View Javadoc

1   /**
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  
20  package org.apache.hadoop.hbase.zookeeper;
21  
22  import java.util.List;
23  
24  import org.apache.commons.logging.Log;
25  import org.apache.commons.logging.LogFactory;
26  import org.apache.hadoop.conf.Configuration;
27  import org.apache.hadoop.conf.Configured;
28  import org.apache.hadoop.hbase.HBaseConfiguration;
29  import org.apache.hadoop.hbase.classification.InterfaceAudience;
30  import org.apache.hadoop.util.Tool;
31  import org.apache.hadoop.util.ToolRunner;
32  import org.apache.zookeeper.ZooDefs;
33  import org.apache.zookeeper.ZooKeeper;
34  
35  /**
36   * You may add the jaas.conf option
37   *    -Djava.security.auth.login.config=/PATH/jaas.conf
38   *
39   * You may also specify -D to set options
40   *    "hbase.zookeeper.quorum"    (it should be in hbase-site.xml)
41   *    "zookeeper.znode.parent"    (it should be in hbase-site.xml)
42   *
43   * Use -set-acls to set the ACLs, no option to erase ACLs
44   */
45  @InterfaceAudience.Private
46  public class ZkAclReset extends Configured implements Tool {
47    private static final Log LOG = LogFactory.getLog(ZkAclReset.class);
48  
49    private static void resetAcls(final ZooKeeperWatcher zkw, final String znode,
50        final boolean eraseAcls) throws Exception {
51      List<String> children = ZKUtil.listChildrenNoWatch(zkw, znode);
52      if (children != null) {
53        for (String child: children) {
54          resetAcls(zkw, ZKUtil.joinZNode(znode, child), eraseAcls);
55        }
56      }
57  
58      ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper();
59      if (eraseAcls) {
60        LOG.info(" - erase ACLs for " + znode);
61        zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1);
62      } else {
63        LOG.info(" - set ACLs for " + znode);
64        zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1);
65      }
66    }
67  
68    private static void resetAcls(final Configuration conf, boolean eraseAcls)
69        throws Exception {
70      ZooKeeperWatcher zkw = new ZooKeeperWatcher(conf, "ZkAclReset", null);
71      try {
72        LOG.info((eraseAcls ? "Erase" : "Set") + " HBase ACLs for " +
73                  zkw.getQuorum() + " " + zkw.getBaseZNode());
74        resetAcls(zkw, zkw.getBaseZNode(), eraseAcls);
75      } finally {
76        zkw.close();
77      }
78    }
79  
80    private void printUsageAndExit() {
81      System.err.printf("Usage: bin/hbase %s [options]%n", getClass().getName());
82      System.err.println(" where [options] are:");
83      System.err.println("  -h|-help                Show this help and exit.");
84      System.err.println("  -set-acls               Setup the hbase znode ACLs for a secure cluster");
85      System.err.println();
86      System.err.println("Examples:");
87      System.err.println("  To reset the ACLs to the unsecure cluster behavior:");
88      System.err.println("  hbase " + getClass().getName());
89      System.err.println();
90      System.err.println("  To reset the ACLs to the secure cluster behavior:");
91      System.err.println("  hbase " + getClass().getName() + " -set-acls");
92      System.exit(1);
93    }
94  
95    @Override
96    public int run(String[] args) throws Exception {
97      boolean eraseAcls = true;
98  
99      for (int i = 0; i < args.length; ++i) {
100       if (args[i].equals("-help")) {
101         printUsageAndExit();
102       } else if (args[i].equals("-set-acls")) {
103         eraseAcls = false;
104       } else {
105         printUsageAndExit();
106       }
107     }
108 
109     resetAcls(getConf(), eraseAcls);
110     return(0);
111   }
112 
113   public static void main(String[] args) throws Exception {
114     System.exit(ToolRunner.run(HBaseConfiguration.create(), new ZkAclReset(), args));
115   }
116 }