LOG.debug("\n Checking file path " + userPath); - } - if (pathSet.contains(userPath)) - return true; - userPath = userPath.getParent(); - } - LOG.info("User " + userID + " is not authorized to access " + pathInfo); - return false; - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyForwardServlet.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyForwardServlet.java deleted file mode 100644 index 0313766ca5..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyForwardServlet.java +++ /dev/null @@ -1,110 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; - -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; - -/** - * - * - */ -public class ProxyForwardServlet extends HttpServlet { - /** - * - */ - private static final long serialVersionUID = 1L; - private static Configuration configuration = null; - public static final Log LOG = LogFactory.getLog(ProxyForwardServlet.class); - - /** {@inheritDoc} */ - @Override - public void init() throws ServletException { - ServletContext context = getServletContext(); - configuration = (Configuration) context - .getAttribute("org.apache.hadoop.hdfsproxy.conf"); - } - - /** {@inheritDoc} */ - @Override - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws IOException, ServletException { - String hostname = request.getServerName(); - - String version = configuration.get(hostname); - if (version == null) { - // extract from hostname directly - String[] strs = hostname.split("[-\\.]"); - version = "/" + strs[0]; - } - - ServletContext curContext = getServletContext(); - ServletContext dstContext = curContext.getContext(version); - - // avoid infinite forwarding. - if (dstContext == null - || getServletContext().equals(dstContext)) { - LOG.error("Context (" + version - + ".war) non-exist or restricted from access"); - response.sendError(HttpServletResponse.SC_NOT_FOUND); - return; - } - if(LOG.isDebugEnabled()) { - LOG.debug("Request to " + hostname + - " is forwarded to version " + version); - } - forwardRequest(request, response, dstContext, request.getServletPath()); - - } - - /** {@inheritDoc} */ - public void forwardRequest(HttpServletRequest request, - HttpServletResponse response, ServletContext context, String pathInfo) - throws IOException, ServletException { - String path = buildForwardPath(request, pathInfo); - RequestDispatcher dispatcher = context.getRequestDispatcher(path); - if (dispatcher == null) { - LOG.info("There was no such dispatcher: " + path); - response.sendError(HttpServletResponse.SC_NO_CONTENT); - return; - } - dispatcher.forward(request, response); - } - - /** {@inheritDoc} */ - protected String buildForwardPath(HttpServletRequest request, String pathInfo) { - String path = pathInfo; - if (request.getPathInfo() != null) { - path += request.getPathInfo(); - } - if (request.getQueryString() != null) { - path += "?" + request.getQueryString(); - } - return path; - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyHttpServer.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyHttpServer.java deleted file mode 100644 index 952464eaee..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyHttpServer.java +++ /dev/null @@ -1,76 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; -import java.net.InetSocketAddress; -import java.util.Map; - -import javax.servlet.http.HttpServlet; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.http.HttpServer; -import org.apache.hadoop.net.NetUtils; - -import org.mortbay.jetty.Connector; -import org.mortbay.jetty.nio.SelectChannelConnector; -import org.mortbay.jetty.security.SslSocketConnector; - -/** - * Create a Jetty embedded server to answer http/https requests. - */ -public class ProxyHttpServer extends HttpServer { - public static final Log LOG = LogFactory.getLog(ProxyHttpServer.class); - - public ProxyHttpServer(InetSocketAddress addr, Configuration conf) - throws IOException { - super("", addr.getHostName(), addr.getPort(), 0 <= addr.getPort(), conf); - } - - /** {@inheritDoc} */ - public Connector createBaseListener(Configuration conf) - throws IOException { - final String sAddr; - if (null == (sAddr = conf.get("proxy.http.test.listener.addr"))) { - SslSocketConnector sslListener = new SslSocketConnector(); - sslListener.setKeystore(conf.get("ssl.server.keystore.location")); - sslListener.setPassword(conf.get("ssl.server.keystore.password", "")); - sslListener.setKeyPassword(conf.get("ssl.server.keystore.keypassword", "")); - sslListener.setKeystoreType(conf.get("ssl.server.keystore.type", "jks")); - sslListener.setNeedClientAuth(true); - System.setProperty("javax.net.ssl.trustStore", - conf.get("ssl.server.truststore.location", "")); - System.setProperty("javax.net.ssl.trustStorePassword", - conf.get("ssl.server.truststore.password", "")); - System.setProperty("javax.net.ssl.trustStoreType", - conf.get("ssl.server.truststore.type", "jks")); - return sslListener; - } - // unit test - InetSocketAddress proxyAddr = NetUtils.createSocketAddr(sAddr); - SelectChannelConnector testlistener = new SelectChannelConnector(); - testlistener.setUseDirectBuffers(false); - testlistener.setHost(proxyAddr.getHostName()); - testlistener.setPort(proxyAddr.getPort()); - return testlistener; - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyListPathsServlet.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyListPathsServlet.java deleted file mode 100644 index 9ea679adb7..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyListPathsServlet.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.hadoop.hdfs.server.namenode.ListPathsServlet; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.conf.Configuration; - -/** {@inheritDoc} */ -public class ProxyListPathsServlet extends ListPathsServlet { - /** For java.io.Serializable */ - private static final long serialVersionUID = 1L; - - /** {@inheritDoc} */ - @Override - protected UserGroupInformation getUGI(HttpServletRequest request, - Configuration conf) { - String userID = (String) request - .getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - return ProxyUtil.getProxyUGIFor(userID); - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyStreamFile.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyStreamFile.java deleted file mode 100644 index 5335fa7c79..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyStreamFile.java +++ /dev/null @@ -1,67 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; -import java.net.InetSocketAddress; -import java.security.PrivilegedExceptionAction; - -import javax.servlet.ServletContext; -import javax.servlet.http.HttpServletRequest; - -import org.apache.hadoop.hdfs.DFSClient; -import org.apache.hadoop.hdfs.server.namenode.StreamFile; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.conf.Configuration; - -/** {@inheritDoc} */ -public class ProxyStreamFile extends StreamFile { - /** For java.io.Serializable */ - private static final long serialVersionUID = 1L; - - /** {@inheritDoc} */ - @Override - protected DFSClient getDFSClient(HttpServletRequest request) - throws IOException, InterruptedException { - ServletContext context = getServletContext(); - final Configuration conf = - (Configuration) context.getAttribute("name.conf"); - final InetSocketAddress nameNodeAddr = - (InetSocketAddress) context.getAttribute("name.node.address"); - - DFSClient client = getUGI(request, conf).doAs - ( new PrivilegedExceptionAction() { - @Override - public DFSClient run() throws IOException { - return new DFSClient(nameNodeAddr, conf); - } - }); - - return client; - } - - /** {@inheritDoc} */ - @Override - protected UserGroupInformation getUGI(HttpServletRequest request, - Configuration conf) { - String userID = (String) request - .getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - return ProxyUtil.getProxyUGIFor(userID); - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java b/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java deleted file mode 100644 index 2f4b7c5970..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java +++ /dev/null @@ -1,358 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.HttpURLConnection; -import java.net.InetSocketAddress; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; -import java.security.KeyStore; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Set; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.ServletException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.FSDataInputStream; -import org.apache.hadoop.fs.FSInputStream; -import org.apache.hadoop.io.IOUtils; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.util.HostsFileReader; -import org.apache.hadoop.security.UserGroupInformation; - -import org.apache.hadoop.hdfs.HdfsConfiguration; - -/** - * Proxy Utility . - */ -public class ProxyUtil { - public static final Log LOG = LogFactory.getLog(ProxyUtil.class); - private static final long MM_SECONDS_PER_DAY = 1000 * 60 * 60 * 24; - private static final int CERT_EXPIRATION_WARNING_THRESHOLD = 30; // 30 days - - // warning - - private static enum UtilityOption { - RELOAD("-reloadPermFiles"), GET("-get"), CHECKCERTS( - "-checkcerts"); - - private String name = null; - - private UtilityOption(String arg) { - this.name = arg; - } - - public String getName() { - return name; - } - } - - /** - * Dummy hostname verifier that is used to bypass hostname checking - */ - private static class DummyHostnameVerifier implements HostnameVerifier { - public boolean verify(String hostname, SSLSession session) { - return true; - } - } - - /** - * Dummy trustmanager that is used to bypass server certificate checking - */ - private static class DummyTrustManager implements X509TrustManager { - public void checkClientTrusted(X509Certificate[] chain, String authType) { - } - - public void checkServerTrusted(X509Certificate[] chain, String authType) { - } - - public X509Certificate[] getAcceptedIssuers() { - return null; - } - } - - private static HttpsURLConnection openConnection(String hostname, int port, - String path) throws IOException { - try { - final URL url = new URI("https", null, hostname, port, path, null, null) - .toURL(); - HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); - // bypass hostname verification - conn.setHostnameVerifier(new DummyHostnameVerifier()); - conn.setRequestMethod("GET"); - return conn; - } catch (URISyntaxException e) { - throw (IOException) new IOException().initCause(e); - } - } - - private static void setupSslProps(Configuration conf) throws IOException { - FileInputStream fis = null; - try { - SSLContext sc = SSLContext.getInstance("SSL"); - KeyManager[] kms = null; - TrustManager[] tms = null; - if (conf.get("ssl.client.keystore.location") != null) { - // initialize default key manager with keystore file and pass - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - KeyStore ks = KeyStore.getInstance(conf.get("ssl.client.keystore.type", - "JKS")); - char[] ksPass = conf.get("ssl.client.keystore.password", "changeit") - .toCharArray(); - fis = new FileInputStream(conf.get("ssl.client.keystore.location", - "keystore.jks")); - ks.load(fis, ksPass); - kmf.init(ks, conf.get("ssl.client.keystore.keypassword", "changeit") - .toCharArray()); - kms = kmf.getKeyManagers(); - fis.close(); - fis = null; - } - // initialize default trust manager with keystore file and pass - if (conf.getBoolean("ssl.client.do.not.authenticate.server", false)) { - // by pass trustmanager validation - tms = new DummyTrustManager[] { new DummyTrustManager() }; - } else { - TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); - KeyStore ts = KeyStore.getInstance(conf.get( - "ssl.client.truststore.type", "JKS")); - char[] tsPass = conf.get("ssl.client.truststore.password", "changeit") - .toCharArray(); - fis = new FileInputStream(conf.get("ssl.client.truststore.location", - "truststore.jks")); - ts.load(fis, tsPass); - tmf.init(ts); - tms = tmf.getTrustManagers(); - } - sc.init(kms, tms, new java.security.SecureRandom()); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - } catch (Exception e) { - throw new IOException("Could not initialize SSLContext", e); - } finally { - if (fis != null) { - fis.close(); - } - } - } - - static InetSocketAddress getSslAddr(Configuration conf) throws IOException { - String addr = conf.get("hdfsproxy.https.address"); - if (addr == null) - throw new IOException("HdfsProxy address is not specified"); - return NetUtils.createSocketAddr(addr); - } - - static boolean sendCommand(Configuration conf, String path) - throws IOException { - setupSslProps(conf); - int sslPort = getSslAddr(conf).getPort(); - int err = 0; - StringBuilder b = new StringBuilder(); - - HostsFileReader hostsReader = new HostsFileReader(conf.get( - "hdfsproxy.hosts", "hdfsproxy-hosts"), ""); - Set hostsList = hostsReader.getHosts(); - for (String hostname : hostsList) { - HttpsURLConnection connection = null; - try { - connection = openConnection(hostname, sslPort, path); - connection.connect(); - if (LOG.isDebugEnabled()) { - StringBuilder sb = new StringBuilder(); - X509Certificate[] clientCerts = (X509Certificate[]) connection - .getLocalCertificates(); - if (clientCerts != null) { - for (X509Certificate cert : clientCerts) - sb.append("\n Client certificate Subject Name is " - + cert.getSubjectX500Principal().getName()); - } else { - sb.append("\n No client certificates were found"); - } - X509Certificate[] serverCerts = (X509Certificate[]) connection - .getServerCertificates(); - if (serverCerts != null) { - for (X509Certificate cert : serverCerts) - sb.append("\n Server certificate Subject Name is " - + cert.getSubjectX500Principal().getName()); - } else { - sb.append("\n No server certificates were found"); - } - LOG.debug(sb.toString()); - } - if (connection.getResponseCode() != HttpServletResponse.SC_OK) { - b.append("\n\t" + hostname + ": " + connection.getResponseCode() - + " " + connection.getResponseMessage()); - err++; - } - } catch (IOException e) { - b.append("\n\t" + hostname + ": " + e.getLocalizedMessage()); - if (LOG.isDebugEnabled()) - LOG.debug("Exception happend for host " + hostname, e); - err++; - } finally { - if (connection != null) - connection.disconnect(); - } - } - if (err > 0) { - System.err.print("Command failed on the following " + err + " host" - + (err == 1 ? ":" : "s:") + b.toString() + "\n"); - return false; - } - return true; - } - - static FSDataInputStream open(Configuration conf, String hostname, int port, - String path) throws IOException { - setupSslProps(conf); - HttpURLConnection connection = null; - connection = openConnection(hostname, port, path); - connection.connect(); - final InputStream in = connection.getInputStream(); - return new FSDataInputStream(new FSInputStream() { - public int read() throws IOException { - return in.read(); - } - - public int read(byte[] b, int off, int len) throws IOException { - return in.read(b, off, len); - } - - public void close() throws IOException { - in.close(); - } - - public void seek(long pos) throws IOException { - throw new IOException("Can't seek!"); - } - - public long getPos() throws IOException { - throw new IOException("Position unknown!"); - } - - public boolean seekToNewSource(long targetPos) throws IOException { - return false; - } - }); - } - - static void checkServerCertsExpirationDays(Configuration conf, - String hostname, int port) throws IOException { - setupSslProps(conf); - HttpsURLConnection connection = null; - connection = openConnection(hostname, port, null); - connection.connect(); - X509Certificate[] serverCerts = (X509Certificate[]) connection - .getServerCertificates(); - Date curDate = new Date(); - long curTime = curDate.getTime(); - if (serverCerts != null) { - for (X509Certificate cert : serverCerts) { - StringBuilder sb = new StringBuilder(); - sb.append("\n Server certificate Subject Name: " - + cert.getSubjectX500Principal().getName()); - Date expDate = cert.getNotAfter(); - long expTime = expDate.getTime(); - int dayOffSet = (int) ((expTime - curTime) / MM_SECONDS_PER_DAY); - sb.append(" have " + dayOffSet + " days to expire"); - if (dayOffSet < CERT_EXPIRATION_WARNING_THRESHOLD) - LOG.warn(sb.toString()); - else - LOG.info(sb.toString()); - } - } else { - LOG.info("\n No Server certs was found"); - } - - if (connection != null) { - connection.disconnect(); - } - } - - public static void main(String[] args) throws Exception { - if (args.length < 1 - || (!UtilityOption.RELOAD.getName().equalsIgnoreCase(args[0]) - && !UtilityOption.GET.getName().equalsIgnoreCase(args[0]) && !UtilityOption.CHECKCERTS - .getName().equalsIgnoreCase(args[0])) - || (UtilityOption.GET.getName().equalsIgnoreCase(args[0]) && args.length != 4) - || (UtilityOption.CHECKCERTS.getName().equalsIgnoreCase(args[0]) && args.length != 3)) { - System.err.println("Usage: ProxyUtil [" + UtilityOption.RELOAD.getName() - + "] | [" - + UtilityOption.GET.getName() + " <#port> ] | [" - + UtilityOption.CHECKCERTS.getName() + " <#port> ]"); - System.exit(0); - } - Configuration conf = new HdfsConfiguration(false); - conf.addResource("ssl-client.xml"); - conf.addResource("hdfsproxy-default.xml"); - - if (UtilityOption.RELOAD.getName().equalsIgnoreCase(args[0])) { - // reload user-certs.xml and user-permissions.xml files - sendCommand(conf, "/reloadPermFiles"); - } else if (UtilityOption.CHECKCERTS.getName().equalsIgnoreCase(args[0])) { - checkServerCertsExpirationDays(conf, args[1], Integer.parseInt(args[2])); - } else { - String hostname = args[1]; - int port = Integer.parseInt(args[2]); - String path = args[3]; - InputStream in = open(conf, hostname, port, path); - IOUtils.copyBytes(in, System.out, conf, false); - in.close(); - } - } - - public static String getNamenode(Configuration conf) - throws ServletException { - String namenode = conf.get("fs.default.name"); - if (namenode == null) { - throw new - ServletException("Proxy source cluster name node address missing"); - } - return namenode; - } - - public static UserGroupInformation getProxyUGIFor(String userID) { - try { - return UserGroupInformation. - createProxyUser(userID, UserGroupInformation.getLoginUser()); - } catch (IOException e) { - throw new - RuntimeException("Unable get current logged in user", e); - } - } - - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/DummyLdapContext.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/DummyLdapContext.java deleted file mode 100644 index 8e5848ab61..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/DummyLdapContext.java +++ /dev/null @@ -1,128 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.util.ArrayList; -import java.util.Hashtable; - -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.Attributes; -import javax.naming.directory.BasicAttribute; -import javax.naming.directory.BasicAttributes; -import javax.naming.directory.SearchResult; -import javax.naming.ldap.Control; -import javax.naming.ldap.InitialLdapContext; - -class DummyLdapContext extends InitialLdapContext { - class ResultEnum implements NamingEnumeration { - private ArrayList rl; - - public ResultEnum() { - rl = new ArrayList(); - } - - public ResultEnum(ArrayList al) { - rl = al; - } - - public boolean hasMoreElements() { - return !rl.isEmpty(); - } - - public T nextElement() { - T t = rl.get(0); - rl.remove(0); - return t; - } - - public boolean hasMore() throws NamingException { - return !rl.isEmpty(); - } - - public T next() throws NamingException { - T t = rl.get(0); - rl.remove(0); - return t; - } - - public void close() throws NamingException { - } - } - - public DummyLdapContext() throws NamingException { - } - - public DummyLdapContext(Hashtable environment, Control[] connCtls) - throws NamingException { - } - - public NamingEnumeration search(String name, - Attributes matchingAttributes, String[] attributesToReturn) - throws NamingException { - System.out.println("Searching Dummy LDAP Server Results:"); - if (!"ou=proxyroles,dc=mycompany,dc=com".equalsIgnoreCase(name)) { - System.out.println("baseName mismatch"); - return new ResultEnum(); - } - if (!"cn=127.0.0.1".equals((String) matchingAttributes.get("uniqueMember") - .get())) { - System.out.println("Ip address mismatch"); - return new ResultEnum(); - } - BasicAttributes attrs = new BasicAttributes(); - BasicAttribute uidAttr = new BasicAttribute("uid", "testuser"); - attrs.put(uidAttr); - BasicAttribute groupAttr = new BasicAttribute("userClass", "testgroup"); - attrs.put(groupAttr); - BasicAttribute locAttr = new BasicAttribute("documentLocation", "/testdir"); - attrs.put(locAttr); - SearchResult sr = new SearchResult(null, null, attrs); - ArrayList al = new ArrayList(); - al.add(sr); - NamingEnumeration ne = new ResultEnum(al); - return ne; - } - - @SuppressWarnings("unchecked") - public static void main(String[] args) throws Exception { - DummyLdapContext dlc = new DummyLdapContext(); - String baseName = "ou=proxyroles,dc=mycompany,dc=com"; - Attributes matchAttrs = new BasicAttributes(true); - String[] attrIDs = { "uid", "documentLocation" }; - NamingEnumeration results = dlc.search(baseName, matchAttrs, - attrIDs); - if (results.hasMore()) { - SearchResult sr = results.next(); - Attributes attrs = sr.getAttributes(); - for (NamingEnumeration ne = attrs.getAll(); ne.hasMore();) { - Attribute attr = (Attribute) ne.next(); - if ("uid".equalsIgnoreCase(attr.getID())) { - System.out.println("User ID = " + attr.get()); - } else if ("documentLocation".equalsIgnoreCase(attr.getID())) { - System.out.println("Document Location = "); - for (NamingEnumeration e = attr.getAll(); e.hasMore();) { - System.out.println(e.next()); - } - } - } - } - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/FindFreePort.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/FindFreePort.java deleted file mode 100644 index b4dde89cc9..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/FindFreePort.java +++ /dev/null @@ -1,87 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.net.ServerSocket; -import java.io.IOException; -import java.net.BindException; -import java.util.Random; - -public class FindFreePort { - private static final int MIN_AVAILABLE_PORT = 10000; - private static final int MAX_AVAILABLE_PORT = 65535; - private static Random random = new Random(); - /** - * - * @param num <= 0, find a single free port - * @return free port next to port (>port) - * @throws IOException - */ - public static int findFreePort(int port) throws IOException { - ServerSocket server; - if (port < 0) { - server = new ServerSocket(0); - } else { - int freePort = port+1; - while (true) { - try { - server = new ServerSocket(freePort); - break; - } catch (IOException e) { - if (e instanceof BindException) { - if (freePort >= MAX_AVAILABLE_PORT || - freePort < MIN_AVAILABLE_PORT) { - throw e; - } - } else { - throw e; - } - freePort += 1; - } - } - } - int fport = server.getLocalPort(); - server.close(); - return fport; - } - /** - * - * @return - * @throws IOException - */ - public static int findFreePortRandom() throws IOException { - return findFreePort(MIN_AVAILABLE_PORT + random.nextInt(MAX_AVAILABLE_PORT - MIN_AVAILABLE_PORT + 1)); - } - - - public static void main(String[] args) throws Exception { - if(args.length < 1) { - System.err.println("Usage: FindFreePort < -random / <#port> >"); - System.exit(0); - } - int j = 0; - String cmd = args[j++]; - if ("-random".equals(cmd)) { - System.out.println(findFreePortRandom()); - } else { - System.out.println(findFreePort(Integer.parseInt(cmd))); - } - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/SimpleServlet.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/SimpleServlet.java deleted file mode 100644 index e0b8a03a82..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/SimpleServlet.java +++ /dev/null @@ -1,51 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import java.io.PrintWriter; -import java.io.IOException; - - -/** - * simple servlet for forward testing purpose - */ - -public class SimpleServlet extends HttpServlet { - - /** - * - */ - private static final long serialVersionUID = 1L; - - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws IOException { - response.setContentType("text/html"); - PrintWriter out = response.getWriter(); - out.print(""); - out.print("A GET request"); - out.print(""); - out.close(); - return; - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java deleted file mode 100644 index 377ee1bf80..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java +++ /dev/null @@ -1,161 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.List; -import java.util.ArrayList; - -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; - -import org.apache.cactus.FilterTestCase; -import org.apache.cactus.WebRequest; -import org.apache.cactus.WebResponse; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.fs.Path; - -public class TestAuthorizationFilter extends FilterTestCase { - - public static final Log LOG = LogFactory.getLog(TestAuthorizationFilter.class); - - private class DummyFilterChain implements FilterChain { - public void doFilter(ServletRequest theRequest, ServletResponse theResponse) - throws IOException, ServletException { - PrintWriter writer = theResponse.getWriter(); - - writer.print("

some content

"); - writer.close(); - } - - public void init(FilterConfig theConfig) { - } - - public void destroy() { - } - } - - private class ConfiguredAuthorizationFilter extends AuthorizationFilter { - - private ConfiguredAuthorizationFilter(String nameNode) { - this.namenode = nameNode; - } - } - - public void beginPathRestriction(WebRequest theRequest) { - theRequest.setURL("proxy-test:0", null, "/streamFile/nontestdir", - null,null); - } - - public void testPathRestriction() throws ServletException, IOException { - AuthorizationFilter filter = new - ConfiguredAuthorizationFilter("hdfs://apache.org"); - request.setRemoteIPAddress("127.0.0.1"); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID", - System.getProperty("user.name")); - List paths = new ArrayList(); - paths.add(new Path("/deny")); - paths.add(new Path("hdfs://test:100/deny")); - paths.add(new Path("hdfs://test/deny")); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths", - paths); - FilterChain mockFilterChain = new DummyFilterChain(); - filter.doFilter(request, response, mockFilterChain); - } - - public void endPathRestriction(WebResponse theResponse) { - assertEquals(theResponse.getStatusCode(), 403); - assertTrue("Text missing 'User not authorized to access path' : : [" - + theResponse.getText() + "]", theResponse.getText().indexOf( - "is not authorized to access path") > 0); - } - - public void beginPathPermit(WebRequest theRequest) { - theRequest.setURL("proxy-test:0", null, "/streamFile/data/file", - null, null); - } - - public void testPathPermit() throws ServletException, IOException { - AuthorizationFilter filter = new - ConfiguredAuthorizationFilter("hdfs://apache.org"); - request.setRemoteIPAddress("127.0.0.1"); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID", - System.getProperty("user.name")); - List paths = new ArrayList(); - paths.add(new Path("/data")); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths", - paths); - FilterChain mockFilterChain = new DummyFilterChain(); - filter.doFilter(request, response, mockFilterChain); - } - - public void endPathPermit(WebResponse theResponse) { - assertEquals(theResponse.getStatusCode(), 200); - } - - public void beginPathPermitQualified(WebRequest theRequest) { - theRequest.setURL("proxy-test:0", null, "/streamFile/data/file", - null, null); - } - - public void testPathPermitQualified() throws ServletException, IOException { - AuthorizationFilter filter = new - ConfiguredAuthorizationFilter("hdfs://apache.org"); - request.setRemoteIPAddress("127.0.0.1"); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID", - System.getProperty("user.name")); - List paths = new ArrayList(); - paths.add(new Path("hdfs://apache.org/data")); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths", - paths); - FilterChain mockFilterChain = new DummyFilterChain(); - filter.doFilter(request, response, mockFilterChain); - } - - public void endPathPermitQualified(WebResponse theResponse) { - assertEquals(theResponse.getStatusCode(), 200); - } - - public void beginPathQualifiediReject(WebRequest theRequest) { - theRequest.setURL("proxy-test:0", null, "/streamFile/data/file", - null, null); - } - - public void testPathQualifiedReject() throws ServletException, IOException { - AuthorizationFilter filter = new - ConfiguredAuthorizationFilter("hdfs://apache.org:1111"); - request.setRemoteIPAddress("127.0.0.1"); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID", - System.getProperty("user.name")); - List paths = new ArrayList(); - paths.add(new Path("hdfs://apache.org:2222/data")); - request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths", - paths); - FilterChain mockFilterChain = new DummyFilterChain(); - filter.doFilter(request, response, mockFilterChain); - } - - public void endPathQualifiedReject(WebResponse theResponse) { - assertEquals(theResponse.getStatusCode(), 403); - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestHdfsProxy.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestHdfsProxy.java deleted file mode 100644 index dd5bd52d37..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestHdfsProxy.java +++ /dev/null @@ -1,272 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.io.FileNotFoundException; -import java.io.IOException; -import java.net.InetSocketAddress; -import java.net.URI; -import java.util.Random; - -import junit.framework.TestCase; - -import org.apache.commons.logging.LogFactory; -import org.apache.commons.logging.impl.Log4JLogger; -import org.apache.log4j.Level; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.fs.FileSystem; -import org.apache.hadoop.fs.FileUtil; -import org.apache.hadoop.fs.FSDataInputStream; -import org.apache.hadoop.fs.FSDataOutputStream; -import org.apache.hadoop.fs.Path; -import org.apache.hadoop.hdfs.MiniDFSCluster; -import org.apache.hadoop.hdfs.server.datanode.DataNode; -import org.apache.hadoop.hdfs.server.namenode.FSNamesystem; -import org.apache.hadoop.hdfs.HdfsConfiguration; -import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.UserGroupInformation; - -/** - * A JUnit test for HdfsProxy - */ -public class TestHdfsProxy extends TestCase { - { - ((Log4JLogger) LogFactory.getLog("org.apache.hadoop.hdfs.StateChange")) - .getLogger().setLevel(Level.OFF); - ((Log4JLogger) DataNode.LOG).getLogger().setLevel(Level.OFF); - ((Log4JLogger) FSNamesystem.LOG).getLogger().setLevel(Level.OFF); - } - - static final URI LOCAL_FS = URI.create("file:///"); - - private static final int NFILES = 10; - private static String TEST_ROOT_DIR = new Path(System.getProperty( - "test.build.data", "/tmp")).toString().replace(' ', '+'); - - /** - * class MyFile contains enough information to recreate the contents of a - * single file. - */ - private static class MyFile { - private static Random gen = new Random(); - private static final int MAX_LEVELS = 3; - private static final int MAX_SIZE = 8 * 1024; - private static String[] dirNames = { "zero", "one", "two", "three", "four", - "five", "six", "seven", "eight", "nine" }; - private final String name; - private int size = 0; - private long seed = 0L; - - MyFile() { - this(gen.nextInt(MAX_LEVELS)); - } - - MyFile(int nLevels) { - String xname = ""; - if (nLevels != 0) { - int[] levels = new int[nLevels]; - for (int idx = 0; idx < nLevels; idx++) { - levels[idx] = gen.nextInt(10); - } - StringBuffer sb = new StringBuffer(); - for (int idx = 0; idx < nLevels; idx++) { - sb.append(dirNames[levels[idx]]); - sb.append("/"); - } - xname = sb.toString(); - } - long fidx = gen.nextLong() & Long.MAX_VALUE; - name = xname + Long.toString(fidx); - reset(); - } - - void reset() { - final int oldsize = size; - do { - size = gen.nextInt(MAX_SIZE); - } while (oldsize == size); - final long oldseed = seed; - do { - seed = gen.nextLong() & Long.MAX_VALUE; - } while (oldseed == seed); - } - - String getName() { - return name; - } - - int getSize() { - return size; - } - - long getSeed() { - return seed; - } - } - - private static MyFile[] createFiles(URI fsname, String topdir) - throws IOException { - return createFiles(FileSystem.get(fsname, new HdfsConfiguration()), topdir); - } - - /** - * create NFILES with random names and directory hierarchies with random (but - * reproducible) data in them. - */ - private static MyFile[] createFiles(FileSystem fs, String topdir) - throws IOException { - Path root = new Path(topdir); - MyFile[] files = new MyFile[NFILES]; - for (int i = 0; i < NFILES; i++) { - files[i] = createFile(root, fs); - } - return files; - } - - private static MyFile createFile(Path root, FileSystem fs, int levels) - throws IOException { - MyFile f = levels < 0 ? new MyFile() : new MyFile(levels); - Path p = new Path(root, f.getName()); - FSDataOutputStream out = fs.create(p); - byte[] toWrite = new byte[f.getSize()]; - new Random(f.getSeed()).nextBytes(toWrite); - out.write(toWrite); - out.close(); - FileSystem.LOG.info("created: " + p + ", size=" + f.getSize()); - return f; - } - - private static MyFile createFile(Path root, FileSystem fs) throws IOException { - return createFile(root, fs, -1); - } - - private static boolean checkFiles(FileSystem fs, String topdir, MyFile[] files) - throws IOException { - return checkFiles(fs, topdir, files, false); - } - - private static boolean checkFiles(FileSystem fs, String topdir, - MyFile[] files, boolean existingOnly) throws IOException { - Path root = new Path(topdir); - - for (int idx = 0; idx < files.length; idx++) { - Path fPath = new Path(root, files[idx].getName()); - try { - fs.getFileStatus(fPath); - FSDataInputStream in = fs.open(fPath); - byte[] toRead = new byte[files[idx].getSize()]; - byte[] toCompare = new byte[files[idx].getSize()]; - Random rb = new Random(files[idx].getSeed()); - rb.nextBytes(toCompare); - assertEquals("Cannnot read file.", toRead.length, in.read(toRead)); - in.close(); - for (int i = 0; i < toRead.length; i++) { - if (toRead[i] != toCompare[i]) { - return false; - } - } - toRead = null; - toCompare = null; - } catch (FileNotFoundException fnfe) { - if (!existingOnly) { - throw fnfe; - } - } - } - - return true; - } - - /** delete directory and everything underneath it. */ - private static void deldir(FileSystem fs, String topdir) throws IOException { - fs.delete(new Path(topdir), true); - } - - /** verify hdfsproxy implements the hftp interface */ - public void testHdfsProxyInterface() throws Exception { - MiniDFSCluster cluster = null; - HdfsProxy proxy = null; - try { - final UserGroupInformation CLIENT_UGI = UserGroupInformation.getCurrentUser(); - final String testUser = CLIENT_UGI.getShortUserName(); - final String testGroup = CLIENT_UGI.getGroupNames()[0]; - - final Configuration dfsConf = new HdfsConfiguration(); - dfsConf.set("hadoop.proxyuser." + testUser + - ".groups", testGroup); - dfsConf.set("hadoop.proxyuser." + testGroup + ".hosts", - "localhost,127.0.0.1"); - dfsConf.set("hadoop.proxyuser." + testUser + - ".hosts", "localhost,127.0.0.1"); - cluster = new MiniDFSCluster.Builder(dfsConf).numDataNodes(2).build(); - cluster.waitActive(); - - final FileSystem localfs = FileSystem.get(LOCAL_FS, dfsConf); - final FileSystem hdfs = cluster.getFileSystem(); - final Configuration proxyConf = new HdfsConfiguration(false); - proxyConf.set("hdfsproxy.dfs.namenode.address", hdfs.getUri().getHost() + ":" - + hdfs.getUri().getPort()); - proxyConf.set("hdfsproxy.https.address", "localhost:0"); - final String namenode = hdfs.getUri().toString(); - if (namenode.startsWith("hdfs://")) { - MyFile[] files = createFiles(LOCAL_FS, TEST_ROOT_DIR + "/srcdat"); - hdfs.copyFromLocalFile - (new Path("file:///" + TEST_ROOT_DIR + "/srcdat"), - new Path(namenode + "/destdat" )); - assertTrue("Source and destination directories do not match.", - checkFiles(hdfs, "/destdat", files)); - - proxyConf.set("proxy.http.test.listener.addr", "localhost:0"); - proxy = new HdfsProxy(proxyConf); - proxy.start(); - InetSocketAddress proxyAddr = NetUtils.createSocketAddr("localhost:0"); - final String realProxyAddr = proxyAddr.getHostName() + ":" - + proxy.getPort(); - final Path proxyUrl = new Path("hftp://" + realProxyAddr); - final FileSystem hftp = proxyUrl.getFileSystem(dfsConf); - FileUtil.copy(hftp, new Path(proxyUrl, "/destdat"), - hdfs, new Path(namenode + "/copied1"), - false, true, proxyConf); - - assertTrue("Source and copied directories do not match.", checkFiles( - hdfs, "/copied1", files)); - - FileUtil.copy(hftp, new Path(proxyUrl, "/destdat"), - localfs, new Path(TEST_ROOT_DIR + "/copied2"), - false, true, proxyConf); - assertTrue("Source and copied directories do not match.", checkFiles( - localfs, TEST_ROOT_DIR + "/copied2", files)); - - deldir(hdfs, "/destdat"); - deldir(hdfs, "/logs"); - deldir(hdfs, "/copied1"); - deldir(localfs, TEST_ROOT_DIR + "/srcdat"); - deldir(localfs, TEST_ROOT_DIR + "/copied2"); - } - } finally { - if (cluster != null) { - cluster.shutdown(); - } - if (proxy != null) { - proxy.stop(); - } - } - } -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestLdapIpDirFilter.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestLdapIpDirFilter.java deleted file mode 100644 index 419ede2e14..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestLdapIpDirFilter.java +++ /dev/null @@ -1,113 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.naming.NamingException; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; - -import org.apache.cactus.FilterTestCase; -import org.apache.cactus.WebRequest; -import org.apache.cactus.WebResponse; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -public class TestLdapIpDirFilter extends FilterTestCase { - - public static final Log LOG = LogFactory.getLog(TestLdapIpDirFilter.class); - - private class DummyFilterChain implements FilterChain { - public void doFilter(ServletRequest theRequest, ServletResponse theResponse) - throws IOException, ServletException { - PrintWriter writer = theResponse.getWriter(); - - writer.print("

some content

"); - writer.close(); - } - - public void init(FilterConfig theConfig) { - } - - public void destroy() { - } - } - - public void testIpRestriction() throws ServletException, IOException, - NamingException { - LdapIpDirFilter filter = new LdapIpDirFilter(); - String baseName = "ou=proxyroles,dc=mycompany,dc=com"; - DummyLdapContext dlc = new DummyLdapContext(); - filter.initialize(baseName, dlc); - request.setRemoteIPAddress("127.0.0.2"); - request.removeAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - FilterChain mockFilterChain = new DummyFilterChain(); - filter.doFilter(request, response, mockFilterChain); - assertNull(request - .getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID")); - } - - public void endIpRestriction(WebResponse theResponse) { - assertEquals(theResponse.getStatusCode(), 403); - assertTrue("Text missing 'IP not authorized to access' : : [" - + theResponse.getText() + "]", theResponse.getText().indexOf( - "not authorized to access") > 0); - } - - public void beginDoFilter(WebRequest theRequest) { - theRequest.setURL("proxy-test:0", null, "/streamFile/testdir", - null, null); - } - - public void testDoFilter() throws ServletException, IOException, - NamingException { - LdapIpDirFilter filter = new LdapIpDirFilter(); - String baseName = "ou=proxyroles,dc=mycompany,dc=com"; - DummyLdapContext dlc = new DummyLdapContext(); - filter.initialize(baseName, dlc); - request.setRemoteIPAddress("127.0.0.1"); - - ServletContext context = config.getServletContext(); - context.removeAttribute("name.node.address"); - context.removeAttribute("name.conf"); - assertNull(context.getAttribute("name.node.address")); - assertNull(context.getAttribute("name.conf")); - filter.init(config); - assertNotNull(context.getAttribute("name.node.address")); - assertNotNull(context.getAttribute("name.conf")); - - request.removeAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"); - FilterChain mockFilterChain = new DummyFilterChain(); - filter.doFilter(request, response, mockFilterChain); - assertEquals(request - .getAttribute("org.apache.hadoop.hdfsproxy.authorized.userID"), - "testuser"); - - } - - public void endDoFilter(WebResponse theResponse) { - assertEquals("

some content

", theResponse.getText()); - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyFilter.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyFilter.java deleted file mode 100644 index 61c04121b7..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyFilter.java +++ /dev/null @@ -1,120 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.ServletContext; - -import org.apache.cactus.FilterTestCase; -import org.apache.cactus.WebRequest; -import org.apache.cactus.WebResponse; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - - -public class TestProxyFilter extends FilterTestCase { - - public static final Log LOG = LogFactory.getLog(TestProxyFilter.class); - - private static String TEST_CLIENT_SSL_CERT = System.getProperty("javax.net.ssl.clientCert", - "./src/test/resources/ssl-keys/test.crt"); - - private class DummyFilterChain implements FilterChain { - public void doFilter(ServletRequest theRequest, ServletResponse theResponse) - throws IOException, ServletException { - PrintWriter writer = theResponse.getWriter(); - - writer.print("

some content

"); - writer.close(); - } - - public void init(FilterConfig theConfig) { - } - - public void destroy() { - } - } - - public void beginDoFilterHttp(WebRequest theRequest) { - theRequest.addParameter("ugi", "nobody,test"); - } - - public void testDoFilterHttp() throws ServletException, IOException { - ProxyFilter filter = new ProxyFilter(); - - ServletContext context = config.getServletContext(); - context.removeAttribute("name.node.address"); - context.removeAttribute("name.conf"); - assertNull(context.getAttribute("name.node.address")); - assertNull(context.getAttribute("name.conf")); - - filter.init(config); - - assertNotNull(context.getAttribute("name.node.address")); - assertNotNull(context.getAttribute("name.conf")); - - request.removeAttribute("authorized.ugi"); - assertNull(request.getAttribute("authorized.ugi")); - - FilterChain mockFilterChain = new DummyFilterChain(); - filter.doFilter(request, response, mockFilterChain); - assertEquals(request.getAttribute("authorized.ugi").toString(), "nobody,test"); - - } - - public void endDoFilterHttp(WebResponse theResponse) { - assertEquals("

some content

", theResponse.getText()); - } - - public void beginDoFilterHttps(WebRequest theRequest) throws Exception{ - theRequest.addParameter("UnitTest", "true"); - theRequest.addParameter("SslPath", TEST_CLIENT_SSL_CERT); - theRequest.addParameter("ugi", "nobody,test"); - theRequest.addParameter("TestSevletPathInfo", "/streamFile"); - theRequest.addParameter("filename", "/user"); - } - - public void testDoFilterHttps() throws Exception { - ProxyFilter filter = new ProxyFilter(); - - request.removeAttribute("authorized.ugi"); - assertNull(request.getAttribute("authorized.ugi")); - - FilterChain mockFilterChain = new DummyFilterChain(); - filter.init(config); - filter.doFilter(request, response, mockFilterChain); - - LOG.info("Finish setting up X509Certificate"); - assertEquals(request.getAttribute("authorized.ugi").toString().substring(0, 6), "nobody"); - - } - - public void endDoFilterHttps(WebResponse theResponse) { - assertEquals("

some content

", theResponse.getText()); - } - - -} - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyForwardServlet.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyForwardServlet.java deleted file mode 100644 index 466f63d87d..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyForwardServlet.java +++ /dev/null @@ -1,69 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import org.apache.cactus.ServletTestCase; -import org.apache.cactus.WebRequest; -import org.apache.cactus.WebResponse; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import java.io.IOException; -import javax.servlet.ServletException; - -/** Unit tests for ProxyUtil */ -public class TestProxyForwardServlet extends ServletTestCase { - public static final Log LOG = LogFactory.getLog(TestProxyForwardServlet.class); - - - public void beginDoGet(WebRequest theRequest) { - theRequest.setURL("proxy-test:0", null, "/simple", null, null); - } - - public void testDoGet() throws IOException, ServletException { - ProxyForwardServlet servlet = new ProxyForwardServlet(); - - servlet.init(config); - servlet.doGet(request, response); - } - - public void endDoGet(WebResponse theResponse) - throws IOException { - String expected = "A GET request"; - String result = theResponse.getText(); - - assertEquals(expected, result); - } - - - public void testForwardRequest() throws Exception { - ProxyForwardServlet servlet = new ProxyForwardServlet(); - - servlet.forwardRequest(request, response, config.getServletContext(), "/simple"); - } - - public void endForwardRequest(WebResponse theResponse) throws IOException { - String expected = "A GET request"; - String result = theResponse.getText(); - - assertEquals(expected, result); - - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyUtil.java b/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyUtil.java deleted file mode 100644 index 444beacb01..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestProxyUtil.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hdfsproxy; - -import junit.framework.TestCase; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.hdfs.HdfsConfiguration; - -/** Unit tests for ProxyUtil */ -public class TestProxyUtil extends TestCase { - - private static String TEST_PROXY_CONF_DIR = System.getProperty("test.proxy.conf.dir", "./conf"); - private static String TEST_PROXY_HTTPS_PORT = System.getProperty("test.proxy.https.port", "8443"); - - public void testSendCommand() throws Exception { - - Configuration conf = new HdfsConfiguration(false); - conf.addResource("ssl-client.xml"); - conf.addResource("hdfsproxy-default.xml"); - String address = "localhost:" + TEST_PROXY_HTTPS_PORT; - conf.set("hdfsproxy.https.address", address); - String hostFname = TEST_PROXY_CONF_DIR + "/hdfsproxy-hosts"; - conf.set("hdfsproxy.hosts", hostFname); - - assertTrue(ProxyUtil.sendCommand(conf, "/test/reloadPermFiles")); - - conf.set("hdfsproxy.https.address", "localhost:7777"); - assertFalse(ProxyUtil.sendCommand(conf, "/test/reloadPermFiles")); - assertFalse(ProxyUtil.sendCommand(conf, "/test/reloadPermFiles")); - } - -} diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/cactus-web.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/cactus-web.xml deleted file mode 100644 index ddbab81e34..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/cactus-web.xml +++ /dev/null @@ -1,77 +0,0 @@ - - - - - - - - param - value used for testing - - - - ServletRedirector - org.apache.cactus.server.ServletTestRedirector - - param1 - value1 used for testing - - - - - ServletRedirector_TestOverride - org.apache.cactus.server.ServletTestRedirector - - param2 - value2 used for testing - - - - - TestJsp - /test/test.jsp - - - - JspRedirector - /jspRedirector.jsp - - param1 - value1 used for testing - - - - - Simple - A Simple Servlet - org.apache.hadoop.hdfsproxy.SimpleServlet - - - - ServletRedirector_TestOverride - /ServletRedirectorOverride - - - - Simple - /simple/* - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-default.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-default.xml deleted file mode 100644 index b43e74f345..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-default.xml +++ /dev/null @@ -1,104 +0,0 @@ - - - - - - - - - hdfsproxy.https.address - 0.0.0.0:8443 - the SSL port that hdfsproxy listens on - - - - - hdfsproxy.hosts - hdfsproxy-hosts - location of hdfsproxy-hosts file - - - - - hdfsproxy.dfs.namenode.address - localhost:54321 - namenode address of the HDFS cluster being proxied - - - - - hdfsproxy.https.server.keystore.resource - ssl-server.xml - location of the resource from which ssl server keystore - information will be extracted - - - - - hdfsproxy.user.permissions.file.location - user-permissions.xml - location of the user permissions file - - - - - hdfsproxy.user.certs.file.location - user-certs.xml - location of the user certs file - - - - - hdfsproxy.ugi.cache.ugi.lifetime - 15 - The lifetime (in minutes) of a cached ugi - - - - - hdfsproxy.ldap.initial.context.factory - com.sun.jndi.ldap.LdapCtxFactory - ldap initial context factory - - - - - hdfsproxy.ldap.provider.url - ldap://ldapserver:389 - ldap server address - - - - - hdfsproxy.ldap.role.base - ou=proxyroles,dc=mycompany,dc=com - ldap role base - - - - - fs.default.name - - hdfs://localhost:8020 - The name of the default file system. Either the - literal string "local" or a host:port for NDFS. - true - - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-hosts b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-hosts deleted file mode 100644 index 2fbb50c4a8..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-hosts +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-site.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-site.xml deleted file mode 100644 index 72692e08c5..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/hdfsproxy-site.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - proxy-test - /test - one hostname corresponds to one web application archive - - - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/log4j.properties b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/log4j.properties deleted file mode 100644 index 54beb3de37..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/log4j.properties +++ /dev/null @@ -1,76 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Define some default values that can be overridden by system properties -hdfsproxy.root.logger=DEBUG,console -hdfsproxy.log.dir=. -hdfsproxy.log.file=hdfsproxy.log - -# Define the root logger to the system property "hdfsproxy.root.logger". -log4j.rootLogger=${hdfsproxy.root.logger} - -# Logging Threshold -log4j.threshhold=ALL - -# -# Daily Rolling File Appender -# - -log4j.appender.DRFA=org.apache.log4j.DailyRollingFileAppender -log4j.appender.DRFA.File=${hdfsproxy.log.dir}/${hdfsproxy.log.file} - -# Rollver at midnight -log4j.appender.DRFA.DatePattern=.yyyy-MM-dd - -# 30-day backup -#log4j.appender.DRFA.MaxBackupIndex=30 -log4j.appender.DRFA.layout=org.apache.log4j.PatternLayout - -# Pattern format: Date LogLevel LoggerName LogMessage -log4j.appender.DRFA.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n -# Debugging Pattern format -#log4j.appender.DRFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n - - -# -# console -# Add "console" to rootlogger above if you want to use this -# - -log4j.appender.console=org.apache.log4j.ConsoleAppender -log4j.appender.console.target=System.err -log4j.appender.console.layout=org.apache.log4j.PatternLayout -log4j.appender.console.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n - -# -# Rolling File Appender -# - -#log4j.appender.RFA=org.apache.log4j.RollingFileAppender -#log4j.appender.RFA.File=${hdfsproxy.log.dir}/${hdfsproxy.log.file} - -# Logfile size and and 30-day backups -#log4j.appender.RFA.MaxFileSize=1MB -#log4j.appender.RFA.MaxBackupIndex=30 - -#log4j.appender.RFA.layout=org.apache.log4j.PatternLayout -#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} - %m%n -#log4j.appender.RFA.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n - -# Custom Logging levels - -log4j.logger.org.apache.hadoop.hdfsproxy.HttpsProxy=DEBUG -log4j.logger.org.apache.hadoop.hdfsproxy.ProxyFilter=DEBUG -log4j.logger.org.apache.hadoop.hdfsproxy.HdfsProxy=DEBUG diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/ssl-client.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/ssl-client.xml deleted file mode 100644 index 22c9389719..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/ssl-client.xml +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - - ssl.client.truststore.location - ${javax.net.ssl.keyStore} - - - - ssl.client.truststore.password - changeme - - - - ssl.client.truststore.type - jks - - - - ssl.client.keystore.location - ${javax.net.ssl.keyStore} - - - - ssl.client.keystore.password - changeme - - - - ssl.client.keystore.type - jks - - - - ssl.client.keystore.keypassword - changeme - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/ssl-server.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/ssl-server.xml deleted file mode 100644 index bcc420bbc9..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/ssl-server.xml +++ /dev/null @@ -1,47 +0,0 @@ - - - - - - - - ssl.server.truststore.location - ${javax.net.ssl.keyStore.proxy} - - - - ssl.server.truststore.password - changeme - - - - ssl.server.keystore.location - ${javax.net.ssl.keyStore.proxy} - - - - ssl.server.keystore.password - changeme - - - - ssl.server.keystore.keypassword - changeme - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/user-certs.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/user-certs.xml deleted file mode 100644 index bce3a5a2f5..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/user-certs.xml +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - - - kan - ,6 ,, 4 , 9a2cf0be9ddf8280 - - - - - - - - k. zhang - , ,, 2 , 9a2cf0be9ddf8280 - - - - - - - - zhiyong1 - ,5 ,, 3 , 9a2cf0be9ddf8280 - - - - - - - - nobody - ,6 ,, 3 , 9a2cf0be9ddf8280 - - - - - - - - root - ,7 ,, 3 , 9a2cf0be9ddf8280 - - - - - - - - Admin - , 6, ,, 3 , 9a2cf0be9ddf8280 - - - - - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/user-permissions.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/user-permissions.xml deleted file mode 100644 index d24d8cc899..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/proxy-config/user-permissions.xml +++ /dev/null @@ -1,78 +0,0 @@ - - - - - - - - - kan - , - - - - /input, /user, /data - - - - k. zhang - , - - - - /input, /user, /data - - - - zhiyong1 - , - - - - /input, /user, /data - - - - nobody - , - - - - /input, /user, /data - - - - root - , - - - - /input, /user, /data - - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/client.keystore b/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/client.keystore deleted file mode 100644 index c8428c20bf..0000000000 Binary files a/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/client.keystore and /dev/null differ diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/proxy.keystore b/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/proxy.keystore deleted file mode 100644 index e3ae5645ba..0000000000 Binary files a/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/proxy.keystore and /dev/null differ diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/test.crt b/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/test.crt deleted file mode 100644 index b935e0fa1c..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/ssl-keys/test.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDbjCCAtegAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBijELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAcTB0J1cmJhbmsxDjAMBgNVBAoT -BVlhaG9vMQ0wCwYDVQQLEwRHcmlkMQ4wDAYDVQQDEwVDbG91ZDElMCMGCSqGSIb3 -DQEJARYWemhpeW9uZzFAeWFob28taW5jLmNvbTAeFw0wOTAyMTExNzMxMTlaFw0y -ODEwMjkxNzMxMTlaMFUxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25v -d24xDzANBgNVBAoTBmhhZG9vcDENMAsGA1UECxMEdGVzdDEPMA0GA1UEAxMGbm9i -b2R5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQnFDrGQ+lxdmwvv+8G3gc -Vsj501WhlaEHa0xPJReeVfcxCRrE60k2Cb3nfHHyT0nW1vHZ0207T8LuGJKaaKMy -5yIRTI7WwEDLqwxzl109Vlu8iBOqzJXcjo5YRSqmdEx8UYlrd67tMUyw0J5u8IlU -UKT/OMt7YT4R89a9INyzTwIDAQABo4IBFjCCARIwCQYDVR0TBAIwADAsBglghkgB -hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE -FGAUh//jxUxfBpcAEp0ZAemyPbnDMIG3BgNVHSMEga8wgayAFIsZF5xSEMuMwUwN -H89Xv8EJdxCqoYGQpIGNMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv -cm5pYTEQMA4GA1UEBxMHQnVyYmFuazEOMAwGA1UEChMFWWFob28xDTALBgNVBAsT -BEdyaWQxDjAMBgNVBAMTBUNsb3VkMSUwIwYJKoZIhvcNAQkBFhZ6aGl5b25nMUB5 -YWhvby1pbmMuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAG28KbSm/tV/ft+8//eB -E87Cdq61ndPqiLhEaHrF3hKSsLzfbKaH9dQDqjTm+D7WVaxcFOn2V7ZUTMSZDHh2 -k+O8Tt642TB9HLbUtwEjoug3jHkx/uydcr8yhRb8/+x5flpU9hfaf0AU4Pc46Q95 -uMUVgIDvO5ED9OaoarJE8UbT ------END CERTIFICATE----- diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/server.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/server.xml deleted file mode 100644 index 0fb51a0a68..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/server.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/tomcat-users.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/tomcat-users.xml deleted file mode 100644 index 67f693987e..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/tomcat-users.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/web.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/web.xml deleted file mode 100644 index ff39e30c81..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-config/web.xml +++ /dev/null @@ -1,964 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - - org.apache.catalina.servlets.DefaultServlet - - - debug - 0 - - - listings - false - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - jsp - org.apache.jasper.servlet.JspServlet - - fork - false - - - xpoweredBy - false - - 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default - / - - - - - - - - jsp - *.jsp - - - - jsp - *.jspx - - - - - - - - - - - - - - - - 30 - - - - - - - - - - - - abs - audio/x-mpeg - - - ai - application/postscript - - - aif - audio/x-aiff - - - aifc - audio/x-aiff - - - aiff - audio/x-aiff - - - aim - application/x-aim - - - art - image/x-jg - - - asf - video/x-ms-asf - - - asx - video/x-ms-asf - - - au - audio/basic - - - avi - video/x-msvideo - - - avx - video/x-rad-screenplay - - - bcpio - application/x-bcpio - - - bin - application/octet-stream - - - bmp - image/bmp - - - body - text/html - - - cdf - application/x-cdf - - - cer - application/x-x509-ca-cert - - - class - application/java - - - cpio - application/x-cpio - - - csh - application/x-csh - - - css - text/css - - - dib - image/bmp - - - doc - application/msword - - - dtd - text/plain - - - dv - video/x-dv - - - dvi - application/x-dvi - - - eps - application/postscript - - - etx - text/x-setext - - - exe - application/octet-stream - - - gif - image/gif - - - gtar - application/x-gtar - - - gz - application/x-gzip - - - hdf - application/x-hdf - - - hqx - application/mac-binhex40 - - - htc - text/x-component - - - htm - text/html - - - html - text/html - - - hqx - application/mac-binhex40 - - - ief - image/ief - - - jad - text/vnd.sun.j2me.app-descriptor - - - jar - application/java-archive - - - java - text/plain - - - jnlp - application/x-java-jnlp-file - - - jpe - image/jpeg - - - jpeg - image/jpeg - - - jpg - image/jpeg - - - js - text/javascript - - - jsf - text/plain - - - jspf - text/plain - - - kar - audio/x-midi - - - latex - application/x-latex - - - m3u - audio/x-mpegurl - - - mac - image/x-macpaint - - - man - application/x-troff-man - - - me - application/x-troff-me - - - mid - audio/x-midi - - - midi - audio/x-midi - - - mif - application/x-mif - - - mov - video/quicktime - - - movie - video/x-sgi-movie - - - mp1 - audio/x-mpeg - - - mp2 - audio/x-mpeg - - - mp3 - audio/x-mpeg - - - mpa - audio/x-mpeg - - - mpe - video/mpeg - - - mpeg - video/mpeg - - - mpega - audio/x-mpeg - - - mpg - video/mpeg - - - mpv2 - video/mpeg2 - - - ms - application/x-wais-source - - - nc - application/x-netcdf - - - oda - application/oda - - - pbm - image/x-portable-bitmap - - - pct - image/pict - - - pdf - application/pdf - - - pgm - image/x-portable-graymap - - - pic - image/pict - - - pict - image/pict - - - pls - audio/x-scpls - - - png - image/png - - - pnm - image/x-portable-anymap - - - pnt - image/x-macpaint - - - ppm - image/x-portable-pixmap - - - ppt - application/powerpoint - - - ps - application/postscript - - - psd - image/x-photoshop - - - qt - video/quicktime - - - qti - image/x-quicktime - - - qtif - image/x-quicktime - - - ras - image/x-cmu-raster - - - rgb - image/x-rgb - - - rm - application/vnd.rn-realmedia - - - roff - application/x-troff - - - rtf - application/rtf - - - rtx - text/richtext - - - sh - application/x-sh - - - shar - application/x-shar - - - smf - audio/x-midi - - - sit - application/x-stuffit - - - snd - audio/basic - - - src - application/x-wais-source - - - sv4cpio - application/x-sv4cpio - - - sv4crc - application/x-sv4crc - - - swf - application/x-shockwave-flash - - - t - application/x-troff - - - tar - application/x-tar - - - tcl - application/x-tcl - - - tex - application/x-tex - - - texi - application/x-texinfo - - - texinfo - application/x-texinfo - - - tif - image/tiff - - - tiff - image/tiff - - - tr - application/x-troff - - - tsv - text/tab-separated-values - - - txt - text/plain - - - ulw - audio/basic - - - ustar - application/x-ustar - - - xbm - image/x-xbitmap - - - xht - application/xhtml+xml - - - xhtml - application/xhtml+xml - - - xml - text/xml - - - xpm - image/x-xpixmap - - - xsl - text/xml - - - xwd - image/x-xwindowdump - - - wav - audio/x-wav - - - svg - image/svg+xml - - - svgz - image/svg+xml - - - vsd - application/x-visio - - - - wbmp - image/vnd.wap.wbmp - - - - wml - text/vnd.wap.wml - - - - wmlc - application/vnd.wap.wmlc - - - - wmls - text/vnd.wap.wmlscript - - - - wmlscriptc - application/vnd.wap.wmlscriptc - - - wrl - x-world/x-vrml - - - Z - application/x-compress - - - z - application/x-compress - - - zip - application/zip - - - - - - - - - - - - - - - - - index.html - index.htm - index.jsp - - - diff --git a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-web.xml b/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-web.xml deleted file mode 100644 index b264c8a95a..0000000000 --- a/hdfs/src/contrib/hdfsproxy/src/test/resources/tomcat-web.xml +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - - - HDFS Proxy - - get data from grid - - - - - - - webmaster - zhiyong1@yahoo-inc.com - - The EMAIL address of the administrator to whom questions - and comments about this application should be addressed. - - - - - - - - - - proxyFilter - org.apache.hadoop.hdfsproxy.ProxyFilter - - - - proxyFilter - /* - - - - listPaths - list paths data access - org.apache.hadoop.hdfsproxy.ProxyListPathsServlet - - - - listPaths - /listPaths/* - - - - data - data access - org.apache.hadoop.hdfsproxy.ProxyFileDataServlet - - - - data - /data/* - - - - streamFile - stream file access - org.apache.hadoop.hdfsproxy.ProxyStreamFile - - - - streamFile - /streamFile/* - - - - - index.html - - - - - - 30 - - - - - - - - - - - - diff --git a/hdfs/src/docs/src/documentation/content/xdocs/hdfsproxy.xml b/hdfs/src/docs/src/documentation/content/xdocs/hdfsproxy.xml deleted file mode 100644 index 7d5288056b..0000000000 --- a/hdfs/src/docs/src/documentation/content/xdocs/hdfsproxy.xml +++ /dev/null @@ -1,601 +0,0 @@ - - - - - - - - -
- HDFS Proxy Guide -
- - -
- Introduction -

HDFS Proxy is a proxy server through which a hadoop client (through HSFTP) or a standard - HTTPS client (wget, curl, etc) can talk to a hadoop server and more importantly pull data from - the sever. It put an access control layer in front of hadoop namenode server and - extends its functionalities to allow hadoop cross-version data transfer.

-
- -
- Goals and Use Cases -
- Data Transfer from HDFS clusters -
    -
  • User uses HSFTP protocol (hadoop distcp/fs, etc) to access HDFS proxy to copy out data stored on one or more HDFS clusters.
  • -
  • User uses HTTPS protocol (curl, wget, etc) to access HDFS proxy to copy out data stored on one or more HDFS clusters
  • -
-
- -
- Cross-version Data Transfer -

There are multiple HDFS clusters and possibly in different hadoop versions, each holding - different data. A client need to access these data in a standard way without worrying about - version compatibility issues.

-
- -
- User Access Control -
    -
  • User Access Control through SSL certificates
  • -
  • User Access Control through LDAP (Lightweight Directory Access Protocol) server
  • -
-
- -
- -
- Comparison with NameNode's H(S)FTP Interface -

NameNode has a http listener started at dfs.namenode.http-address with default port 50070 when NameNode is started and it provided a HFTP interface for the client. Also it could have a https listener started at dfs.namenode.https-address if dfs.https.enable is defined as true (by default, dfs.https.enable is not defined) to provide a HSFTP interface for client.

-
- Advantages of Proxy Over NameNode HTTP(S) server -
    -
  1. We can centralize access control layer to the proxy part so that NameNode server can lower its burden. In this sense, HDFS proxy plays a filtering role to control data access to NameNode and DataNodes. It is especially useful if the HDFS system has some sensitive data in it. -
  2. -
  3. After modulizing HDFS proxy into a standalone package, we can decouple the complexity of HDFS system and expand the proxy functionalities without worring about affecting other HDFS system features. -
  4. -
-
-
- Disadvantages of Using Proxy Instead of Getting Data Directly from H(S)FTP Interface: Slower in speed. This is due to -
    -
  1. HDFS proxy need to first copy data from source cluster, then transfer the data out to the client.
  2. -
  3. Unlike H(S)FTP interface, where file status listing, etc., is through NameNode server, and real data transfer is redirected to the real DataNode server, all data transfer under HDFS proxy is through the proxy server.
  4. -
-
- -
- -
- Design -
- Design Overview -
-

As shown in the above figure, in the client-side, proxy server will accept requests from HSFTP client and HTTPS client. The requests will pass through a filter module (containing one or more filters) for access control checking. Then the requests will go through a delegation module, whose responsibility is to direct the requests to the right client version for accessing the source cluster. After that, the delegated client will talk to the source cluster server through RPC protocol using servlets.

-
- -
- Filter Module: Proxy Authentication and Access Control -
- -

To realize proxy authentication and access control, we used a servlet filter. The filter module is very - flexible, it can be installed or disabled by simply changing the corresponding items in deployment - descriptor file (web.xml). We implemented two filters in the proxy code: ProxyFilter and LdapIpDirFilter. The process of how each filter works is listed as below.

- -
- SSL certificate-based proxyFilter -
    -
  1. A user will use a pre-issued SSL certificate to access the proxy.
  2. -
  3. The proxy server will authenticate the user certificate.
  4. -
  5. The user’s authenticated identity (extracted from the user’s SSL certificate) is used to check access to data on the proxy.
  6. -
  7. User access information is stored in two configuration files, user-certs.xml and user-permissions.xml.
  8. -
  9. The proxy will forward the user’s authenticated identity to HDFS clusters for HDFS file permission checking
  10. -
-
- -
- LDAP-based LdapIpDirFilter -
    -
  1. A standalone LDAP server need to be set-up to store user information as entries, and each entry contains userId, user group, IP address(es), allowable HDFS directories, etc.
  2. -
  3. An LDAP entry may contain multiple IP addresses with the same userId and group attribute to realize headless account.
  4. -
  5. Upon receiving a request, the proxy server will extract the user's Ip adress from the request header, query the LDAP server with the IP address to get the direcotry permission information, then compare that with the user request path to make a allow/deny decision.
  6. -
-
-

SSL-based proxyFilter provides strong PKI authentication and encryption, proxy server can create a self-signed CA using OpenSSL and use that CA to sign and issue certificates to clients.

-

Managing access information through configuration files is a convenient way to start and easy to set-up for a small user group. However, to scale to a large user group and to handle account management operations such as add, delete, and change access, a separate package or a different mechanism like LDAP server is needed.

-

The schema for the entry attributes in the LDAP server should match what is used in the proxy. The schema that is currently used in proxy is configurable through hdfsproxy-default.xml, but the attributes should always contain IP address (default as uniqueMember), userId (default as uid), user group (default as userClass), and alloable HDFS directories (default as documentLocation).

-

Users can also write their own filters to plug in the filter chain to realize extended functionalities.

-
- -
- Delegation Module: HDFS Cross-version Data Transfer -
-

As shown in the Figure, the delegation module contains two parts:

-
    -
  1. A Forwarding war, which plays the role of identifying the requests and directing the requests to the right HDFS client RPC version.
  2. -
  3. Several RPC client versions necessary to talk to all the HDFS source cluster servers.
  4. -
-

All servlets are packaged in the WAR files.

-

Strictly speaking, HDFS proxy does not by itself solve HDFS cross-version communication problem. However, through wrapping all the RPC client versions and delegating the client requests to the right version of RPC clients, HDFS proxy functions as if it can talk to multiple source clusters in different hadoop versions.

-

Packaging the servlets in the WAR files has several advantages:

-
    -
  1. It reduces the complexity of writing our own ClassLoaders for different RPC clients. Servlet - container (Tomcat) already uses separate ClassLoaders for different WAR files.
  2. -
  3. Packaging is done by the Servlet container (Tomcat). For each client WAR file, its Servlets - only need to worry about its own version of source HDFS clusters.
  4. -
-

Note that the inter-communication between servlets in the forwarding war and that in the specific client version war can only be through built-in data types such as int, String, etc, as such data types are loaded first through common classloader.

-
- -
- Servlets: Where Data transfer Occurs -

Proxy server functionality is implemented using servlets deployed under servlet container. Specifically, there are 3 proxy servlets ProxyListPathsServlet, ProxyFileDataServlet, and ProxyStreamFile. Together, they implement the same H(S)FTP interface as the original ListPathsServlet, FileDataServlet, and StreamFile servlets do on an HDFS cluster. In fact, the proxy servlets are subclasses of the original servlets with minor changes like retrieving client UGI from the proxy server, etc. All these three servlets are put into the client war files.

-

The forwarding proxy, which was implemented through ProxyForwardServlet, is put in a separate web application (ROOT.war). All client requests should be sent to the forwarding proxy. The forwarding proxy does not implement any functionality by itself. Instead, it simply forwards client requests to the right web applications with the right servlet paths.

-

Forwarding servlets forward requests to servlets in the right web applications through servlet cross-context communication by setting crossContext="true" in servlet container's configuration file

-

Proxy server will install a servlet, ProxyFileForward, which is a subclass of ProxyForwardServlet, on path /file, which exposes a simple HTTPS GET interface (internally delegates the work to ProxyStreamFile servlet via forwarding mechanism discussed above). This interface supports standard HTTP clients like curl, wget, etc. HTTPS client requests on the wire should look like https://proxy_address/file/file_path

-
- -
- Load Balancing and Identifying Requests through Domain Names -
-

The delegation module relies on the forwarding WAR to be able to identify the requests so that it can direct the requests to the right HDFS client RPC versions. Identifying the requests through Domain Name, which can be extracted from the request header, is a straightforward way. Note that Domain Name can have many alias through CNAME. By exploiting such a feature, we can create a Domain Name, then create many alias of this domain name, and finally make these alias correspond to different client RPC request versions. As the same time, we may need many servers to do load balancing. We can make all these servers (with different IP addresses) point to the same Domain Name in a Round-robin fashion. By doing this, we can realize default load-balancing if we have multiple through proxy servers running in the back-end.

-
- -
- -
- Jetty-based Installation and Configuration -

With Jetty-based installation, only part of proxy features are supported.

-
- Supporting Features -
    -
  • Single Hadoop source cluster data transfer
  • -
  • Single Hadoop version data transfer
  • -
  • Authenticate users via user SSL certificates with ProxyFilter installed
  • -
  • Enforce access control based on configuration files.
  • -
-
- -
- Configuration Files -
    -
  1. - hdfsproxy-default.xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameDescription
    hdfsproxy.https.addressthe SSL port that hdfsproxy listens on.
    hdfsproxy.hostslocation of hdfsproxy-hosts file.
    hdfsproxy.dfs.namenode.addressnamenode address of the HDFS cluster being proxied.
    hdfsproxy.https.server.keystore.resourcelocation of the resource from which ssl server keystore information will be extracted.
    hdfsproxy.user.permissions.file.locationlocation of the user permissions file.
    hdfsproxy.user.certs.file.locationlocation of the user certs file.
    hdfsproxy.ugi.cache.ugi.lifetime The lifetime (in minutes) of a cached ugi.
    -
  2. -
  3. - ssl-server.xml - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameDescription
    ssl.server.truststore.locationlocation of the truststore.
    ssl.server.truststore.passwordtruststore password.
    ssl.server.keystore.locationlocation of the keystore.
    ssl.server.keystore.passwordkeystore password.
    ssl.server.keystore.keypasswordkey password.
    -
  4. -
  5. - user-certs.xml - - - - - - - - -
    NameDescription
    This file defines the mappings from username to comma seperated list of certificate serial numbers that the user is allowed to use. One mapping per user. Wildcard characters, such as "*" and "?", are not recognized. Any leading or trailing whitespaces are stripped/ignored. In order for a user to be able to do "clearUgiCache" and "reloadPermFiles" command, the certification serial number he use must also belong to the user "Admin". -
    -
  6. -
  7. - user-permissions.xml - - - - - - - - -
    NameDescription
    This file defines the mappings from user name to comma seperated list of directories/files that the user is allowed to access. One mapping per user. Wildcard characters, such as "*" and "?", are not recognized. For example, to match "/output" directory, one can use "/output" or "/output/", but not "/output/*". Note that any leading or trailing whitespaces are stripped/ignored for the name field. -
    -
  8. -
-
-
- Build Process -

Under $HADOOP_PREFIX do the following
- $ ant clean tar
- $ cd src/contrib/hdfsproxy/
- $ ant clean tar
- The hdfsproxy-*.tar.gz file will be generated under $HADOOP_PREFIX/build/contrib/hdfsproxy/. Use this tar ball to proceed for the server start-up/shutdown process after necessary configuration. -

-
-
- Server Start up and Shutdown -

Starting up a Jetty-based HDFS Proxy server is similar to starting up an HDFS cluster. Simply run hdfsproxy shell command. The main configuration file is hdfsproxy-default.xml, which should be on the classpath. hdfsproxy-env.sh can be used to set up environmental variables. In particular, JAVA_HOME should be set. As listed above, additional configuration files include user-certs.xml, user-permissions.xml and ssl-server.xml, which are used to specify allowed user certs, allowed directories/files, and ssl keystore information for the proxy, respectively. The location of these files can be specified in hdfsproxy-default.xml. Environmental variable HDFSPROXY_CONF_DIR can be used to point to the directory where these configuration files are located. The configuration files (hadoop-site.xml, or core-site.xml and hdfs-site.xml) of the proxied HDFS cluster should also be available on the classpath . -

-

Mirroring those used in HDFS, a few shell scripts are provided to start and stop a group of proxy servers. The hosts to run hdfsproxy on are specified in hdfsproxy-hosts file, one host per line. All hdfsproxy servers are stateless and run independently from each other.

-

- To start a group of proxy servers, do
- $ start-hdfsproxy.sh -

-

- To stop a group of proxy servers, do
- $ stop-hdfsproxy.sh -

-

- To trigger reloading of user-certs.xml and user-permissions.xml files on all proxy servers listed in the hdfsproxy-hosts file, do
- $ hdfsproxy -reloadPermFiles -

-

To clear the UGI caches on all proxy servers, do
- $ hdfsproxy -clearUgiCache -

-
- -
- Verification -

Use HSFTP client
- bin/hadoop fs -ls "hsftp://proxy.address:port/" -

-
- -
- -
- Tomcat-based Installation and Configuration -

With tomcat-based installation, all HDFS Proxy features are supported

-
- Supporting Features -
    -
  • Multiple Hadoop source cluster data transfer
  • -
  • Multiple Hadoop version data transfer
  • -
  • Authenticate users via user SSL certificates with ProxyFilter installed
  • -
  • Authentication and authorization via LDAP with LdapIpDirFilter installed
  • -
  • Access control based on configuration files if ProxyFilter is installed.
  • -
  • Access control based on LDAP entries if LdapIpDirFilter is installed.
  • -
  • Standard HTTPS Get Support for file transfer
  • -
-
- - -
- Source Cluster Related Configuration -
    -
  1. - hdfsproxy-default.xml - - - - - - - - - - - - - - - - - -
    NameDescription
    fs.defaultFSSource Cluster NameNode address
    dfs.blocksizeThe block size for file tranfers
    io.file.buffer.size The size of buffer for use in sequence files. The size of this buffer should probably be a multiple of hardware page size (4096 on Intel x86), and it determines how much data is buffered during read and write operations
    -
  2. -
-
- -
- SSL Related Configuration -
    -
  1. - hdfsproxy-default.xml - - - - - - - - - - - - - - - - - -
    NameDescription
    hdfsproxy.user.permissions.file.locationlocation of the user permissions file.
    hdfsproxy.user.certs.file.locationlocation of the user certs file.
    hdfsproxy.ugi.cache.ugi.lifetime The lifetime (in minutes) of a cached ugi.
    -
  2. -
  3. - user-certs.xml - - - - - - - - -
    NameDescription
    This file defines the mappings from username to comma seperated list of certificate serial numbers that the user is allowed to use. One mapping per user. Wildcard characters, such as "*" and "?", are not recognized. Any leading or trailing whitespaces are stripped/ignored. In order for a user to be able to do "clearUgiCache" and "reloadPermFiles" command, the certification serial number he use must also belong to the user "Admin". -
    -
  4. -
  5. - user-permissions.xml - - - - - - - - -
    NameDescription
    This file defines the mappings from user name to comma seperated list of directories/files that the user is allowed to access. One mapping per user. Wildcard characters, such as "*" and "?", are not recognized. For example, to match "/output" directory, one can use "/output" or "/output/", but not "/output/*". Note that any leading or trailing whitespaces are stripped/ignored for the name field. -
    -
  6. -
-
- -
- LDAP Related Configuration -
    -
  1. - hdfsproxy-default.xml - - - - - - - - - - - - - - - - - -
    NameDescription
    hdfsproxy.ldap.initial.context.factoryLDAP context factory.
    hdfsproxy.ldap.provider.urlLDAP server address.
    hdfsproxy.ldap.role.baseLDAP role base.
    -
  2. -
-
- - -
- Tomcat Server Related Configuration -
    -
  1. - tomcat-forward-web.xml - - - - - - - - -
    NameDescription
    This deployment descritor file defines how servlets and filters are installed in the forwarding war (ROOT.war). The default filter installed is LdapIpDirFilter, you can change to ProxyFilter with org.apache.hadoop.hdfsproxy.ProxyFilter as you filter-class.
    -
  2. -
  3. - tomcat-web.xml - - - - - - - - -
    NameDescription
    This deployment descritor file defines how servlets and filters are installed in the client war. The default filter installed is LdapIpDirFilter, you can change to ProxyFilter with org.apache.hadoop.hdfsproxy.ProxyFilter as you filter-class.
    -
  4. -
  5. - $TOMCAT_HOME/conf/server.xml - - - - - - - - -
    NameDescription
    You need to change Tomcat's server.xml file under $TOMCAT_HOME/conf as detailed in tomcat 6 ssl-howto. Set clientAuth="true" if you need to authenticate client. -
    -
  6. -
  7. - $TOMCAT_HOME/conf/context.xml - - - - - - - - -
    NameDescription
    You need to change Tomcat's context.xml file under $TOMCAT_HOME/conf by adding crossContext="true" after Context. -
    -
  8. -
-
-
- Build and Deployment Process -
- Build forwarding war (ROOT.war) -

Suppose hdfsproxy-default.xml has been properly configured and it is under ${user.home}/proxy-root-conf dir. Under $HADOOP_PREFIX do the following
- $ export HDFSPROXY_CONF_DIR=${user.home}/proxy-root-conf
- $ ant clean tar
- $ cd src/contrib/hdfsproxy/
- $ ant clean forward
- The hdfsproxy-forward-*.war file will be generated under $HADOOP_PREFIX/build/contrib/hdfsproxy/. Copy this war file to tomcat's webapps directory and rename it at ROOT.war (if ROOT dir already exists, remove it first) for deployment. -

-
-
- Build cluster client war (client.war) -

Suppose hdfsproxy-default.xml has been properly configured and it is under ${user.home}/proxy-client-conf dir. Under $HADOOP_PREFIX do the following
- $ export HDFSPROXY_CONF_DIR=${user.home}/proxy-client-conf
- $ ant clean tar
- $ cd src/contrib/hdfsproxy/
- $ ant clean war
- The hdfsproxy-*.war file will be generated under $HADOOP_PREFIX/build/contrib/hdfsproxy/. Copy this war file to tomcat's webapps directory and rename it properly for deployment. -

-
-
- Handle Multiple Source Clusters -

To proxy for multiple source clusters, you need to do the following:

-
    -
  1. Build multiple client war with different names and different hdfsproxy-default.xml configurations
  2. -
  3. Make multiple alias using CNAME of the same Domain Name
  4. -
  5. Make sure the first part of the alias match the corresponding client war file name. For example, you have two source clusters, sc1 and sc2, and you made two alias of the same domain name, proxy1.apache.org and proxy2.apache.org, then you need to name the client war file as proxy1.war and proxy2.war respectively for your deployment.
  6. -
-
-
- -
- Server Start up and Shutdown -

Starting up and shutting down Tomcat-based HDFS Proxy server is no more than starting up and shutting down tomcat server with tomcat's bin/startup.sh and bin/shutdown.sh script.

-

If you need to authenticate client certs, you need either set truststoreFile and truststorePass following tomcat 6 ssl-howto in the configuration stage or give the truststore location by doing the following
- export JAVA_OPTS="-Djavax.net.ssl.trustStore=${user.home}/truststore-location -Djavax.net.ssl.trustStorePassword=trustpass"
- before you start-up tomcat. -

-
-
- Verification -

HTTPS client
- curl -k "https://proxy.address:port/file/file-path"
- wget --no-check-certificate "https://proxy.address:port/file/file-path" -

-

HADOOP client
- bin/hadoop fs -ls "hsftp://proxy.address:port/" -

-
- -
- -
- Hadoop Client Configuration -
    -
  • - ssl-client.xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameDescription
    ssl.client.do.not.authenticate.serverif true, trust all server certificates, like curl's -k option
    ssl.client.truststore.locationLocation of truststore
    ssl.client.truststore.password truststore password
    ssl.client.truststore.type truststore type
    ssl.client.keystore.location Location of keystore
    ssl.client.keystore.password keystore password
    ssl.client.keystore.type keystore type
    ssl.client.keystore.keypassword keystore key password
    ssl.expiration.warn.days server certificate expiration war days threshold, 0 means no warning should be issued
    -
  • -
-
- - - - -
diff --git a/hdfs/src/docs/src/documentation/content/xdocs/site.xml b/hdfs/src/docs/src/documentation/content/xdocs/site.xml index baf57b40c5..61c6d43ea3 100644 --- a/hdfs/src/docs/src/documentation/content/xdocs/site.xml +++ b/hdfs/src/docs/src/documentation/content/xdocs/site.xml @@ -43,7 +43,6 @@ See http://forrest.apache.org/docs/linking.html for more info. -