View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.rest;
20  
21  import java.util.ArrayList;
22  import java.util.HashSet;
23  import java.util.List;
24  import java.util.Map;
25  import java.util.Map.Entry;
26  import java.util.Set;
27  
28  import org.apache.commons.cli.CommandLine;
29  import org.apache.commons.cli.HelpFormatter;
30  import org.apache.commons.cli.Options;
31  import org.apache.commons.cli.ParseException;
32  import org.apache.commons.cli.PosixParser;
33  import org.apache.commons.lang.ArrayUtils;
34  import org.apache.commons.logging.Log;
35  import org.apache.commons.logging.LogFactory;
36  import org.apache.hadoop.hbase.classification.InterfaceAudience;
37  import org.apache.hadoop.conf.Configuration;
38  import org.apache.hadoop.hbase.HBaseConfiguration;
39  import org.apache.hadoop.hbase.HBaseInterfaceAudience;
40  import org.apache.hadoop.hbase.http.HttpServer;
41  import org.apache.hadoop.hbase.http.InfoServer;
42  import org.apache.hadoop.hbase.rest.filter.AuthFilter;
43  import org.apache.hadoop.hbase.rest.filter.RestCsrfPreventionFilter;
44  import org.apache.hadoop.hbase.security.UserProvider;
45  import org.apache.hadoop.hbase.util.DNS;
46  import org.apache.hadoop.hbase.util.HttpServerUtil;
47  import org.apache.hadoop.hbase.util.Pair;
48  import org.apache.hadoop.hbase.util.Strings;
49  import org.apache.hadoop.hbase.util.VersionInfo;
50  import org.apache.hadoop.util.StringUtils;
51  import org.mortbay.jetty.Connector;
52  import org.mortbay.jetty.Server;
53  import org.mortbay.jetty.nio.SelectChannelConnector;
54  import org.mortbay.jetty.security.SslSelectChannelConnector;
55  import org.mortbay.jetty.servlet.Context;
56  import org.mortbay.jetty.servlet.FilterHolder;
57  import org.mortbay.jetty.servlet.ServletHolder;
58  import org.mortbay.thread.QueuedThreadPool;
59  
60  import com.google.common.base.Preconditions;
61  import com.sun.jersey.api.json.JSONConfiguration;
62  import com.sun.jersey.spi.container.servlet.ServletContainer;
63  
64  /**
65   * Main class for launching REST gateway as a servlet hosted by Jetty.
66   * <p>
67   * The following options are supported:
68   * <ul>
69   * <li>-p --port : service port</li>
70   * <li>-ro --readonly : server mode</li>
71   * </ul>
72   */
73  @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.TOOLS)
74  public class RESTServer implements Constants {
75    static Log LOG = LogFactory.getLog("RESTServer");
76  
77    static String REST_CSRF_ENABLED_KEY = "hbase.rest.csrf.enabled";
78    static boolean REST_CSRF_ENABLED_DEFAULT = false;
79    static boolean restCSRFEnabled = false;
80    static String REST_CSRF_CUSTOM_HEADER_KEY ="hbase.rest.csrf.custom.header";
81    static String REST_CSRF_CUSTOM_HEADER_DEFAULT = "X-XSRF-HEADER";
82    static String REST_CSRF_METHODS_TO_IGNORE_KEY = "hbase.rest.csrf.methods.to.ignore";
83    static String REST_CSRF_METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
84  
85    private static void printUsageAndExit(Options options, int exitCode) {
86      HelpFormatter formatter = new HelpFormatter();
87      formatter.printHelp("bin/hbase rest start", "", options,
88        "\nTo run the REST server as a daemon, execute " +
89        "bin/hbase-daemon.sh start|stop rest [--infoport <port>] [-p <port>] [-ro]\n", true);
90      System.exit(exitCode);
91    }
92  
93    /**
94     * Returns a list of strings from a comma-delimited configuration value.
95     *
96     * @param conf configuration to check
97     * @param name configuration property name
98     * @param defaultValue default value if no value found for name
99     * @return list of strings from comma-delimited configuration value, or an
100    *     empty list if not found
101    */
102   private static List<String> getTrimmedStringList(Configuration conf,
103     String name, String defaultValue) {
104     String valueString = conf.get(name, defaultValue);
105     if (valueString == null) {
106       return new ArrayList<>();
107     }
108     return new ArrayList<>(StringUtils.getTrimmedStringCollection(valueString));
109   }
110 
111   static String REST_CSRF_BROWSER_USERAGENTS_REGEX_KEY = "hbase.rest-csrf.browser-useragents-regex";
112   static void addCSRFFilter(Context context, Configuration conf) {
113     restCSRFEnabled = conf.getBoolean(REST_CSRF_ENABLED_KEY, REST_CSRF_ENABLED_DEFAULT);
114     if (restCSRFEnabled) {
115       String[] urls = { "/*" };
116       Set<String> restCsrfMethodsToIgnore = new HashSet<>();
117       restCsrfMethodsToIgnore.addAll(getTrimmedStringList(conf,
118         REST_CSRF_METHODS_TO_IGNORE_KEY, REST_CSRF_METHODS_TO_IGNORE_DEFAULT));
119       Map<String, String> restCsrfParams = RestCsrfPreventionFilter
120           .getFilterParams(conf, "hbase.rest-csrf.");
121       HttpServer.defineFilter(context, "csrf", RestCsrfPreventionFilter.class.getName(),
122         restCsrfParams, urls);
123     }
124   }
125 
126   // login the server principal (if using secure Hadoop)
127   private static Pair<FilterHolder, Class<? extends ServletContainer>> loginServerPrincipal(
128     UserProvider userProvider, Configuration conf) throws Exception {
129     Class<? extends ServletContainer> containerClass = ServletContainer.class;
130     if (userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled()) {
131       String machineName = Strings.domainNamePointerToHostName(
132         DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"),
133           conf.get(REST_DNS_NAMESERVER, "default")));
134       String keytabFilename = conf.get(REST_KEYTAB_FILE);
135       Preconditions.checkArgument(keytabFilename != null && !keytabFilename.isEmpty(),
136         REST_KEYTAB_FILE + " should be set if security is enabled");
137       String principalConfig = conf.get(REST_KERBEROS_PRINCIPAL);
138       Preconditions.checkArgument(principalConfig != null && !principalConfig.isEmpty(),
139         REST_KERBEROS_PRINCIPAL + " should be set if security is enabled");
140       userProvider.login(REST_KEYTAB_FILE, REST_KERBEROS_PRINCIPAL, machineName);
141       if (conf.get(REST_AUTHENTICATION_TYPE) != null) {
142         containerClass = RESTServletContainer.class;
143         FilterHolder authFilter = new FilterHolder();
144         authFilter.setClassName(AuthFilter.class.getName());
145         authFilter.setName("AuthenticationFilter");
146         return new Pair<FilterHolder, Class<? extends ServletContainer>>(authFilter,containerClass);
147       }
148     }
149     return new Pair<FilterHolder, Class<? extends ServletContainer>>(null, containerClass);
150   }
151 
152   private static void parseCommandLine(String[] args, RESTServlet servlet) {
153     Options options = new Options();
154     options.addOption("p", "port", true, "Port to bind to [default: " + DEFAULT_LISTEN_PORT + "]");
155     options.addOption("ro", "readonly", false, "Respond only to GET HTTP " +
156       "method requests [default: false]");
157     options.addOption(null, "infoport", true, "Port for web UI");
158 
159     CommandLine commandLine = null;
160     try {
161       commandLine = new PosixParser().parse(options, args);
162     } catch (ParseException e) {
163       LOG.error("Could not parse: ", e);
164       printUsageAndExit(options, -1);
165     }
166 
167     // check for user-defined port setting, if so override the conf
168     if (commandLine != null && commandLine.hasOption("port")) {
169       String val = commandLine.getOptionValue("port");
170       servlet.getConfiguration().setInt("hbase.rest.port", Integer.parseInt(val));
171       if (LOG.isDebugEnabled()) {
172         LOG.debug("port set to " + val);
173       }
174     }
175
176     // check if server should only process GET requests, if so override the conf
177     if (commandLine != null && commandLine.hasOption("readonly")) {
178       servlet.getConfiguration().setBoolean("hbase.rest.readonly", true);
179       if (LOG.isDebugEnabled()) {
180         LOG.debug("readonly set to true");
181       }
182     }
183
184     // check for user-defined info server port setting, if so override the conf
185     if (commandLine != null && commandLine.hasOption("infoport")) {
186       String val = commandLine.getOptionValue("infoport");
187       servlet.getConfiguration().setInt("hbase.rest.info.port", Integer.parseInt(val));
188       if (LOG.isDebugEnabled()) {
189         LOG.debug("Web UI port set to " + val);
190       }
191     }
192
193     @SuppressWarnings("unchecked")
194     List<String> remainingArgs = commandLine != null ?
195         commandLine.getArgList() : new ArrayList<String>();
196     if (remainingArgs.size() != 1) {
197       printUsageAndExit(options, 1);
198     }
199
200     String command = remainingArgs.get(0);
201     if ("start".equals(command)) {
202       // continue and start container
203     } else if ("stop".equals(command)) {
204       System.exit(1);
205     } else {
206       printUsageAndExit(options, 1);
207     }
208   }
209
210   /**
211    * The main method for the HBase rest server.
212    * @param args command-line arguments
213    * @throws Exception exception
214    */
215   public static void main(String[] args) throws Exception {
216     VersionInfo.logVersion();
217     Configuration conf = HBaseConfiguration.create();
218     UserProvider userProvider = UserProvider.instantiate(conf);
219     Pair<FilterHolder, Class<? extends ServletContainer>> pair = loginServerPrincipal(
220       userProvider, conf);
221     FilterHolder authFilter = pair.getFirst();
222     Class<? extends ServletContainer> containerClass = pair.getSecond();
223     RESTServlet servlet = RESTServlet.getInstance(conf, userProvider);
224
225     parseCommandLine(args, servlet);
226
227     // set up the Jersey servlet container for Jetty
228     ServletHolder sh = new ServletHolder(containerClass);
229     sh.setInitParameter(
230       "com.sun.jersey.config.property.resourceConfigClass",
231       ResourceConfig.class.getCanonicalName());
232     sh.setInitParameter("com.sun.jersey.config.property.packages",
233       "jetty");
234     // The servlet holder below is instantiated to only handle the case
235     // of the /status/cluster returning arrays of nodes (live/dead). Without
236     // this servlet holder, the problem is that the node arrays in the response
237     // are collapsed to single nodes. We want to be able to treat the
238     // node lists as POJO in the response to /status/cluster servlet call,
239     // but not change the behavior for any of the other servlets
240     // Hence we don't use the servlet holder for all servlets / paths
241     ServletHolder shPojoMap = new ServletHolder(containerClass);
242     @SuppressWarnings("unchecked")
243     Map<String, String> shInitMap = sh.getInitParameters();
244     for (Entry<String, String> e : shInitMap.entrySet()) {
245       shPojoMap.setInitParameter(e.getKey(), e.getValue());
246     }
247     shPojoMap.setInitParameter(JSONConfiguration.FEATURE_POJO_MAPPING, "true");
248
249     // set up Jetty and run the embedded server
250
251     Server server = new Server();
252
253     Connector connector = new SelectChannelConnector();
254     if(conf.getBoolean(REST_SSL_ENABLED, false)) {
255       SslSelectChannelConnector sslConnector = new SslSelectChannelConnector();
256       String keystore = conf.get(REST_SSL_KEYSTORE_STORE);
257       String password = HBaseConfiguration.getPassword(conf,
258         REST_SSL_KEYSTORE_PASSWORD, null);
259       String keyPassword = HBaseConfiguration.getPassword(conf,
260         REST_SSL_KEYSTORE_KEYPASSWORD, password);
261       sslConnector.setKeystore(keystore);
262       sslConnector.setPassword(password);
263       sslConnector.setKeyPassword(keyPassword);
264       connector = sslConnector;
265     }
266     connector.setPort(servlet.getConfiguration().getInt("hbase.rest.port", DEFAULT_LISTEN_PORT));
267     connector.setHost(servlet.getConfiguration().get("hbase.rest.host", "0.0.0.0"));
268     connector.setHeaderBufferSize(65536);
269
270     server.addConnector(connector);
271
272     // Set the default max thread number to 100 to limit
273     // the number of concurrent requests so that REST server doesn't OOM easily.
274     // Jetty set the default max thread number to 250, if we don't set it.
275     //
276     // Our default min thread number 2 is the same as that used by Jetty.
277     int maxThreads = servlet.getConfiguration().getInt("hbase.rest.threads.max", 100);
278     int minThreads = servlet.getConfiguration().getInt("hbase.rest.threads.min", 2);
279     QueuedThreadPool threadPool = new QueuedThreadPool(maxThreads);
280     threadPool.setMinThreads(minThreads);
281     server.setThreadPool(threadPool);
282
283     server.setSendServerVersion(false);
284     server.setSendDateHeader(false);
285     server.setStopAtShutdown(true);
286       // set up context
287     Context context = new Context(server, "/", Context.SESSIONS);
288     context.addServlet(shPojoMap, "/status/cluster");
289     context.addServlet(sh, "/*");
290     if (authFilter != null) {
291       context.addFilter(authFilter, "/*", 1);
292     }
293
294     // Load filters from configuration.
295     String[] filterClasses = servlet.getConfiguration().getStrings(FILTER_CLASSES,
296       ArrayUtils.EMPTY_STRING_ARRAY);
297     for (String filter : filterClasses) {
298       filter = filter.trim();
299       context.addFilter(Class.forName(filter), "/*", 0);
300     }
301     addCSRFFilter(context, conf);
302     HttpServerUtil.constrainHttpMethods(context);
303
304     // Put up info server.
305     int port = conf.getInt("hbase.rest.info.port", 8085);
306     if (port >= 0) {
307       conf.setLong("startcode", System.currentTimeMillis());
308       String a = conf.get("hbase.rest.info.bindAddress", "0.0.0.0");
309       InfoServer infoServer = new InfoServer("rest", a, port, false, conf);
310       infoServer.setAttribute("hbase.conf", conf);
311       infoServer.start();
312     }
313     // start server
314     server.start();
315     server.join();
316   }
317 }