/// <summary>Creates a SaslPropertiesResolver from the given configuration.</summary>
/// <remarks>
/// Creates a SaslPropertiesResolver from the given configuration. This method
/// works by cloning the configuration, translating configuration properties
/// specific to DataTransferProtocol to what SaslPropertiesResolver expects,
/// and then delegating to SaslPropertiesResolver for initialization. This
/// method returns null if SASL protection has not been configured for
/// DataTransferProtocol.
/// </remarks>
/// <param name="conf">configuration to read</param>
/// <returns>
/// SaslPropertiesResolver for DataTransferProtocol, or null if not
/// configured
/// </returns>
public static SaslPropertiesResolver GetSaslPropertiesResolver(Configuration conf
)
{
string qops = conf.Get(DFSConfigKeys.DfsDataTransferProtectionKey);
if (qops == null || qops.IsEmpty())
{
Log.Debug("DataTransferProtocol not using SaslPropertiesResolver, no " + "QOP found in configuration for {}"
, DFSConfigKeys.DfsDataTransferProtectionKey);
return(null);
}
Configuration saslPropsResolverConf = new Configuration(conf);
saslPropsResolverConf.Set(CommonConfigurationKeysPublic.HadoopRpcProtection, qops
);
Type resolverClass = conf.GetClass <SaslPropertiesResolver>(CommonConfigurationKeysPublic
.HadoopSecuritySaslPropsResolverClass, typeof(SaslPropertiesResolver));
resolverClass = conf.GetClass <SaslPropertiesResolver>(DFSConfigKeys.DfsDataTransferSaslPropsResolverClassKey
, resolverClass);
saslPropsResolverConf.SetClass(CommonConfigurationKeysPublic.HadoopSecuritySaslPropsResolverClass
, resolverClass, typeof(SaslPropertiesResolver));
SaslPropertiesResolver resolver = SaslPropertiesResolver.GetInstance(saslPropsResolverConf
);
Log.Debug("DataTransferProtocol using SaslPropertiesResolver, configured " + "QOP {} = {}, configured class {} = {}"
, DFSConfigKeys.DfsDataTransferProtectionKey, qops, DFSConfigKeys.DfsDataTransferSaslPropsResolverClassKey
, resolverClass);
return(resolver);
}
/// <summary>Creates a new SaslDataTransferClient.</summary>
/// <param name="conf">the configuration</param>
/// <param name="saslPropsResolver">for determining properties of SASL negotiation</param>
/// <param name="trustedChannelResolver">
/// for identifying trusted connections that do
/// not require SASL negotiation
/// </param>
/// <param name="fallbackToSimpleAuth">
/// checked on each attempt at general SASL
/// handshake, if true forces use of simple auth
/// </param>
public SaslDataTransferClient(Configuration conf, SaslPropertiesResolver saslPropsResolver
, TrustedChannelResolver trustedChannelResolver, AtomicBoolean fallbackToSimpleAuth
)
{
this.conf = conf;
this.fallbackToSimpleAuth = fallbackToSimpleAuth;
this.saslPropsResolver = saslPropsResolver;
this.trustedChannelResolver = trustedChannelResolver;
}
/// <summary>Receives SASL negotiation for general-purpose handshake.</summary>
/// <param name="peer">connection peer</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
private IOStreamPair GetSaslStreams(Peer peer, OutputStream underlyingOut, InputStream
underlyingIn)
{
if (peer.HasSecureChannel() || dnConf.GetTrustedChannelResolver().IsTrusted(DataTransferSaslUtil.GetPeerAddress
(peer)))
{
return(new IOStreamPair(underlyingIn, underlyingOut));
}
SaslPropertiesResolver saslPropsResolver = dnConf.GetSaslPropsResolver();
IDictionary <string, string> saslProps = saslPropsResolver.GetServerProperties(DataTransferSaslUtil.GetPeerAddress
(peer));
CallbackHandler callbackHandler = new SaslDataTransferServer.SaslServerCallbackHandler
(new _PasswordFunction_292(this));
return(DoSaslHandshake(underlyingOut, underlyingIn, saslProps, callbackHandler));
}
public DNConf(Configuration conf)
{
this.conf = conf;
socketTimeout = conf.GetInt(DFSConfigKeys.DfsClientSocketTimeoutKey, HdfsServerConstants
.ReadTimeout);
socketWriteTimeout = conf.GetInt(DFSConfigKeys.DfsDatanodeSocketWriteTimeoutKey,
HdfsServerConstants.WriteTimeout);
socketKeepaliveTimeout = conf.GetInt(DFSConfigKeys.DfsDatanodeSocketReuseKeepaliveKey
, DFSConfigKeys.DfsDatanodeSocketReuseKeepaliveDefault);
/* Based on results on different platforms, we might need set the default
* to false on some of them. */
transferToAllowed = conf.GetBoolean(DFSConfigKeys.DfsDatanodeTransfertoAllowedKey
, DFSConfigKeys.DfsDatanodeTransfertoAllowedDefault);
writePacketSize = conf.GetInt(DFSConfigKeys.DfsClientWritePacketSizeKey, DFSConfigKeys
.DfsClientWritePacketSizeDefault);
readaheadLength = conf.GetLong(DFSConfigKeys.DfsDatanodeReadaheadBytesKey, DFSConfigKeys
.DfsDatanodeReadaheadBytesDefault);
dropCacheBehindWrites = conf.GetBoolean(DFSConfigKeys.DfsDatanodeDropCacheBehindWritesKey
, DFSConfigKeys.DfsDatanodeDropCacheBehindWritesDefault);
syncBehindWrites = conf.GetBoolean(DFSConfigKeys.DfsDatanodeSyncBehindWritesKey,
DFSConfigKeys.DfsDatanodeSyncBehindWritesDefault);
syncBehindWritesInBackground = conf.GetBoolean(DFSConfigKeys.DfsDatanodeSyncBehindWritesInBackgroundKey
, DFSConfigKeys.DfsDatanodeSyncBehindWritesInBackgroundDefault);
dropCacheBehindReads = conf.GetBoolean(DFSConfigKeys.DfsDatanodeDropCacheBehindReadsKey
, DFSConfigKeys.DfsDatanodeDropCacheBehindReadsDefault);
connectToDnViaHostname = conf.GetBoolean(DFSConfigKeys.DfsDatanodeUseDnHostname,
DFSConfigKeys.DfsDatanodeUseDnHostnameDefault);
this.blockReportInterval = conf.GetLong(DFSConfigKeys.DfsBlockreportIntervalMsecKey
, DFSConfigKeys.DfsBlockreportIntervalMsecDefault);
this.blockReportSplitThreshold = conf.GetLong(DFSConfigKeys.DfsBlockreportSplitThresholdKey
, DFSConfigKeys.DfsBlockreportSplitThresholdDefault);
this.cacheReportInterval = conf.GetLong(DFSConfigKeys.DfsCachereportIntervalMsecKey
, DFSConfigKeys.DfsCachereportIntervalMsecDefault);
this.dfsclientSlowIoWarningThresholdMs = conf.GetLong(DFSConfigKeys.DfsClientSlowIoWarningThresholdKey
, DFSConfigKeys.DfsClientSlowIoWarningThresholdDefault);
this.datanodeSlowIoWarningThresholdMs = conf.GetLong(DFSConfigKeys.DfsDatanodeSlowIoWarningThresholdKey
, DFSConfigKeys.DfsDatanodeSlowIoWarningThresholdDefault);
long initBRDelay = conf.GetLong(DFSConfigKeys.DfsBlockreportInitialDelayKey, DFSConfigKeys
.DfsBlockreportInitialDelayDefault) * 1000L;
if (initBRDelay >= blockReportInterval)
{
initBRDelay = 0;
DataNode.Log.Info("dfs.blockreport.initialDelay is greater than " + "dfs.blockreport.intervalMsec."
+ " Setting initial delay to 0 msec:");
}
initialBlockReportDelay = initBRDelay;
heartBeatInterval = conf.GetLong(DFSConfigKeys.DfsHeartbeatIntervalKey, DFSConfigKeys
.DfsHeartbeatIntervalDefault) * 1000L;
this.deleteReportInterval = 100 * heartBeatInterval;
// do we need to sync block file contents to disk when blockfile is closed?
this.syncOnClose = conf.GetBoolean(DFSConfigKeys.DfsDatanodeSynconcloseKey, DFSConfigKeys
.DfsDatanodeSynconcloseDefault);
this.minimumNameNodeVersion = conf.Get(DFSConfigKeys.DfsDatanodeMinSupportedNamenodeVersionKey
, DFSConfigKeys.DfsDatanodeMinSupportedNamenodeVersionDefault);
this.encryptDataTransfer = conf.GetBoolean(DFSConfigKeys.DfsEncryptDataTransferKey
, DFSConfigKeys.DfsEncryptDataTransferDefault);
this.encryptionAlgorithm = conf.Get(DFSConfigKeys.DfsDataEncryptionAlgorithmKey);
this.trustedChannelResolver = TrustedChannelResolver.GetInstance(conf);
this.saslPropsResolver = DataTransferSaslUtil.GetSaslPropertiesResolver(conf);
this.ignoreSecurePortsForTesting = conf.GetBoolean(DFSConfigKeys.IgnoreSecurePortsForTestingKey
, DFSConfigKeys.IgnoreSecurePortsForTestingDefault);
this.xceiverStopTimeout = conf.GetLong(DFSConfigKeys.DfsDatanodeXceiverStopTimeoutMillisKey
, DFSConfigKeys.DfsDatanodeXceiverStopTimeoutMillisDefault);
this.maxLockedMemory = conf.GetLong(DFSConfigKeys.DfsDatanodeMaxLockedMemoryKey,
DFSConfigKeys.DfsDatanodeMaxLockedMemoryDefault);
this.restartReplicaExpiry = conf.GetLong(DFSConfigKeys.DfsDatanodeRestartReplicaExpiryKey
, DFSConfigKeys.DfsDatanodeRestartReplicaExpiryDefault) * 1000L;
this.bpReadyTimeout = conf.GetLong(DFSConfigKeys.DfsDatanodeBpReadyTimeoutKey, DFSConfigKeys
.DfsDatanodeBpReadyTimeoutDefault);
}
/// <summary>Creates a new SaslDataTransferClient.</summary>
/// <remarks>
/// Creates a new SaslDataTransferClient. This constructor is used in cases
/// where it is not relevant to track if a secure client did a fallback to
/// simple auth. For intra-cluster connections between data nodes in the same
/// cluster, we can assume that all run under the same security configuration.
/// </remarks>
/// <param name="conf">the configuration</param>
/// <param name="saslPropsResolver">for determining properties of SASL negotiation</param>
/// <param name="trustedChannelResolver">
/// for identifying trusted connections that do
/// not require SASL negotiation
/// </param>
public SaslDataTransferClient(Configuration conf, SaslPropertiesResolver saslPropsResolver
, TrustedChannelResolver trustedChannelResolver)
: this(conf, saslPropsResolver, trustedChannelResolver, null)
{
}
