test/src/main/java/org/apache/accumulo/test/replication/KerberosReplicationIT.java - accumulo - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.accumulo.test.replication;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;

 import java.security.PrivilegedExceptionAction;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;

 import org.apache.accumulo.cluster.ClusterUser;
 import org.apache.accumulo.core.client.AccumuloClient;
 import org.apache.accumulo.core.client.BatchWriter;
 import org.apache.accumulo.core.client.admin.NewTableConfiguration;
 import org.apache.accumulo.core.client.security.tokens.KerberosToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.clientImpl.ClientInfo;
 import org.apache.accumulo.core.conf.ClientProperty;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Mutation;
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.harness.AccumuloITBase;
 import org.apache.accumulo.harness.MiniClusterConfigurationCallback;
 import org.apache.accumulo.harness.MiniClusterHarness;
 import org.apache.accumulo.harness.TestingKdc;
 import org.apache.accumulo.master.replication.SequentialWorkAssigner;
 import org.apache.accumulo.minicluster.ServerType;
 import org.apache.accumulo.miniclusterImpl.MiniAccumuloClusterImpl;
 import org.apache.accumulo.miniclusterImpl.MiniAccumuloConfigImpl;
 import org.apache.accumulo.miniclusterImpl.ProcessReference;
 import org.apache.accumulo.server.replication.ReplicaSystemFactory;
 import org.apache.accumulo.test.categories.MiniClusterOnlyTests;
 import org.apache.accumulo.test.functional.KerberosIT;
 import org.apache.accumulo.tserver.TabletServer;
 import org.apache.accumulo.tserver.replication.AccumuloReplicaSystem;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
 import org.apache.hadoop.fs.RawLocalFileSystem;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import com.google.common.collect.Iterators;

 /**
  * Ensure that replication occurs using keytabs instead of password (not to mention SASL)
  */
 @Ignore("Replication ITs are not stable and not currently maintained")
 @Category(MiniClusterOnlyTests.class)
 public class KerberosReplicationIT extends AccumuloITBase {
   private static final Logger log = LoggerFactory.getLogger(KerberosIT.class);

   private static TestingKdc kdc;
   private static String krbEnabledForITs = null;
   private static ClusterUser rootUser;

   @BeforeClass
   public static void startKdc() throws Exception {
     kdc = new TestingKdc();
     kdc.start();
     krbEnabledForITs = System.getProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION);
     if (krbEnabledForITs == null || !Boolean.parseBoolean(krbEnabledForITs)) {
       System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, "true");
     }
     rootUser = kdc.getRootUser();
   }

   @AfterClass
   public static void stopKdc() {
     if (kdc != null) {
       kdc.stop();
     }
     if (krbEnabledForITs != null) {
       System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, krbEnabledForITs);
     }
   }

   private MiniAccumuloClusterImpl primary, peer;
   private String PRIMARY_NAME = "primary", PEER_NAME = "peer";

   @Override
   protected int defaultTimeoutSeconds() {
     return 60 * 3;
   }

   private MiniClusterConfigurationCallback getConfigCallback(final String name) {
     return new MiniClusterConfigurationCallback() {
       @Override
       public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
         cfg.setNumTservers(1);
         cfg.setClientProperty(ClientProperty.INSTANCE_ZOOKEEPERS_TIMEOUT, "15s");
         cfg.setProperty(Property.INSTANCE_ZK_TIMEOUT, "15s");
         cfg.setProperty(Property.TSERV_WALOG_MAX_SIZE, "2M");
         cfg.setProperty(Property.GC_CYCLE_START, "1s");
         cfg.setProperty(Property.GC_CYCLE_DELAY, "5s");
         cfg.setProperty(Property.REPLICATION_WORK_ASSIGNMENT_SLEEP, "1s");
         cfg.setProperty(Property.MANAGER_REPLICATION_SCAN_INTERVAL, "1s");
         cfg.setProperty(Property.REPLICATION_NAME, name);
         cfg.setProperty(Property.REPLICATION_MAX_UNIT_SIZE, "8M");
         cfg.setProperty(Property.REPLICATION_WORK_ASSIGNER, SequentialWorkAssigner.class.getName());
         cfg.setProperty(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX, "1M");
         coreSite.set("fs.file.impl", RawLocalFileSystem.class.getName());
         coreSite.set("fs.defaultFS", "file:///");
       }
     };
   }

   @Before
   public void setup() throws Exception {
     MiniClusterHarness harness = new MiniClusterHarness();

     // Create a primary and a peer instance, both with the same "root" user
     primary = harness.create(getClass().getName(), testName.getMethodName(),
         new PasswordToken("unused"), getConfigCallback(PRIMARY_NAME), kdc);
     primary.start();

     peer = harness.create(getClass().getName(), testName.getMethodName() + "_peer",
         new PasswordToken("unused"), getConfigCallback(PEER_NAME), kdc);
     peer.start();

     // Enable kerberos auth
     Configuration conf = new Configuration(false);
     conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
     UserGroupInformation.setConfiguration(conf);
   }

   @After
   public void teardown() throws Exception {
     if (peer != null) {
       peer.stop();
     }
     if (primary != null) {
       primary.stop();
     }
     UserGroupInformation.setConfiguration(new Configuration(false));
   }

   @Test
   public void dataReplicatedToCorrectTable() throws Exception {
     // Login as the root user
     final UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(
         rootUser.getPrincipal(), rootUser.getKeytab().toURI().toString());
     ugi.doAs((PrivilegedExceptionAction<Void>) () -> {
       log.info("testing {}", ugi);
       final KerberosToken token = new KerberosToken();
       try (
           AccumuloClient primaryclient =
               primary.createAccumuloClient(rootUser.getPrincipal(), token);
           AccumuloClient peerclient = peer.createAccumuloClient(rootUser.getPrincipal(), token)) {

         ClusterUser replicationUser = kdc.getClientPrincipal(0);

         // Create user for replication to the peer
         peerclient.securityOperations().createLocalUser(replicationUser.getPrincipal(), null);

         primaryclient.instanceOperations().setProperty(
             Property.REPLICATION_PEER_USER.getKey() + PEER_NAME, replicationUser.getPrincipal());
         primaryclient.instanceOperations().setProperty(
             Property.REPLICATION_PEER_KEYTAB.getKey() + PEER_NAME,
             replicationUser.getKeytab().getAbsolutePath());

         // ...peer = AccumuloReplicaSystem,instanceName,zookeepers
         ClientInfo info = ClientInfo.from(peerclient.properties());
         primaryclient.instanceOperations().setProperty(
             Property.REPLICATION_PEERS.getKey() + PEER_NAME,
             ReplicaSystemFactory.getPeerConfigurationValue(AccumuloReplicaSystem.class,
                 AccumuloReplicaSystem.buildConfiguration(info.getInstanceName(),
                     info.getZooKeepers())));

         String primaryTable1 = "primary", peerTable1 = "peer";

         // Create tables
         peerclient.tableOperations().create(peerTable1);
         String peerTableId1 = peerclient.tableOperations().tableIdMap().get(peerTable1);
         assertNotNull(peerTableId1);

         Map<String,String> props = new HashMap<>();
         props.put(Property.TABLE_REPLICATION.getKey(), "true");
         // Replicate this table to the peerClusterName in a table with the peerTableId table id
         props.put(Property.TABLE_REPLICATION_TARGET.getKey() + PEER_NAME, peerTableId1);

         primaryclient.tableOperations().create(primaryTable1,
             new NewTableConfiguration().setProperties(props));
         String masterTableId1 = primaryclient.tableOperations().tableIdMap().get(primaryTable1);
         assertNotNull(masterTableId1);

         // Grant write permission
         peerclient.securityOperations().grantTablePermission(replicationUser.getPrincipal(),
             peerTable1, TablePermission.WRITE);

         // Write some data to table1
         long masterTable1Records = 0L;
         try (BatchWriter bw = primaryclient.createBatchWriter(primaryTable1)) {
           for (int rows = 0; rows < 2500; rows++) {
             Mutation m = new Mutation(primaryTable1 + rows);
             for (int cols = 0; cols < 100; cols++) {
               String value = Integer.toString(cols);
               m.put(value, "", value);
               masterTable1Records++;
             }
             bw.addMutation(m);
           }
         }

         log.info("Wrote all data to primary cluster");

         Set<String> filesFor1 =
             primaryclient.replicationOperations().referencedFiles(primaryTable1);

         // Restart the tserver to force a close on the WAL
         for (ProcessReference proc : primary.getProcesses().get(ServerType.TABLET_SERVER)) {
           primary.killProcess(ServerType.TABLET_SERVER, proc);
         }
         primary.exec(TabletServer.class);

         log.info("Restarted the tserver");

         // Read the data -- the tserver is back up and running and tablets are assigned
         Iterators.size(primaryclient.createScanner(primaryTable1, Authorizations.EMPTY).iterator());

         // Wait for both tables to be replicated
         log.info("Waiting for {} for {}", filesFor1, primaryTable1);
         primaryclient.replicationOperations().drain(primaryTable1, filesFor1);

         long countTable = 0L;
         try (var scanner = peerclient.createScanner(peerTable1, Authorizations.EMPTY)) {
           for (Entry<Key,Value> entry : scanner) {
             countTable++;
             assertTrue(
                 "Found unexpected key-value" + entry.getKey().toStringNoTruncate() + " "
                     + entry.getValue(),
                 entry.getKey().getRow().toString().startsWith(primaryTable1));
           }
         }

         log.info("Found {} records in {}", countTable, peerTable1);
         assertEquals(masterTable1Records, countTable);

         return null;
       }
     });
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.accumulo.test.replication;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertNotNull;
	import static org.junit.Assert.assertTrue;

	import java.security.PrivilegedExceptionAction;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.Map.Entry;
	import java.util.Set;

	import org.apache.accumulo.cluster.ClusterUser;
	import org.apache.accumulo.core.client.AccumuloClient;
	import org.apache.accumulo.core.client.BatchWriter;
	import org.apache.accumulo.core.client.admin.NewTableConfiguration;
	import org.apache.accumulo.core.client.security.tokens.KerberosToken;
	import org.apache.accumulo.core.client.security.tokens.PasswordToken;
	import org.apache.accumulo.core.clientImpl.ClientInfo;
	import org.apache.accumulo.core.conf.ClientProperty;
	import org.apache.accumulo.core.conf.Property;
	import org.apache.accumulo.core.data.Key;
	import org.apache.accumulo.core.data.Mutation;
	import org.apache.accumulo.core.data.Value;
	import org.apache.accumulo.core.security.Authorizations;
	import org.apache.accumulo.core.security.TablePermission;
	import org.apache.accumulo.harness.AccumuloITBase;
	import org.apache.accumulo.harness.MiniClusterConfigurationCallback;
	import org.apache.accumulo.harness.MiniClusterHarness;
	import org.apache.accumulo.harness.TestingKdc;
	import org.apache.accumulo.master.replication.SequentialWorkAssigner;
	import org.apache.accumulo.minicluster.ServerType;
	import org.apache.accumulo.miniclusterImpl.MiniAccumuloClusterImpl;
	import org.apache.accumulo.miniclusterImpl.MiniAccumuloConfigImpl;
	import org.apache.accumulo.miniclusterImpl.ProcessReference;
	import org.apache.accumulo.server.replication.ReplicaSystemFactory;
	import org.apache.accumulo.test.categories.MiniClusterOnlyTests;
	import org.apache.accumulo.test.functional.KerberosIT;
	import org.apache.accumulo.tserver.TabletServer;
	import org.apache.accumulo.tserver.replication.AccumuloReplicaSystem;
	import org.apache.hadoop.conf.Configuration;
	import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
	import org.apache.hadoop.fs.RawLocalFileSystem;
	import org.apache.hadoop.security.UserGroupInformation;
	import org.junit.After;
	import org.junit.AfterClass;
	import org.junit.Before;
	import org.junit.BeforeClass;
	import org.junit.Ignore;
	import org.junit.Test;
	import org.junit.experimental.categories.Category;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import com.google.common.collect.Iterators;

	/**
	* Ensure that replication occurs using keytabs instead of password (not to mention SASL)
	*/
	@Ignore("Replication ITs are not stable and not currently maintained")
	@Category(MiniClusterOnlyTests.class)
	public class KerberosReplicationIT extends AccumuloITBase {
	private static final Logger log = LoggerFactory.getLogger(KerberosIT.class);

	private static TestingKdc kdc;
	private static String krbEnabledForITs = null;
	private static ClusterUser rootUser;

	@BeforeClass
	public static void startKdc() throws Exception {
	kdc = new TestingKdc();
	kdc.start();
	krbEnabledForITs = System.getProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION);
	if (krbEnabledForITs == null \|\| !Boolean.parseBoolean(krbEnabledForITs)) {
	System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, "true");
	}
	rootUser = kdc.getRootUser();
	}

	@AfterClass
	public static void stopKdc() {
	if (kdc != null) {
	kdc.stop();
	}
	if (krbEnabledForITs != null) {
	System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, krbEnabledForITs);
	}
	}

	private MiniAccumuloClusterImpl primary, peer;
	private String PRIMARY_NAME = "primary", PEER_NAME = "peer";

	@Override
	protected int defaultTimeoutSeconds() {
	return 60 * 3;
	}

	private MiniClusterConfigurationCallback getConfigCallback(final String name) {
	return new MiniClusterConfigurationCallback() {
	@Override
	public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) {
	cfg.setNumTservers(1);
	cfg.setClientProperty(ClientProperty.INSTANCE_ZOOKEEPERS_TIMEOUT, "15s");
	cfg.setProperty(Property.INSTANCE_ZK_TIMEOUT, "15s");
	cfg.setProperty(Property.TSERV_WALOG_MAX_SIZE, "2M");
	cfg.setProperty(Property.GC_CYCLE_START, "1s");
	cfg.setProperty(Property.GC_CYCLE_DELAY, "5s");
	cfg.setProperty(Property.REPLICATION_WORK_ASSIGNMENT_SLEEP, "1s");
	cfg.setProperty(Property.MANAGER_REPLICATION_SCAN_INTERVAL, "1s");
	cfg.setProperty(Property.REPLICATION_NAME, name);
	cfg.setProperty(Property.REPLICATION_MAX_UNIT_SIZE, "8M");
	cfg.setProperty(Property.REPLICATION_WORK_ASSIGNER, SequentialWorkAssigner.class.getName());
	cfg.setProperty(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX, "1M");
	coreSite.set("fs.file.impl", RawLocalFileSystem.class.getName());
	coreSite.set("fs.defaultFS", "file:///");
	}
	};
	}

	@Before
	public void setup() throws Exception {
	MiniClusterHarness harness = new MiniClusterHarness();

	// Create a primary and a peer instance, both with the same "root" user
	primary = harness.create(getClass().getName(), testName.getMethodName(),
	new PasswordToken("unused"), getConfigCallback(PRIMARY_NAME), kdc);
	primary.start();

	peer = harness.create(getClass().getName(), testName.getMethodName() + "_peer",
	new PasswordToken("unused"), getConfigCallback(PEER_NAME), kdc);
	peer.start();

	// Enable kerberos auth
	Configuration conf = new Configuration(false);
	conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
	UserGroupInformation.setConfiguration(conf);
	}

	@After
	public void teardown() throws Exception {
	if (peer != null) {
	peer.stop();
	}
	if (primary != null) {
	primary.stop();
	}
	UserGroupInformation.setConfiguration(new Configuration(false));
	}

	@Test
	public void dataReplicatedToCorrectTable() throws Exception {
	// Login as the root user
	final UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(
	rootUser.getPrincipal(), rootUser.getKeytab().toURI().toString());
	ugi.doAs((PrivilegedExceptionAction<Void>) () -> {
	log.info("testing {}", ugi);
	final KerberosToken token = new KerberosToken();
	try (
	AccumuloClient primaryclient =
	primary.createAccumuloClient(rootUser.getPrincipal(), token);
	AccumuloClient peerclient = peer.createAccumuloClient(rootUser.getPrincipal(), token)) {

	ClusterUser replicationUser = kdc.getClientPrincipal(0);

	// Create user for replication to the peer
	peerclient.securityOperations().createLocalUser(replicationUser.getPrincipal(), null);

	primaryclient.instanceOperations().setProperty(
	Property.REPLICATION_PEER_USER.getKey() + PEER_NAME, replicationUser.getPrincipal());
	primaryclient.instanceOperations().setProperty(
	Property.REPLICATION_PEER_KEYTAB.getKey() + PEER_NAME,
	replicationUser.getKeytab().getAbsolutePath());

	// ...peer = AccumuloReplicaSystem,instanceName,zookeepers
	ClientInfo info = ClientInfo.from(peerclient.properties());
	primaryclient.instanceOperations().setProperty(
	Property.REPLICATION_PEERS.getKey() + PEER_NAME,
	ReplicaSystemFactory.getPeerConfigurationValue(AccumuloReplicaSystem.class,
	AccumuloReplicaSystem.buildConfiguration(info.getInstanceName(),
	info.getZooKeepers())));

	String primaryTable1 = "primary", peerTable1 = "peer";

	// Create tables
	peerclient.tableOperations().create(peerTable1);
	String peerTableId1 = peerclient.tableOperations().tableIdMap().get(peerTable1);
	assertNotNull(peerTableId1);

	Map<String,String> props = new HashMap<>();
	props.put(Property.TABLE_REPLICATION.getKey(), "true");
	// Replicate this table to the peerClusterName in a table with the peerTableId table id
	props.put(Property.TABLE_REPLICATION_TARGET.getKey() + PEER_NAME, peerTableId1);

	primaryclient.tableOperations().create(primaryTable1,
	new NewTableConfiguration().setProperties(props));
	String masterTableId1 = primaryclient.tableOperations().tableIdMap().get(primaryTable1);
	assertNotNull(masterTableId1);

	// Grant write permission
	peerclient.securityOperations().grantTablePermission(replicationUser.getPrincipal(),
	peerTable1, TablePermission.WRITE);

	// Write some data to table1
	long masterTable1Records = 0L;
	try (BatchWriter bw = primaryclient.createBatchWriter(primaryTable1)) {
	for (int rows = 0; rows < 2500; rows++) {
	Mutation m = new Mutation(primaryTable1 + rows);
	for (int cols = 0; cols < 100; cols++) {
	String value = Integer.toString(cols);
	m.put(value, "", value);
	masterTable1Records++;
	}
	bw.addMutation(m);
	}
	}

	log.info("Wrote all data to primary cluster");

	Set<String> filesFor1 =
	primaryclient.replicationOperations().referencedFiles(primaryTable1);

	// Restart the tserver to force a close on the WAL
	for (ProcessReference proc : primary.getProcesses().get(ServerType.TABLET_SERVER)) {
	primary.killProcess(ServerType.TABLET_SERVER, proc);
	}
	primary.exec(TabletServer.class);

	log.info("Restarted the tserver");

	// Read the data -- the tserver is back up and running and tablets are assigned
	Iterators.size(primaryclient.createScanner(primaryTable1, Authorizations.EMPTY).iterator());

	// Wait for both tables to be replicated
	log.info("Waiting for {} for {}", filesFor1, primaryTable1);
	primaryclient.replicationOperations().drain(primaryTable1, filesFor1);

	long countTable = 0L;
	try (var scanner = peerclient.createScanner(peerTable1, Authorizations.EMPTY)) {
	for (Entry<Key,Value> entry : scanner) {
	countTable++;
	assertTrue(
	"Found unexpected key-value" + entry.getKey().toStringNoTruncate() + " "
	+ entry.getValue(),
	entry.getKey().getRow().toString().startsWith(primaryTable1));
	}
	}

	log.info("Found {} records in {}", countTable, peerTable1);
	assertEquals(masterTable1Records, countTable);

	return null;
	}
	});
	}
	}