本文整理了Java中org.apache.hadoop.hbase.security.token.ZKSecretWatcher类的一些代码示例，展示了ZKSecretWatcher类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台，是从一些精选项目中提取出来的代码，具有较强的参考意义，能在一定程度帮忙到你。ZKSecretWatcher类的具体详情如下：
包路径：org.apache.hadoop.hbase.security.token.ZKSecretWatcher
类名称：ZKSecretWatcher

ZKSecretWatcher介绍

[英]Synchronizes token encryption keys across cluster nodes.
[中]跨群集节点同步令牌加密密钥。

代码示例

代码示例来源：origin: apache/hbase

/**
 * Create a new secret manager instance for generating keys.
 * @param conf Configuration to use
 * @param zk Connection to zookeeper for handling leader elections
 * @param keyUpdateInterval Time (in milliseconds) between rolling a new master key for token signing
 * @param tokenMaxLifetime Maximum age (in milliseconds) before a token expires and is no longer valid
 */
/* TODO: Restrict access to this constructor to make rogues instances more difficult.
 * For the moment this class is instantiated from
 * org.apache.hadoop.hbase.ipc.SecureServer so public access is needed.
 */
public AuthenticationTokenSecretManager(Configuration conf,
                    ZKWatcher zk, String serverName,
                    long keyUpdateInterval, long tokenMaxLifetime) {
 this.zkWatcher = new ZKSecretWatcher(conf, zk, this);
 this.keyUpdateInterval = keyUpdateInterval;
 this.tokenMaxLifetime = tokenMaxLifetime;
 this.leaderElector = new LeaderElector(zk, serverName);
 this.name = NAME_PREFIX+serverName;
 this.clusterId = new ZKClusterId(zk, zk);
}

代码示例来源：origin: apache/hbase

if(zkWatcher.getWatcher().isAborted()) {
 LOG.error("ZKWatcher is abort");
 throw new InvalidToken("Token keys could not be sync from zookeeper"
zkWatcher.refreshKeys();
if (LOG.isDebugEnabled()) {
 LOG.debug("Sync token keys from zookeeper");

代码示例来源：origin: apache/hbase

synchronized void rollCurrentKey() {
 if (!leaderElector.isMaster()) {
  LOG.info("Skipping rollCurrentKey() because not running as master.");
  return;
 }
 long now = EnvironmentEdgeManager.currentTime();
 AuthenticationKey prev = currentKey;
 AuthenticationKey newKey = new AuthenticationKey(++idSeq,
   Long.MAX_VALUE, // don't allow to expire until it's replaced by a new key
   generateSecret());
 allKeys.put(newKey.getKeyId(), newKey);
 currentKey = newKey;
 zkWatcher.addKeyToZK(newKey);
 lastKeyUpdate = now;
 if (prev != null) {
  // make sure previous key is still stored
  prev.setExpiration(now + tokenMaxLifetime);
  allKeys.put(prev.getKeyId(), prev);
  zkWatcher.updateKeyInZK(prev);
 }
}

代码示例来源：origin: apache/hbase

@Test
 public void testRefreshKeys() throws Exception {
  Configuration conf = TEST_UTIL.getConfiguration();
  ZKWatcher zk = newZK(conf, "127.0.0.1", new MockAbortable());
  AuthenticationTokenSecretManager keyManager =
    new AuthenticationTokenSecretManager(conf, zk, "127.0.0.1",
      60 * 60 * 1000, 60 * 1000);
  ZKSecretWatcher watcher = new ZKSecretWatcher(conf, zk, keyManager);
  ZKUtil.deleteChildrenRecursively(zk, watcher.getKeysParentZNode());
  Integer[] keys = { 1, 2, 3, 4, 5, 6 };
  for (Integer key : keys) {
   AuthenticationKey ak = new AuthenticationKey(key,
     System.currentTimeMillis() + 600 * 1000, null);
   ZKUtil.createWithParents(zk,
     ZNodePaths.joinZNode(watcher.getKeysParentZNode(), key.toString()),
     Writables.getBytes(ak));
  }
  Assert.assertNull(keyManager.getCurrentKey());
  watcher.refreshKeys();
  for (Integer key : keys) {
   Assert.assertNotNull(keyManager.getKey(key.intValue()));
  }
 }
}

代码示例来源：origin: apache/hbase

@Override
public void nodeCreated(String path) {
 if (path.equals(keysParentZNode)) {
  try {
   List<ZKUtil.NodeAndData> nodes =
     ZKUtil.getChildDataAndWatchForNewChildren(watcher, keysParentZNode);
   refreshNodes(nodes);
  } catch (KeeperException ke) {
   LOG.error(HBaseMarkers.FATAL, "Error reading data from zookeeper", ke);
   watcher.abort("Error reading new key znode "+path, ke);
  }
 }
}

代码示例来源：origin: apache/hbase

public void removeKeyFromZK(AuthenticationKey key) {
 String keyZNode = getKeyNode(key.getKeyId());
 try {
  ZKUtil.deleteNode(watcher, keyZNode);
 } catch (KeeperException.NoNodeException nne) {
  LOG.error("Non-existent znode "+keyZNode+" for key "+key.getKeyId(), nne);
 } catch (KeeperException ke) {
  LOG.error(HBaseMarkers.FATAL, "Failed removing znode "+keyZNode+" for key "+
    key.getKeyId(), ke);
  watcher.abort("Unhandled zookeeper error removing znode "+keyZNode+
    " for key "+key.getKeyId(), ke);
 }
}

代码示例来源：origin: apache/hbase

public void start() {
 try {
  // populate any existing keys
  this.zkWatcher.start();
  // try to become leader
  this.leaderElector.start();
 } catch (KeeperException ke) {
  LOG.error("ZooKeeper initialization failed", ke);
 }
}

代码示例来源：origin: apache/hbase

public LeaderElector(ZKWatcher watcher, String serverName) {
 setDaemon(true);
 setName("ZKSecretWatcher-leaderElector");
 zkLeader = new ZKLeaderManager(watcher,
   ZNodePaths.joinZNode(zkWatcher.getRootKeyZNode(), "keymaster"),
   Bytes.toBytes(serverName), this);
}

代码示例来源：origin: apache/hbase

synchronized void removeExpiredKeys() {
 if (!leaderElector.isMaster()) {
  LOG.info("Skipping removeExpiredKeys() because not running as master.");
  return;
 }
 long now = EnvironmentEdgeManager.currentTime();
 Iterator<AuthenticationKey> iter = allKeys.values().iterator();
 while (iter.hasNext()) {
  AuthenticationKey key = iter.next();
  if (key.getExpiration() < now) {
   if (LOG.isDebugEnabled()) {
    LOG.debug("Removing expired key "+key.getKeyId());
   }
   iter.remove();
   zkWatcher.removeKeyFromZK(key);
  }
 }
}

代码示例来源：origin: org.apache.hbase/hbase-server

@Test
 public void testRefreshKeys() throws Exception {
  Configuration conf = TEST_UTIL.getConfiguration();
  ZKWatcher zk = newZK(conf, "127.0.0.1", new MockAbortable());
  AuthenticationTokenSecretManager keyManager =
    new AuthenticationTokenSecretManager(conf, zk, "127.0.0.1",
      60 * 60 * 1000, 60 * 1000);
  ZKSecretWatcher watcher = new ZKSecretWatcher(conf, zk, keyManager);
  ZKUtil.deleteChildrenRecursively(zk, watcher.getKeysParentZNode());
  Integer[] keys = { 1, 2, 3, 4, 5, 6 };
  for (Integer key : keys) {
   AuthenticationKey ak = new AuthenticationKey(key,
     System.currentTimeMillis() + 600 * 1000, null);
   ZKUtil.createWithParents(zk,
     ZNodePaths.joinZNode(watcher.getKeysParentZNode(), key.toString()),
     Writables.getBytes(ak));
  }
  Assert.assertNull(keyManager.getCurrentKey());
  watcher.refreshKeys();
  for (Integer key : keys) {
   Assert.assertNotNull(keyManager.getKey(key.intValue()));
  }
 }
}

代码示例来源：origin: apache/hbase

@Override
public void nodeChildrenChanged(String path) {
 if (path.equals(keysParentZNode)) {
  // keys changed
  try {
   List<ZKUtil.NodeAndData> nodes =
     ZKUtil.getChildDataAndWatchForNewChildren(watcher, keysParentZNode);
   refreshNodes(nodes);
  } catch (KeeperException ke) {
   LOG.error(HBaseMarkers.FATAL, "Error reading data from zookeeper", ke);
   watcher.abort("Error reading changed keys from zookeeper", ke);
  }
 }
}

代码示例来源：origin: apache/hbase

public void addKeyToZK(AuthenticationKey key) {
 String keyZNode = getKeyNode(key.getKeyId());
 try {
  byte[] keyData = Writables.getBytes(key);
  // TODO: is there any point in retrying beyond what ZK client does?
  ZKUtil.createSetData(watcher, keyZNode, keyData);
 } catch (KeeperException ke) {
  LOG.error(HBaseMarkers.FATAL, "Unable to synchronize master key "+key.getKeyId()+
    " to znode "+keyZNode, ke);
  watcher.abort("Unable to synchronize secret key "+
    key.getKeyId()+" in zookeeper", ke);
 } catch (IOException ioe) {
  // this can only happen from an error serializing the key
  watcher.abort("Failed serializing key "+key.getKeyId(), ioe);
 }
}

代码示例来源：origin: harbby/presto-connectors

public void start() {
 try {
  // populate any existing keys
  this.zkWatcher.start();
  // try to become leader
  this.leaderElector.start();
 } catch (KeeperException ke) {
  LOG.error("Zookeeper initialization failed", ke);
 }
}

代码示例来源：origin: harbby/presto-connectors

public LeaderElector(ZooKeeperWatcher watcher, String serverName) {
 setDaemon(true);
 setName("ZKSecretWatcher-leaderElector");
 zkLeader = new ZKLeaderManager(watcher,
   ZKUtil.joinZNode(zkWatcher.getRootKeyZNode(), "keymaster"),
   Bytes.toBytes(serverName), this);
}

代码示例来源：origin: harbby/presto-connectors

synchronized void removeExpiredKeys() {
 if (!leaderElector.isMaster()) {
  LOG.info("Skipping removeExpiredKeys() because not running as master.");
  return;
 }
 long now = EnvironmentEdgeManager.currentTime();
 Iterator<AuthenticationKey> iter = allKeys.values().iterator();
 while (iter.hasNext()) {
  AuthenticationKey key = iter.next();
  if (key.getExpiration() < now) {
   if (LOG.isDebugEnabled()) {
    LOG.debug("Removing expired key "+key.getKeyId());
   }
   iter.remove();
   zkWatcher.removeKeyFromZK(key);
  }
 }
}

代码示例来源：origin: harbby/presto-connectors

if(zkWatcher.getWatcher().isAborted()) {
 LOG.error("ZookeeperWatcher is abort");
 throw new InvalidToken("Token keys could not be sync from zookeeper"
zkWatcher.refreshKeys();
if (LOG.isDebugEnabled()) {
 LOG.debug("Sync token keys from zookeeper");

代码示例来源：origin: apache/hbase

/**
 * refresh keys
 */
synchronized void refreshKeys() {
 try {
  List<ZKUtil.NodeAndData> nodes =
    ZKUtil.getChildDataAndWatchForNewChildren(watcher, keysParentZNode);
  refreshNodes(nodes);
 } catch (KeeperException ke) {
  LOG.error(HBaseMarkers.FATAL, "Error reading data from zookeeper", ke);
  watcher.abort("Error reading changed keys from zookeeper", ke);
 }
}

代码示例来源：origin: harbby/presto-connectors

synchronized void rollCurrentKey() {
 if (!leaderElector.isMaster()) {
  LOG.info("Skipping rollCurrentKey() because not running as master.");
  return;
 }
 long now = EnvironmentEdgeManager.currentTime();
 AuthenticationKey prev = currentKey;
 AuthenticationKey newKey = new AuthenticationKey(++idSeq,
   Long.MAX_VALUE, // don't allow to expire until it's replaced by a new key
   generateSecret());
 allKeys.put(newKey.getKeyId(), newKey);
 currentKey = newKey;
 zkWatcher.addKeyToZK(newKey);
 lastKeyUpdate = now;
 if (prev != null) {
  // make sure previous key is still stored
  prev.setExpiration(now + tokenMaxLifetime);
  allKeys.put(prev.getKeyId(), prev);
  zkWatcher.updateKeyInZK(prev);
 }
}

代码示例来源：origin: apache/hbase

public void updateKeyInZK(AuthenticationKey key) {
 String keyZNode = getKeyNode(key.getKeyId());
 try {
  byte[] keyData = Writables.getBytes(key);
  try {
   ZKUtil.updateExistingNodeData(watcher, keyZNode, keyData, -1);
  } catch (KeeperException.NoNodeException ne) {
   // node was somehow removed, try adding it back
   ZKUtil.createSetData(watcher, keyZNode, keyData);
  }
 } catch (KeeperException ke) {
  LOG.error(HBaseMarkers.FATAL, "Unable to update master key "+key.getKeyId()+
    " in znode "+keyZNode);
  watcher.abort("Unable to synchronize secret key "+
    key.getKeyId()+" in zookeeper", ke);
 } catch (IOException ioe) {
  // this can only happen from an error serializing the key
  watcher.abort("Failed serializing key "+key.getKeyId(), ioe);
 }
}

代码示例来源：origin: harbby/presto-connectors

/**
 * Create a new secret manager instance for generating keys.
 * @param conf Configuration to use
 * @param zk Connection to zookeeper for handling leader elections
 * @param keyUpdateInterval Time (in milliseconds) between rolling a new master key for token signing
 * @param tokenMaxLifetime Maximum age (in milliseconds) before a token expires and is no longer valid
 */
/* TODO: Restrict access to this constructor to make rogues instances more difficult.
 * For the moment this class is instantiated from
 * org.apache.hadoop.hbase.ipc.SecureServer so public access is needed.
 */
public AuthenticationTokenSecretManager(Configuration conf,
  ZooKeeperWatcher zk, String serverName,
  long keyUpdateInterval, long tokenMaxLifetime) {
 this.zkWatcher = new ZKSecretWatcher(conf, zk, this);
 this.keyUpdateInterval = keyUpdateInterval;
 this.tokenMaxLifetime = tokenMaxLifetime;
 this.leaderElector = new LeaderElector(zk, serverName);
 this.name = NAME_PREFIX+serverName;
 this.clusterId = new ZKClusterId(zk, zk);
}

org.apache.hadoop.hbase.security.token.ZKSecretWatcher类的使用及代码示例

ZKSecretWatcher介绍

代码示例

相关文章

热门标签

最新文章

ZKSecretWatcher类方法