001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase;
019
020import java.io.IOException;
021import javax.management.remote.JMXConnector;
022import javax.management.remote.JMXConnectorFactory;
023import javax.naming.ServiceUnavailableException;
024import org.apache.hadoop.conf.Configuration;
025import org.apache.hadoop.hbase.client.Admin;
026import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
027import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
028import org.apache.hadoop.hbase.coprocessor.ObserverContext;
029import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment;
030import org.apache.hadoop.hbase.security.AccessDeniedException;
031import org.apache.hadoop.hbase.security.access.AccessControlLists;
032import org.apache.hadoop.hbase.security.access.AccessController;
033import org.apache.hadoop.hbase.testclassification.MediumTests;
034import org.apache.hadoop.hbase.testclassification.MiscTests;
035import org.apache.hadoop.hbase.util.Threads;
036import org.junit.After;
037import org.junit.Assert;
038import org.junit.Before;
039import org.junit.ClassRule;
040import org.junit.Test;
041import org.junit.experimental.categories.Category;
042import org.slf4j.Logger;
043import org.slf4j.LoggerFactory;
044
045/**
046 * Test case for JMX Connector Server.
047 */
048@Category({ MiscTests.class, MediumTests.class })
049public class TestJMXConnectorServer {
050
051  @ClassRule
052  public static final HBaseClassTestRule CLASS_RULE =
053      HBaseClassTestRule.forClass(TestJMXConnectorServer.class);
054
055  private static final Logger LOG = LoggerFactory.getLogger(TestJMXConnectorServer.class);
056  private static HBaseTestingUtility UTIL = new HBaseTestingUtility();
057
058  private static Configuration conf = null;
059  private static Admin admin;
060  // RMI registry port
061  private static int rmiRegistryPort = 61120;
062  // Switch for customized Accesscontroller to throw ACD exception while executing test case
063  static boolean hasAccess;
064
065  @Before
066  public void setUp() throws Exception {
067    UTIL = new HBaseTestingUtility();
068    conf = UTIL.getConfiguration();
069  }
070
071  @After
072  public void tearDown() throws Exception {
073    // Set to true while stopping cluster
074    hasAccess = true;
075    admin.close();
076    UTIL.shutdownMiniCluster();
077  }
078
079  /**
080   * This tests to validate the HMaster's ConnectorServer after unauthorised stopMaster call.
081   */
082  @Test
083  public void testHMConnectorServerWhenStopMaster() throws Exception {
084    conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY,
085      JMXListener.class.getName() + "," + MyAccessController.class.getName());
086    conf.setInt("master.rmi.registry.port", rmiRegistryPort);
087    UTIL.startMiniCluster();
088    admin = UTIL.getConnection().getAdmin();
089
090    // try to stop master
091    boolean accessDenied = false;
092    try {
093      hasAccess = false;
094      LOG.info("Stopping HMaster...");
095      admin.stopMaster();
096    } catch (AccessDeniedException e) {
097      LOG.info("Exception occurred while stopping HMaster. ", e);
098      accessDenied = true;
099    }
100    Assert.assertTrue(accessDenied);
101
102    // Check whether HMaster JMX Connector server can be connected
103    JMXConnector connector = null;
104    try {
105      connector = JMXConnectorFactory
106          .connect(JMXListener.buildJMXServiceURL(rmiRegistryPort, rmiRegistryPort));
107    } catch (IOException e) {
108      if (e.getCause() instanceof ServiceUnavailableException) {
109        Assert.fail("Can't connect to HMaster ConnectorServer.");
110      }
111    }
112    Assert.assertNotNull("JMXConnector should not be null.", connector);
113    connector.close();
114  }
115
116  /**
117   * This tests to validate the RegionServer's ConnectorServer after unauthorised stopRegionServer
118   * call.
119   */
120  @Test
121  public void testRSConnectorServerWhenStopRegionServer() throws Exception {
122    conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY,
123      JMXListener.class.getName() + "," + MyAccessController.class.getName());
124    conf.setInt("regionserver.rmi.registry.port", rmiRegistryPort);
125    UTIL.startMiniCluster();
126    admin = UTIL.getConnection().getAdmin();
127
128    hasAccess = false;
129    ServerName serverName = UTIL.getHBaseCluster().getRegionServer(0).getServerName();
130    LOG.info("Stopping Region Server...");
131    admin.stopRegionServer(serverName.getHostname() + ":" + serverName.getPort());
132
133    // Check whether Region Sever JMX Connector server can be connected
134    JMXConnector connector = null;
135    try {
136      connector = JMXConnectorFactory
137          .connect(JMXListener.buildJMXServiceURL(rmiRegistryPort, rmiRegistryPort));
138    } catch (IOException e) {
139      if (e.getCause() instanceof ServiceUnavailableException) {
140        Assert.fail("Can't connect to Region Server ConnectorServer.");
141      }
142    }
143    Assert.assertNotNull("JMXConnector should not be null.", connector);
144    connector.close();
145  }
146
147  /**
148   * This tests to validate the HMaster's ConnectorServer after unauthorised shutdown call.
149   */
150  @Test
151  public void testHMConnectorServerWhenShutdownCluster() throws Exception {
152    conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY,
153      JMXListener.class.getName() + "," + MyAccessController.class.getName());
154    conf.setInt("master.rmi.registry.port", rmiRegistryPort);
155
156    UTIL.startMiniCluster();
157    admin = UTIL.getConnection().getAdmin();
158
159    boolean accessDenied = false;
160    try {
161      hasAccess = false;
162      LOG.info("Stopping HMaster...");
163      admin.shutdown();
164    } catch (AccessDeniedException e) {
165      LOG.error("Exception occurred while stopping HMaster. ", e);
166      accessDenied = true;
167    }
168    Assert.assertTrue(accessDenied);
169
170    // Check whether HMaster JMX Connector server can be connected
171    JMXConnector connector = null;
172    try {
173      connector = JMXConnectorFactory
174          .connect(JMXListener.buildJMXServiceURL(rmiRegistryPort, rmiRegistryPort));
175    } catch (IOException e) {
176      if (e.getCause() instanceof ServiceUnavailableException) {
177        Assert.fail("Can't connect to HMaster ConnectorServer.");
178      }
179    }
180    Assert.assertNotNull("JMXConnector should not be null.", connector);
181    connector.close();
182  }
183
184  /*
185   * Customized class for test case execution which will throw ACD exception while executing
186   * stopMaster/preStopRegionServer/preShutdown explicitly.
187   */
188  public static class MyAccessController extends AccessController {
189    @Override
190    public void postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException {
191      // Do nothing. In particular, stop the creation of the hbase:acl table. It makes the
192      // shutdown take time.
193    }
194
195    @Override
196    public void preStopMaster(ObserverContext<MasterCoprocessorEnvironment> c) throws IOException {
197      if (!hasAccess) {
198        throw new AccessDeniedException("Insufficient permissions to stop master");
199      }
200    }
201
202    @Override
203    public void preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
204        throws IOException {
205      if (!hasAccess) {
206        throw new AccessDeniedException("Insufficient permissions to stop region server.");
207      }
208    }
209
210    @Override
211    public void preShutdown(ObserverContext<MasterCoprocessorEnvironment> c) throws IOException {
212      if (!hasAccess) {
213        throw new AccessDeniedException("Insufficient permissions to shut down cluster.");
214      }
215    }
216
217    @Override
218    public void preExecuteProcedures(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
219        throws IOException {
220      // FIXME: ignore the procedure permission check since in our UT framework master is neither
221      // the systemuser nor the superuser so we can not call executeProcedures...
222    }
223  }
224}