org.apache.hadoop.hbase.zookeeper.ZKWatcher.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.hadoop.hbase.zookeeper.ZKWatcher.java

Source

/*
 *
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.hbase.zookeeper;

import java.io.Closeable;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Abortable;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.ZooKeeperConnectionException;
import org.apache.hadoop.hbase.security.Superusers;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.yetus.audience.InterfaceAudience;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooDefs.Ids;
import org.apache.zookeeper.ZooDefs.Perms;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Acts as the single ZooKeeper Watcher.  One instance of this is instantiated
 * for each Master, RegionServer, and client process.
 *
 * <p>This is the only class that implements {@link Watcher}.  Other internal
 * classes which need to be notified of ZooKeeper events must register with
 * the local instance of this watcher via {@link #registerListener}.
 *
 * <p>This class also holds and manages the connection to ZooKeeper.  Code to
 * deal with connection related events and exceptions are handled here.
 */
@InterfaceAudience.Private
public class ZKWatcher implements Watcher, Abortable, Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(ZKWatcher.class);

    // Identifier for this watcher (for logging only).  It is made of the prefix
    // passed on construction and the zookeeper sessionid.
    private String prefix;
    private String identifier;

    // zookeeper quorum
    private String quorum;

    // zookeeper connection
    private final RecoverableZooKeeper recoverableZooKeeper;

    // abortable in case of zk failure
    protected Abortable abortable;
    // Used if abortable is null
    private boolean aborted = false;

    private final ZNodePaths znodePaths;

    // listeners to be notified
    private final List<ZKListener> listeners = new CopyOnWriteArrayList<>();

    // Used by ZKUtil:waitForZKConnectionIfAuthenticating to wait for SASL
    // negotiation to complete
    private CountDownLatch saslLatch = new CountDownLatch(1);

    private final Configuration conf;

    /* A pattern that matches a Kerberos name, borrowed from Hadoop's KerberosName */
    private static final Pattern NAME_PATTERN = Pattern.compile("([^/@]*)(/([^/@]*))?@([^/@]*)");

    /**
     * Instantiate a ZooKeeper connection and watcher.
     * @param identifier string that is passed to RecoverableZookeeper to be used as
     *                   identifier for this instance. Use null for default.
     * @throws IOException if the connection to ZooKeeper fails
     * @throws ZooKeeperConnectionException if the client can't connect to ZooKeeper
     */
    public ZKWatcher(Configuration conf, String identifier, Abortable abortable)
            throws ZooKeeperConnectionException, IOException {
        this(conf, identifier, abortable, false);
    }

    /**
     * Instantiate a ZooKeeper connection and watcher.
     * @param conf the configuration to use
     * @param identifier string that is passed to RecoverableZookeeper to be used as identifier for
     *          this instance. Use null for default.
     * @param abortable Can be null if there is on error there is no host to abort: e.g. client
     *          context.
     * @param canCreateBaseZNode true if a base ZNode can be created
     * @throws IOException if the connection to ZooKeeper fails
     * @throws ZooKeeperConnectionException if the client can't connect to ZooKeeper
     */
    public ZKWatcher(Configuration conf, String identifier, Abortable abortable, boolean canCreateBaseZNode)
            throws IOException, ZooKeeperConnectionException {
        this(conf, identifier, abortable, canCreateBaseZNode, false);
    }

    /**
     * Instantiate a ZooKeeper connection and watcher.
     * @param conf the configuration to use
     * @param identifier string that is passed to RecoverableZookeeper to be used as identifier for
     *          this instance. Use null for default.
     * @param abortable Can be null if there is on error there is no host to abort: e.g. client
     *          context.
     * @param canCreateBaseZNode true if a base ZNode can be created
     * @param clientZK whether this watcher is set to access client ZK
     * @throws IOException if the connection to ZooKeeper fails
     * @throws ZooKeeperConnectionException if the connection to Zookeeper fails when create base
     *           ZNodes
     */
    public ZKWatcher(Configuration conf, String identifier, Abortable abortable, boolean canCreateBaseZNode,
            boolean clientZK) throws IOException, ZooKeeperConnectionException {
        this.conf = conf;
        if (clientZK) {
            String clientZkQuorumServers = ZKConfig.getClientZKQuorumServersString(conf);
            String serverZkQuorumServers = ZKConfig.getZKQuorumServersString(conf);
            if (clientZkQuorumServers != null) {
                if (clientZkQuorumServers.equals(serverZkQuorumServers)) {
                    // Don't allow same settings to avoid dead loop when master trying
                    // to sync meta information from server ZK to client ZK
                    throw new IllegalArgumentException(
                            "The quorum settings for client ZK should be different from those for server");
                }
                this.quorum = clientZkQuorumServers;
            } else {
                this.quorum = serverZkQuorumServers;
            }
        } else {
            this.quorum = ZKConfig.getZKQuorumServersString(conf);
        }
        this.prefix = identifier;
        // Identifier will get the sessionid appended later below down when we
        // handle the syncconnect event.
        this.identifier = identifier + "0x0";
        this.abortable = abortable;
        this.znodePaths = new ZNodePaths(conf);
        PendingWatcher pendingWatcher = new PendingWatcher();
        this.recoverableZooKeeper = ZKUtil.connect(conf, quorum, pendingWatcher, identifier);
        pendingWatcher.prepare(this);
        if (canCreateBaseZNode) {
            try {
                createBaseZNodes();
            } catch (ZooKeeperConnectionException zce) {
                try {
                    this.recoverableZooKeeper.close();
                } catch (InterruptedException ie) {
                    LOG.debug("Encountered InterruptedException when closing " + this.recoverableZooKeeper);
                    Thread.currentThread().interrupt();
                }
                throw zce;
            }
        }
    }

    private void createBaseZNodes() throws ZooKeeperConnectionException {
        try {
            // Create all the necessary "directories" of znodes
            ZKUtil.createWithParents(this, znodePaths.baseZNode);
            ZKUtil.createAndFailSilent(this, znodePaths.rsZNode);
            ZKUtil.createAndFailSilent(this, znodePaths.drainingZNode);
            ZKUtil.createAndFailSilent(this, znodePaths.tableZNode);
            ZKUtil.createAndFailSilent(this, znodePaths.splitLogZNode);
            ZKUtil.createAndFailSilent(this, znodePaths.backupMasterAddressesZNode);
            ZKUtil.createAndFailSilent(this, znodePaths.tableLockZNode);
            ZKUtil.createAndFailSilent(this, znodePaths.masterMaintZNode);
        } catch (KeeperException e) {
            throw new ZooKeeperConnectionException(prefix("Unexpected KeeperException creating base node"), e);
        }
    }

    /**
     * On master start, we check the znode ACLs under the root directory and set the ACLs properly
     * if needed. If the cluster goes from an unsecure setup to a secure setup, this step is needed
     * so that the existing znodes created with open permissions are now changed with restrictive
     * perms.
     */
    public void checkAndSetZNodeAcls() {
        if (!ZKUtil.isSecureZooKeeper(getConfiguration())) {
            LOG.info("not a secure deployment, proceeding");
            return;
        }

        // Check the base znodes permission first. Only do the recursion if base znode's perms are not
        // correct.
        try {
            List<ACL> actualAcls = recoverableZooKeeper.getAcl(znodePaths.baseZNode, new Stat());

            if (!isBaseZnodeAclSetup(actualAcls)) {
                LOG.info("setting znode ACLs");
                setZnodeAclsRecursive(znodePaths.baseZNode);
            }
        } catch (KeeperException.NoNodeException nne) {
            return;
        } catch (InterruptedException ie) {
            interruptedExceptionNoThrow(ie, false);
        } catch (IOException | KeeperException e) {
            LOG.warn("Received exception while checking and setting zookeeper ACLs", e);
        }
    }

    /**
     * Set the znode perms recursively. This will do post-order recursion, so that baseZnode ACLs
     * will be set last in case the master fails in between.
     * @param znode the ZNode to set the permissions for
     */
    private void setZnodeAclsRecursive(String znode) throws KeeperException, InterruptedException {
        List<String> children = recoverableZooKeeper.getChildren(znode, false);

        for (String child : children) {
            setZnodeAclsRecursive(ZNodePaths.joinZNode(znode, child));
        }
        List<ACL> acls = ZKUtil.createACL(this, znode, true);
        LOG.info("Setting ACLs for znode:" + znode + " , acl:" + acls);
        recoverableZooKeeper.setAcl(znode, acls, -1);
    }

    /**
     * Checks whether the ACLs returned from the base znode (/hbase) is set for secure setup.
     * @param acls acls from zookeeper
     * @return whether ACLs are set for the base znode
     * @throws IOException if getting the current user fails
     */
    private boolean isBaseZnodeAclSetup(List<ACL> acls) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking znode ACLs");
        }
        String[] superUsers = conf.getStrings(Superusers.SUPERUSER_CONF_KEY);
        // Check whether ACL set for all superusers
        if (superUsers != null && !checkACLForSuperUsers(superUsers, acls)) {
            return false;
        }

        // this assumes that current authenticated user is the same as zookeeper client user
        // configured via JAAS
        String hbaseUser = UserGroupInformation.getCurrentUser().getShortUserName();

        if (acls.isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("ACL is empty");
            }
            return false;
        }

        for (ACL acl : acls) {
            int perms = acl.getPerms();
            Id id = acl.getId();
            // We should only set at most 3 possible ACLs for 3 Ids. One for everyone, one for superuser
            // and one for the hbase user
            if (Ids.ANYONE_ID_UNSAFE.equals(id)) {
                if (perms != Perms.READ) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x", id,
                                perms, Perms.READ));
                    }
                    return false;
                }
            } else if (superUsers != null && isSuperUserId(superUsers, id)) {
                if (perms != Perms.ALL) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x", id,
                                perms, Perms.ALL));
                    }
                    return false;
                }
            } else if ("sasl".equals(id.getScheme())) {
                String name = id.getId();
                // If ZooKeeper recorded the Kerberos full name in the ACL, use only the shortname
                Matcher match = NAME_PATTERN.matcher(name);
                if (match.matches()) {
                    name = match.group(1);
                }
                if (name.equals(hbaseUser)) {
                    if (perms != Perms.ALL) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x",
                                    id, perms, Perms.ALL));
                        }
                        return false;
                    }
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Unexpected shortname in SASL ACL: " + id);
                    }
                    return false;
                }
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("unexpected ACL id '" + id + "'");
                }
                return false;
            }
        }
        return true;
    }

    /*
     * Validate whether ACL set for all superusers.
     */
    private boolean checkACLForSuperUsers(String[] superUsers, List<ACL> acls) {
        for (String user : superUsers) {
            boolean hasAccess = false;
            // TODO: Validate super group members also when ZK supports setting node ACL for groups.
            if (!AuthUtil.isGroupPrincipal(user)) {
                for (ACL acl : acls) {
                    if (user.equals(acl.getId().getId())) {
                        if (acl.getPerms() == Perms.ALL) {
                            hasAccess = true;
                        } else {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug(String.format(
                                        "superuser '%s' does not have correct permissions: have 0x%x, want 0x%x",
                                        acl.getId().getId(), acl.getPerms(), Perms.ALL));
                            }
                        }
                        break;
                    }
                }
                if (!hasAccess) {
                    return false;
                }
            }
        }
        return true;
    }

    /*
     * Validate whether ACL ID is superuser.
     */
    public static boolean isSuperUserId(String[] superUsers, Id id) {
        for (String user : superUsers) {
            // TODO: Validate super group members also when ZK supports setting node ACL for groups.
            if (!AuthUtil.isGroupPrincipal(user) && new Id("sasl", user).equals(id)) {
                return true;
            }
        }
        return false;
    }

    @Override
    public String toString() {
        return this.identifier + ", quorum=" + quorum + ", baseZNode=" + znodePaths.baseZNode;
    }

    /**
     * Adds this instance's identifier as a prefix to the passed <code>str</code>
     * @param str String to amend.
     * @return A new string with this instance's identifier as prefix: e.g.
     *         if passed 'hello world', the returned string could be
     */
    public String prefix(final String str) {
        return this.toString() + " " + str;
    }

    /**
     * Get the znodes corresponding to the meta replicas from ZK
     * @return list of znodes
     * @throws KeeperException if a ZooKeeper operation fails
     */
    public List<String> getMetaReplicaNodes() throws KeeperException {
        List<String> childrenOfBaseNode = ZKUtil.listChildrenNoWatch(this, znodePaths.baseZNode);
        List<String> metaReplicaNodes = new ArrayList<>(2);
        if (childrenOfBaseNode != null) {
            String pattern = conf.get("zookeeper.znode.metaserver", "meta-region-server");
            for (String child : childrenOfBaseNode) {
                if (child.startsWith(pattern)) {
                    metaReplicaNodes.add(child);
                }
            }
        }
        return metaReplicaNodes;
    }

    /**
     * Register the specified listener to receive ZooKeeper events.
     * @param listener the listener to register
     */
    public void registerListener(ZKListener listener) {
        listeners.add(listener);
    }

    /**
     * Register the specified listener to receive ZooKeeper events and add it as
     * the first in the list of current listeners.
     * @param listener the listener to register
     */
    public void registerListenerFirst(ZKListener listener) {
        listeners.add(0, listener);
    }

    public void unregisterListener(ZKListener listener) {
        listeners.remove(listener);
    }

    /**
     * Clean all existing listeners
     */
    public void unregisterAllListeners() {
        listeners.clear();
    }

    /**
     * Get a copy of current registered listeners
     */
    public List<ZKListener> getListeners() {
        return new ArrayList<>(listeners);
    }

    /**
     * @return The number of currently registered listeners
     */
    public int getNumberOfListeners() {
        return listeners.size();
    }

    /**
     * Get the connection to ZooKeeper.
     * @return connection reference to zookeeper
     */
    public RecoverableZooKeeper getRecoverableZooKeeper() {
        return recoverableZooKeeper;
    }

    public void reconnectAfterExpiration() throws IOException, KeeperException, InterruptedException {
        recoverableZooKeeper.reconnectAfterExpiration();
    }

    /**
     * Get the quorum address of this instance.
     * @return quorum string of this zookeeper connection instance
     */
    public String getQuorum() {
        return quorum;
    }

    /**
     * Get the znodePaths.
     * <p>
     * Mainly used for mocking as mockito can not mock a field access.
     */
    public ZNodePaths getZNodePaths() {
        return znodePaths;
    }

    /**
     * Method called from ZooKeeper for events and connection status.
     * <p>
     * Valid events are passed along to listeners.  Connection status changes
     * are dealt with locally.
     */
    @Override
    public void process(WatchedEvent event) {
        LOG.debug(prefix("Received ZooKeeper Event, " + "type=" + event.getType() + ", " + "state="
                + event.getState() + ", " + "path=" + event.getPath()));

        switch (event.getType()) {

        // If event type is NONE, this is a connection status change
        case None: {
            connectionEvent(event);
            break;
        }

        // Otherwise pass along to the listeners

        case NodeCreated: {
            for (ZKListener listener : listeners) {
                listener.nodeCreated(event.getPath());
            }
            break;
        }

        case NodeDeleted: {
            for (ZKListener listener : listeners) {
                listener.nodeDeleted(event.getPath());
            }
            break;
        }

        case NodeDataChanged: {
            for (ZKListener listener : listeners) {
                listener.nodeDataChanged(event.getPath());
            }
            break;
        }

        case NodeChildrenChanged: {
            for (ZKListener listener : listeners) {
                listener.nodeChildrenChanged(event.getPath());
            }
            break;
        }
        default:
            throw new IllegalStateException("Received event is not valid: " + event.getState());
        }
    }

    // Connection management

    /**
     * Called when there is a connection-related event via the Watcher callback.
     * <p>
     * If Disconnected or Expired, this should shutdown the cluster. But, since
     * we send a KeeperException.SessionExpiredException along with the abort
     * call, it's possible for the Abortable to catch it and try to create a new
     * session with ZooKeeper. This is what the client does in HCM.
     * <p>
     * @param event the connection-related event
     */
    private void connectionEvent(WatchedEvent event) {
        switch (event.getState()) {
        case SyncConnected:
            this.identifier = this.prefix + "-0x" + Long.toHexString(this.recoverableZooKeeper.getSessionId());
            // Update our identifier.  Otherwise ignore.
            LOG.debug(this.identifier + " connected");
            break;

        // Abort the server if Disconnected or Expired
        case Disconnected:
            LOG.debug(prefix("Received Disconnected from ZooKeeper, ignoring"));
            break;

        case Expired:
            String msg = prefix(this.identifier + " received expired from " + "ZooKeeper, aborting");
            // TODO: One thought is to add call to ZKListener so say,
            // ZKNodeTracker can zero out its data values.
            if (this.abortable != null) {
                this.abortable.abort(msg, new KeeperException.SessionExpiredException());
            }
            break;

        case ConnectedReadOnly:
        case SaslAuthenticated:
        case AuthFailed:
            break;

        default:
            throw new IllegalStateException("Received event is not valid: " + event.getState());
        }
    }

    /**
     * Forces a synchronization of this ZooKeeper client connection.
     * <p>
     * Executing this method before running other methods will ensure that the
     * subsequent operations are up-to-date and consistent as of the time that
     * the sync is complete.
     * <p>
     * This is used for compareAndSwap type operations where we need to read the
     * data of an existing node and delete or transition that node, utilizing the
     * previously read version and data.  We want to ensure that the version read
     * is up-to-date from when we begin the operation.
     */
    public void sync(String path) throws KeeperException {
        this.recoverableZooKeeper.sync(path, null, null);
    }

    /**
     * Handles KeeperExceptions in client calls.
     * <p>
     * This may be temporary but for now this gives one place to deal with these.
     * <p>
     * TODO: Currently this method rethrows the exception to let the caller handle
     * <p>
     * @param ke the exception to rethrow
     * @throws KeeperException if a ZooKeeper operation fails
     */
    public void keeperException(KeeperException ke) throws KeeperException {
        LOG.error(prefix("Received unexpected KeeperException, re-throwing exception"), ke);
        throw ke;
    }

    /**
     * Handles InterruptedExceptions in client calls.
     * @param ie the InterruptedException instance thrown
     * @throws KeeperException the exception to throw, transformed from the InterruptedException
     */
    public void interruptedException(InterruptedException ie) throws KeeperException {
        interruptedExceptionNoThrow(ie, true);
        // Throw a system error exception to let upper level handle it
        KeeperException keeperException = new KeeperException.SystemErrorException();
        keeperException.initCause(ie);
        throw keeperException;
    }

    /**
     * Log the InterruptedException and interrupt current thread
     * @param ie The IterruptedException to log
     * @param throwLater Whether we will throw the exception latter
     */
    public void interruptedExceptionNoThrow(InterruptedException ie, boolean throwLater) {
        LOG.debug(prefix("Received InterruptedException, will interrupt current thread"
                + (throwLater ? " and rethrow a SystemErrorException" : "")), ie);
        // At least preserve interrupt.
        Thread.currentThread().interrupt();
    }

    /**
     * Close the connection to ZooKeeper.
     *
     */
    @Override
    public void close() {
        try {
            recoverableZooKeeper.close();
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }

    public Configuration getConfiguration() {
        return conf;
    }

    @Override
    public void abort(String why, Throwable e) {
        if (this.abortable != null) {
            this.abortable.abort(why, e);
        } else {
            this.aborted = true;
        }
    }

    @Override
    public boolean isAborted() {
        return this.abortable == null ? this.aborted : this.abortable.isAborted();
    }
}