001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.ipc; 019 020import java.io.IOException; 021import java.net.InetSocketAddress; 022import java.net.UnknownHostException; 023import java.util.concurrent.TimeUnit; 024import org.apache.hadoop.conf.Configuration; 025import org.apache.hadoop.hbase.HConstants; 026import org.apache.hadoop.hbase.client.MetricsConnection; 027import org.apache.hadoop.hbase.codec.Codec; 028import org.apache.hadoop.hbase.net.Address; 029import org.apache.hadoop.hbase.security.SecurityInfo; 030import org.apache.hadoop.hbase.security.User; 031import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider; 032import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProviders; 033import org.apache.hadoop.hbase.util.EnvironmentEdgeManager; 034import org.apache.hadoop.hbase.util.Pair; 035import org.apache.hadoop.io.compress.CompressionCodec; 036import org.apache.hadoop.security.token.Token; 037import org.apache.hadoop.security.token.TokenIdentifier; 038import org.apache.yetus.audience.InterfaceAudience; 039import org.slf4j.Logger; 040import org.slf4j.LoggerFactory; 041 042import org.apache.hbase.thirdparty.io.netty.util.HashedWheelTimer; 043import org.apache.hbase.thirdparty.io.netty.util.Timeout; 044import org.apache.hbase.thirdparty.io.netty.util.TimerTask; 045 046import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; 047import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.ConnectionHeader; 048import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation; 049 050/** 051 * Base class for ipc connection. 052 */ 053@InterfaceAudience.Private 054abstract class RpcConnection { 055 056 private static final Logger LOG = LoggerFactory.getLogger(RpcConnection.class); 057 058 protected final ConnectionId remoteId; 059 060 protected final boolean useSasl; 061 062 protected final Token<? extends TokenIdentifier> token; 063 064 protected final SecurityInfo securityInfo; 065 066 protected final int reloginMaxBackoff; // max pause before relogin on sasl failure 067 068 protected final Codec codec; 069 070 protected final CompressionCodec compressor; 071 072 protected final MetricsConnection metrics; 073 074 protected final HashedWheelTimer timeoutTimer; 075 076 protected final Configuration conf; 077 078 protected static String CRYPTO_AES_ENABLED_KEY = "hbase.rpc.crypto.encryption.aes.enabled"; 079 080 protected static boolean CRYPTO_AES_ENABLED_DEFAULT = false; 081 082 // the last time we were picked up from connection pool. 083 protected long lastTouched; 084 085 protected SaslClientAuthenticationProvider provider; 086 087 protected RpcConnection(Configuration conf, HashedWheelTimer timeoutTimer, ConnectionId remoteId, 088 String clusterId, boolean isSecurityEnabled, Codec codec, CompressionCodec compressor, 089 MetricsConnection metrics) throws IOException { 090 this.timeoutTimer = timeoutTimer; 091 this.codec = codec; 092 this.compressor = compressor; 093 this.conf = conf; 094 this.metrics = metrics; 095 User ticket = remoteId.getTicket(); 096 this.securityInfo = SecurityInfo.getInfo(remoteId.getServiceName()); 097 this.useSasl = isSecurityEnabled; 098 099 // Choose the correct Token and AuthenticationProvider for this client to use 100 SaslClientAuthenticationProviders providers = 101 SaslClientAuthenticationProviders.getInstance(conf); 102 Pair<SaslClientAuthenticationProvider, Token<? extends TokenIdentifier>> pair; 103 if (useSasl && securityInfo != null) { 104 pair = providers.selectProvider(clusterId, ticket); 105 if (pair == null) { 106 if (LOG.isTraceEnabled()) { 107 LOG.trace("Found no valid authentication method from providers={} with tokens={}", 108 providers.toString(), ticket.getTokens()); 109 } 110 throw new RuntimeException("Found no valid authentication method from options"); 111 } 112 } else if (!useSasl) { 113 // Hack, while SIMPLE doesn't go via SASL. 114 pair = providers.getSimpleProvider(); 115 } else { 116 throw new RuntimeException("Could not compute valid client authentication provider"); 117 } 118 119 this.provider = pair.getFirst(); 120 this.token = pair.getSecond(); 121 122 LOG.debug("Using {} authentication for service={}, sasl={}", 123 provider.getSaslAuthMethod().getName(), remoteId.serviceName, useSasl); 124 reloginMaxBackoff = conf.getInt("hbase.security.relogin.maxbackoff", 5000); 125 this.remoteId = remoteId; 126 } 127 128 protected final void scheduleTimeoutTask(final Call call) { 129 if (call.timeout > 0) { 130 call.timeoutTask = timeoutTimer.newTimeout(new TimerTask() { 131 132 @Override 133 public void run(Timeout timeout) throws Exception { 134 call.setTimeout(new CallTimeoutException(call.toShortString() + ", waitTime=" 135 + (EnvironmentEdgeManager.currentTime() - call.getStartTime()) + "ms, rpcTimeout=" 136 + call.timeout + "ms")); 137 callTimeout(call); 138 } 139 }, call.timeout, TimeUnit.MILLISECONDS); 140 } 141 } 142 143 protected final byte[] getConnectionHeaderPreamble() { 144 // Assemble the preamble up in a buffer first and then send it. Writing individual elements, 145 // they are getting sent across piecemeal according to wireshark and then server is messing 146 // up the reading on occasion (the passed in stream is not buffered yet). 147 148 // Preamble is six bytes -- 'HBas' + VERSION + AUTH_CODE 149 int rpcHeaderLen = HConstants.RPC_HEADER.length; 150 byte[] preamble = new byte[rpcHeaderLen + 2]; 151 System.arraycopy(HConstants.RPC_HEADER, 0, preamble, 0, rpcHeaderLen); 152 preamble[rpcHeaderLen] = HConstants.RPC_CURRENT_VERSION; 153 synchronized (this) { 154 preamble[rpcHeaderLen + 1] = provider.getSaslAuthMethod().getCode(); 155 } 156 return preamble; 157 } 158 159 protected final ConnectionHeader getConnectionHeader() { 160 final ConnectionHeader.Builder builder = ConnectionHeader.newBuilder(); 161 builder.setServiceName(remoteId.getServiceName()); 162 final UserInformation userInfoPB = provider.getUserInfo(remoteId.ticket); 163 if (userInfoPB != null) { 164 builder.setUserInfo(userInfoPB); 165 } 166 if (this.codec != null) { 167 builder.setCellBlockCodecClass(this.codec.getClass().getCanonicalName()); 168 } 169 if (this.compressor != null) { 170 builder.setCellBlockCompressorClass(this.compressor.getClass().getCanonicalName()); 171 } 172 builder.setVersionInfo(ProtobufUtil.getVersionInfo()); 173 boolean isCryptoAESEnable = conf.getBoolean(CRYPTO_AES_ENABLED_KEY, CRYPTO_AES_ENABLED_DEFAULT); 174 // if Crypto AES enable, setup Cipher transformation 175 if (isCryptoAESEnable) { 176 builder.setRpcCryptoCipherTransformation( 177 conf.get("hbase.rpc.crypto.encryption.aes.cipher.transform", "AES/CTR/NoPadding")); 178 } 179 return builder.build(); 180 } 181 182 protected final InetSocketAddress getRemoteInetAddress(MetricsConnection metrics) 183 throws UnknownHostException { 184 if (metrics != null) { 185 metrics.incrNsLookups(); 186 } 187 InetSocketAddress remoteAddr = Address.toSocketAddress(remoteId.getAddress()); 188 if (remoteAddr.isUnresolved()) { 189 if (metrics != null) { 190 metrics.incrNsLookupsFailed(); 191 } 192 throw new UnknownHostException(remoteId.getAddress() + " could not be resolved"); 193 } 194 return remoteAddr; 195 } 196 197 protected abstract void callTimeout(Call call); 198 199 public ConnectionId remoteId() { 200 return remoteId; 201 } 202 203 public long getLastTouched() { 204 return lastTouched; 205 } 206 207 public void setLastTouched(long lastTouched) { 208 this.lastTouched = lastTouched; 209 } 210 211 /** 212 * Tell the idle connection sweeper whether we could be swept. 213 */ 214 public abstract boolean isActive(); 215 216 /** 217 * Just close connection. Do not need to remove from connection pool. 218 */ 219 public abstract void shutdown(); 220 221 public abstract void sendRequest(Call call, HBaseRpcController hrc) throws IOException; 222 223 /** 224 * Does the clean up work after the connection is removed from the connection pool 225 */ 226 public abstract void cleanupConnection(); 227}