public virtual void TestACLs() { DelegationTokenManager tm1; string connectString = zkServer.GetConnectString(); Configuration conf = GetSecretConf(connectString); RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3); string userPass = "******"; ACL digestACL = new ACL(ZooDefs.Perms.All, new ID("digest", DigestAuthenticationProvider .GenerateDigest(userPass))); ACLProvider digestAclProvider = new _ACLProvider_319(digestACL); CuratorFramework curatorFramework = CuratorFrameworkFactory.Builder().ConnectString (connectString).RetryPolicy(retryPolicy).AclProvider(digestAclProvider).Authorization ("digest", Runtime.GetBytesForString(userPass, "UTF-8")).Build(); curatorFramework.Start(); ZKDelegationTokenSecretManager.SetCurator(curatorFramework); tm1 = new DelegationTokenManager(conf, new Text("bla")); tm1.Init(); // check ACL string workingPath = conf.Get(ZKDelegationTokenSecretManager.ZkDtsmZnodeWorkingPath ); VerifyACL(curatorFramework, "/" + workingPath, digestACL); tm1.Destroy(); ZKDelegationTokenSecretManager.SetCurator(null); curatorFramework.Close(); }
/// <summary>Start the service.</summary> /// <remarks> /// Start the service. /// This is where the curator instance is started. /// </remarks> /// <exception cref="System.Exception"/> protected override void ServiceStart() { base.ServiceStart(); // create the curator; rely on the registry security code // to set up the JVM context and curator curator = CreateCurator(); }
public void stateChanged(CuratorFramework client, ConnectionState newState) { if (ConnectionState.CONNECTED == newState || ConnectionState.RECONNECTED == newState) { logAsErrorConnectionErrors.set(true); } }
/// <exception cref="System.Exception"/> public void ChildEvent(CuratorFramework client, PathChildrenCacheEvent @event) { switch (@event.GetType()) { case PathChildrenCacheEvent.Type.ChildAdded: { this._enclosing.ProcessTokenAddOrUpdate(@event.GetData()); break; } case PathChildrenCacheEvent.Type.ChildUpdated: { this._enclosing.ProcessTokenAddOrUpdate(@event.GetData()); break; } case PathChildrenCacheEvent.Type.ChildRemoved: { this._enclosing.ProcessTokenRemoved(@event.GetData()); break; } default: { break; } } }
/// <summary>This method creates the Curator client and connects to ZooKeeper.</summary> /// <param name="config">configuration properties</param> /// <returns>A Curator client</returns> /// <exception cref="System.Exception"/> protected internal virtual CuratorFramework CreateCuratorClient(Properties config ) { string connectionString = config.GetProperty(ZookeeperConnectionString, "localhost:2181" ); RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3); ACLProvider aclProvider; string authType = config.GetProperty(ZookeeperAuthType, "none"); if (authType.Equals("sasl")) { Log.Info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs"); string principal = SetJaasConfiguration(config); Runtime.SetProperty(ZooKeeperSaslClient.LoginContextNameKey, JaasLoginEntryName); Runtime.SetProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider" ); aclProvider = new ZKSignerSecretProvider.SASLOwnerACLProvider(principal); } else { // "none" Log.Info("Connecting to ZooKeeper without authentication"); aclProvider = new DefaultACLProvider(); } // open to everyone CuratorFramework cf = CuratorFrameworkFactory.Builder().ConnectString(connectionString ).RetryPolicy(retryPolicy).AclProvider(aclProvider).Build(); cf.Start(); return(cf); }
public virtual void TestNamespace() { Timing timing = new Timing(); ChildReaper reaper = null; CuratorFramework client = CuratorFrameworkFactory.Builder().ConnectString(server. GetConnectString()).SessionTimeoutMs(timing.Session()).ConnectionTimeoutMs(timing .Connection()).RetryPolicy(new RetryOneTime(1)).Namespace("foo").Build(); try { client.Start(); for (int i = 0; i < 10; ++i) { client.Create().CreatingParentsIfNeeded().ForPath("/test/" + Extensions.ToString (i)); } reaper = new ChildReaper(client, "/test", Reaper.Mode.ReapUntilDelete, 1); reaper.Start(); timing.ForWaiting().SleepABit(); Stat stat = client.CheckExists().ForPath("/test"); Assert.Equal(stat.GetNumChildren(), 0); stat = client.UsingNamespace(null).CheckExists().ForPath("/foo/test"); NUnit.Framework.Assert.IsNotNull(stat); Assert.Equal(stat.GetNumChildren(), 0); } finally { CloseableUtils.CloseQuietly(reaper); CloseableUtils.CloseQuietly(client); } }
public virtual void TestSimple() { Timing timing = new Timing(); ChildReaper reaper = null; CuratorFramework client = CuratorFrameworkFactory.NewClient(server.GetConnectString (), timing.Session(), timing.Connection(), new RetryOneTime(1)); try { client.Start(); for (int i = 0; i < 10; ++i) { client.Create().CreatingParentsIfNeeded().ForPath("/test/" + Extensions.ToString (i)); } reaper = new ChildReaper(client, "/test", Reaper.Mode.ReapUntilDelete, 1); reaper.Start(); timing.ForWaiting().SleepABit(); Stat stat = client.CheckExists().ForPath("/test"); Assert.Equal(stat.GetNumChildren(), 0); } finally { CloseableUtils.CloseQuietly(reaper); CloseableUtils.CloseQuietly(client); } }
/// <exception cref="System.Exception"/> private void VerifyACL(CuratorFramework curatorFramework, string path, ACL expectedACL ) { IList <ACL> acls = curatorFramework.GetACL().ForPath(path); Assert.Equal(1, acls.Count); Assert.Equal(expectedACL, acls[0]); }
/// <exception cref="System.Exception"/> public virtual void ProcessResult(CuratorFramework client, CuratorEvent @event) { if (Log.IsDebugEnabled()) { Log.Debug("Delete event {}", @event); } events.IncrementAndGet(); }
/// <summary>Create a path dumper -but do not dump the path until asked</summary> /// <param name="curator">curator instance</param> /// <param name="root">root</param> /// <param name="verbose">verbose flag - includes more details (such as ACLs)</param> public ZKPathDumper(CuratorFramework curator, string root, bool verbose) { Preconditions.CheckArgument(curator != null); Preconditions.CheckArgument(root != null); this.curator = curator; this.root = root; this.verbose = verbose; }
/// <exception cref="System.Exception"/> public override void Init(Properties config, ServletContext servletContext, long tokenValidity) { object curatorClientObj = servletContext.GetAttribute(ZookeeperSignerSecretProviderCuratorClientAttribute ); if (curatorClientObj != null && curatorClientObj is CuratorFramework) { client = (CuratorFramework)curatorClientObj; } else { client = CreateCuratorClient(config); servletContext.SetAttribute(ZookeeperSignerSecretProviderCuratorClientAttribute, client); } this.tokenValidity = tokenValidity; shouldDisconnect = System.Boolean.Parse(config.GetProperty(DisconnectFromZookeeperOnShutdown , "true")); path = config.GetProperty(ZookeeperPath); if (path == null) { throw new ArgumentException(ZookeeperPath + " must be specified"); } try { nextRolloverDate = Runtime.CurrentTimeMillis() + tokenValidity; // everyone tries to do this, only one will succeed and only when the // znode doesn't already exist. Everyone else will synchronize on the // data from the znode client.Create().CreatingParentsIfNeeded().ForPath(path, GenerateZKData(GenerateRandomSecret (), GenerateRandomSecret(), null)); zkVersion = 0; Log.Info("Creating secret znode"); } catch (KeeperException.NodeExistsException) { Log.Info("The secret znode already exists, retrieving data"); } // Synchronize on the data from the znode // passing true tells it to parse out all the data for initing PullFromZK(true); long initialDelay = nextRolloverDate - Runtime.CurrentTimeMillis(); // If it's in the past, try to find the next interval that we should // be using if (initialDelay < 1l) { int i = 1; while (initialDelay < 1l) { initialDelay = nextRolloverDate + tokenValidity * i - Runtime.CurrentTimeMillis(); i++; } } base.StartScheduler(initialDelay, tokenValidity); }
/// <param name="client">the client</param> /// <param name="path">path to reap children from</param> /// <param name="executor">executor to use for background tasks</param> /// <param name="reapingThresholdMs">threshold in milliseconds that determines that a path can be deleted /// </param> /// <param name="mode">reaping mode</param> /// <param name="leaderPath">if not null, uses a leader selection so that only 1 reaper is active in the cluster /// </param> public ChildReaper(CuratorFramework client, string path, Reaper.Mode mode, ScheduledExecutorService executor, int reapingThresholdMs, string leaderPath) { this.client = client; this.mode = mode; this.executor = new CloseableScheduledExecutorService(executor); this.reapingThresholdMs = reapingThresholdMs; this.reaper = new Reaper(client, executor, reapingThresholdMs, leaderPath); AddPath(path); }
public void processResult(CuratorFramework client, ICuratorEvent @event) { _service.execute(RunnableUtils.FromFunc(() => { try { _callback.processResult(_client, @event); } catch (Exception e) { ThreadUtils.checkInterrupted(e); var keeperException = e as KeeperException; if (keeperException != null) { _client.validateConnection(_client.codeToState(keeperException)); } _client.logError("Background operation result handling threw exception", e); } })); }
private ZooKeeperClient(CuratorFramework curator, ILog log, ConnectionStringRandomizer connectionStringRandomizer) { this.connectionStringRandomizer = connectionStringRandomizer; Curator = curator; Curator.getConnectionStateListenable() .addListener( new ConnectionListener( state => { RandomizeConnectionStringIfNeeded(state); if (ConnectionStateChanged != null) { ConnectionStateChanged(state); } }) ); baseLog = log; Log = log.ForContext("ZK"); InterceptLogger(); watcherWrappers = new ConcurrentDictionary <IWatcher, WatcherWrapper>(new ReferenceEqualityComparer <IWatcher>()); }
/** * @param client the client * @param threadFactory thread factory to use or null for a default */ public ConnectionStateManager(CuratorFramework client, int queueSize) { this.client = client; service = ThreadUtils.newSingleThreadExecutor(GetType().FullName); QUEUE_SIZE = queueSize <= 0 ? 25 : queueSize; }
/// <exception cref="System.IO.IOException"/> public override void StartThreads() { if (!isExternalClient) { try { zkClient.Start(); } catch (Exception e) { throw new IOException("Could not start Curator Framework", e); } } else { // If namespace parents are implicitly created, they won't have ACLs. // So, let's explicitly create them. CuratorFramework nullNsFw = zkClient.UsingNamespace(null); EnsurePath ensureNs = nullNsFw.NewNamespaceAwareEnsurePath("/" + zkClient.GetNamespace ()); try { ensureNs.Ensure(nullNsFw.GetZookeeperClient()); } catch (Exception e) { throw new IOException("Could not create namespace", e); } } listenerThreadPool = Executors.NewSingleThreadExecutor(); try { delTokSeqCounter = new SharedCount(zkClient, ZkDtsmSeqnumRoot, 0); if (delTokSeqCounter != null) { delTokSeqCounter.Start(); } } catch (Exception e) { throw new IOException("Could not start Sequence Counter", e); } try { keyIdSeqCounter = new SharedCount(zkClient, ZkDtsmKeyidRoot, 0); if (keyIdSeqCounter != null) { keyIdSeqCounter.Start(); } } catch (Exception e) { throw new IOException("Could not start KeyId Counter", e); } try { CreatePersistentNode(ZkDtsmMasterKeyRoot); CreatePersistentNode(ZkDtsmTokensRoot); } catch (Exception) { throw new RuntimeException("Could not create ZK paths"); } try { keyCache = new PathChildrenCache(zkClient, ZkDtsmMasterKeyRoot, true); if (keyCache != null) { keyCache.Start(PathChildrenCache.StartMode.BuildInitialCache); keyCache.GetListenable().AddListener(new _PathChildrenCacheListener_340(this), listenerThreadPool ); } } catch (Exception e) { throw new IOException("Could not start PathChildrenCache for keys", e); } try { tokenCache = new PathChildrenCache(zkClient, ZkDtsmTokensRoot, true); if (tokenCache != null) { tokenCache.Start(PathChildrenCache.StartMode.BuildInitialCache); tokenCache.GetListenable().AddListener(new _PathChildrenCacheListener_368(this), listenerThreadPool); } } catch (Exception e) { throw new IOException("Could not start PathChildrenCache for tokens", e); } base.StartThreads(); }
internal FailedDeleteManager(CuratorFramework client) { this.client = client; }
/** * @param client the client * @param path path to ensure is containers */ public EnsureContainers(CuratorFramework client, string path) { this.client = client; this.path = path; }
public ZKDelegationTokenSecretManager(Configuration conf) : base(conf.GetLong(DelegationTokenManager.UpdateInterval, DelegationTokenManager .UpdateIntervalDefault) * 1000, conf.GetLong(DelegationTokenManager.MaxLifetime, DelegationTokenManager.MaxLifetimeDefault) * 1000, conf.GetLong(DelegationTokenManager .RenewInterval, DelegationTokenManager.RenewIntervalDefault * 1000), conf.GetLong (DelegationTokenManager.RemovalScanInterval, DelegationTokenManager.RemovalScanIntervalDefault ) * 1000) { shutdownTimeout = conf.GetLong(ZkDtsmZkShutdownTimeout, ZkDtsmZkShutdownTimeoutDefault ); if (CuratorTl.Get() != null) { zkClient = CuratorTl.Get().UsingNamespace(conf.Get(ZkDtsmZnodeWorkingPath, ZkDtsmZnodeWorkingPathDeafult ) + "/" + ZkDtsmNamespace); isExternalClient = true; } else { string connString = conf.Get(ZkDtsmZkConnectionString); Preconditions.CheckNotNull(connString, "Zookeeper connection string cannot be null" ); string authType = conf.Get(ZkDtsmZkAuthType); // AuthType has to be explicitly set to 'none' or 'sasl' Preconditions.CheckNotNull(authType, "Zookeeper authType cannot be null !!"); Preconditions.CheckArgument(authType.Equals("sasl") || authType.Equals("none"), "Zookeeper authType must be one of [none, sasl]" ); CuratorFrameworkFactory.Builder builder = null; try { ACLProvider aclProvider = null; if (authType.Equals("sasl")) { Log.Info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs"); string principal = SetJaasConfiguration(conf); Runtime.SetProperty(ZooKeeperSaslClient.LoginContextNameKey, JaasLoginEntryName); Runtime.SetProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider" ); aclProvider = new ZKDelegationTokenSecretManager.SASLOwnerACLProvider(principal); } else { // "none" Log.Info("Connecting to ZooKeeper without authentication"); aclProvider = new DefaultACLProvider(); } // open to everyone int sessionT = conf.GetInt(ZkDtsmZkSessionTimeout, ZkDtsmZkSessionTimeoutDefault); int numRetries = conf.GetInt(ZkDtsmZkNumRetries, ZkDtsmZkNumRetriesDefault); builder = CuratorFrameworkFactory.Builder().AclProvider(aclProvider).Namespace(conf .Get(ZkDtsmZnodeWorkingPath, ZkDtsmZnodeWorkingPathDeafult) + "/" + ZkDtsmNamespace ).SessionTimeoutMs(sessionT).ConnectionTimeoutMs(conf.GetInt(ZkDtsmZkConnectionTimeout , ZkDtsmZkConnectionTimeoutDefault)).RetryPolicy(new RetryNTimes(numRetries, sessionT / numRetries)); } catch (Exception) { throw new RuntimeException("Could not Load ZK acls or auth"); } zkClient = builder.EnsembleProvider(new FixedEnsembleProvider(connString)).Build( ); isExternalClient = false; } }
/// <param name="client">the client</param> /// <param name="path">path to reap children from</param> /// <param name="reapingThresholdMs">threshold in milliseconds that determines that a path can be deleted /// </param> /// <param name="mode">reaping mode</param> public ChildReaper(CuratorFramework client, string path, Reaper.Mode mode, int reapingThresholdMs ) : this(client, path, mode, NewExecutorService(), reapingThresholdMs, null) { }
/// <param name="client">the client</param> /// <param name="path">path to reap children from</param> /// <param name="executor">executor to use for background tasks</param> /// <param name="reapingThresholdMs">threshold in milliseconds that determines that a path can be deleted /// </param> /// <param name="mode">reaping mode</param> public ChildReaper(CuratorFramework client, string path, Reaper.Mode mode, ScheduledExecutorService executor, int reapingThresholdMs) : this(client, path, mode, executor, reapingThresholdMs, null) { }
public static void SetCurator(CuratorFramework curator) { CuratorTl.Set(curator); }
/// <exception cref="System.Exception"/> public virtual void ProcessResult(CuratorFramework client, CuratorEvent @event) { Log.Info("received {}", @event); eventCounter.IncrementAndGet(); events.Put(@event); }
public void stateChanged(CuratorFramework client, ConnectionState newState) { if (ConnectionState.CONNECTED == newState || ConnectionState.RECONNECTED == newState) { logAsErrorConnectionErrors.set(true); } }
public void stateChanged(CuratorFramework curator, org.apache.curator.framework.state.ConnectionState state) { callback((ConnectionState)state.ordinal()); }
/** * @param client the client * @param threadFactory thread factory to use or null for a default */ public ConnectionStateManager(CuratorFramework client, int queueSize) { this.client = client; service = ThreadUtils.newSingleThreadExecutor(GetType().FullName); QUEUE_SIZE = queueSize <= 0 ? 25 : queueSize; }
internal FailedDeleteManager(CuratorFramework client) { this.client = client; }
public void processResult(CuratorFramework client, ICuratorEvent @event) { _service.execute(RunnableUtils.FromFunc(() => { try { _callback.processResult(_client, @event); } catch ( Exception e ) { ThreadUtils.checkInterrupted(e); var keeperException = e as KeeperException; if ( keeperException != null ) { _client.validateConnection(_client.codeToState(keeperException)); } _client.logError("Background operation result handling threw exception", e); } })); }
/** * @param client the client * @param path path to ensure is containers */ public EnsureContainers(CuratorFramework client, string path) { this.client = client; this.path = path; }