Visor fails to connect to secure grid
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/1b2f5052 Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/1b2f5052 Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/1b2f5052 Branch: refs/heads/ignite-2.1 Commit: 1b2f5052ed34776d14d7614812b78e0aa66c69b1 Parents: 1942db3 Author: Ivan Rakov <ivan.glu...@gmail.com> Authored: Tue Jul 11 14:19:14 2017 +0300 Committer: Alexey Goncharuk <alexey.goncha...@gmail.com> Committed: Tue Jul 11 14:24:47 2017 +0300 ---------------------------------------------------------------------- .../JettyRestProcessorAbstractSelfTest.java | 2 +- .../cluster/GridClusterStateProcessor.java | 4 ++ .../processors/igfs/IgfsNoopProcessor.java | 11 +++++ .../internal/processors/igfs/IgfsProcessor.java | 12 ++++- .../processors/igfs/IgfsProcessorAdapter.java | 3 +- .../processors/rest/GridRestProcessor.java | 47 +++++++++++++++----- .../processors/task/GridTaskProcessor.java | 18 +++++++- 7 files changed, 80 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java ---------------------------------------------------------------------- diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java index 2b3c8db..97321a7 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/JettyRestProcessorAbstractSelfTest.java @@ -1976,7 +1976,7 @@ public abstract class JettyRestProcessorAbstractSelfTest extends AbstractRestPro /** * Init cache. */ - private void initCache() { + protected void initCache() { CacheConfiguration<Integer, Organization> orgCacheCfg = new CacheConfiguration<>("organization"); orgCacheCfg.setIndexedTypes(Integer.class, Organization.class); http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java index 8cea13f..6e94669 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java @@ -577,6 +577,10 @@ public class GridClusterStateProcessor extends GridProcessorAdapter { ctx.dataStructures().onActivate(ctx); + ctx.igfs().onActivate(ctx); + + ctx.task().onActivate(ctx); + if (log.isInfoEnabled()) log.info("Successfully performed final activation steps [nodeId=" + ctx.localNodeId() + ", client=" + client + ", topVer=" + req.topologyVersion() + "]"); http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java index 2dfac90..6816b85 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsNoopProcessor.java @@ -19,6 +19,7 @@ package org.apache.ignite.internal.processors.igfs; import java.util.Collection; import java.util.Collections; +import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteFileSystem; import org.apache.ignite.compute.ComputeJob; import org.apache.ignite.igfs.IgfsPath; @@ -69,4 +70,14 @@ public class IgfsNoopProcessor extends IgfsProcessorAdapter { long start, long length, IgfsRecordResolver recRslv) { return null; } + + /** {@inheritDoc} */ + @Override public void onActivate(GridKernalContext kctx) throws IgniteCheckedException { + // No-op + } + + /** {@inheritDoc} */ + @Override public void onDeActivate(GridKernalContext kctx) { + // No-op + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java index 244820f..f18c438 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessor.java @@ -178,7 +178,7 @@ public class IgfsProcessor extends IgfsProcessorAdapter { /** {@inheritDoc} */ @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - if (ctx.config().isDaemon()) + if (!active || ctx.config().isDaemon()) return; if (!getBoolean(IGNITE_SKIP_CONFIGURATION_CONSISTENCY_CHECK)) { @@ -192,6 +192,16 @@ public class IgfsProcessor extends IgfsProcessorAdapter { } /** {@inheritDoc} */ + @Override public void onActivate(GridKernalContext kctx) throws IgniteCheckedException { + onKernalStart(true); + } + + /** {@inheritDoc} */ + @Override public void onDeActivate(GridKernalContext kctx) { + onKernalStop(true); + } + + /** {@inheritDoc} */ @Override public void stop(boolean cancel) { // Stop IGFS instances. for (IgfsContext igfsCtx : igfsCache.values()) { http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java index 8b7f662..c12b0a5 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/igfs/IgfsProcessorAdapter.java @@ -25,13 +25,14 @@ import org.apache.ignite.igfs.mapreduce.IgfsJob; import org.apache.ignite.igfs.mapreduce.IgfsRecordResolver; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.processors.GridProcessorAdapter; +import org.apache.ignite.internal.processors.cluster.IgniteChangeGlobalStateSupport; import org.apache.ignite.internal.util.ipc.IpcServerEndpoint; import org.jetbrains.annotations.Nullable; /** * Ignite file system processor adapter. */ -public abstract class IgfsProcessorAdapter extends GridProcessorAdapter { +public abstract class IgfsProcessorAdapter extends GridProcessorAdapter implements IgniteChangeGlobalStateSupport { /** * Constructor. * http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index f528184..fd5583d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -67,6 +67,8 @@ import org.apache.ignite.internal.util.typedef.internal.SB; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.internal.util.worker.GridWorker; import org.apache.ignite.internal.util.worker.GridWorkerFuture; +import org.apache.ignite.internal.visor.compute.VisorGatewayTask; +import org.apache.ignite.internal.visor.misc.VisorChangeGridActiveStateTask; import org.apache.ignite.internal.visor.util.VisorClusterGroupEmptyException; import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.lang.IgniteInClosure; @@ -241,21 +243,23 @@ public class GridRestProcessor extends GridProcessorAdapter { SecurityContext secCtx0 = ses.secCtx; - try { - if (secCtx0 == null) - ses.secCtx = secCtx0 = authenticate(req); + if (ctx.state().publicApiActiveState() || !isClusterActivateTaskRequest(req)) { + try { + if (secCtx0 == null) + ses.secCtx = secCtx0 = authenticate(req); - authorize(req, secCtx0); - } - catch (SecurityException e) { - assert secCtx0 != null; + authorize(req, secCtx0); + } + catch (SecurityException e) { + assert secCtx0 != null; - GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); + GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); - return new GridFinishedFuture<>(res); - } - catch (IgniteCheckedException e) { - return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage())); + return new GridFinishedFuture<>(res); + } + catch (IgniteCheckedException e) { + return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage())); + } } } @@ -317,6 +321,25 @@ public class GridRestProcessor extends GridProcessorAdapter { } /** + * We skip authentication for activate cluster request. + * It's necessary workaround to make possible cluster activation through Visor, + * as security checks require working caches. + * + * @param req Request. + */ + private boolean isClusterActivateTaskRequest(GridRestRequest req) { + if (req instanceof GridRestTaskRequest) { + GridRestTaskRequest taskReq = (GridRestTaskRequest)req; + + if (VisorGatewayTask.class.getCanonicalName().equals(taskReq.taskName()) && + taskReq.params().contains(VisorChangeGridActiveStateTask.class.getCanonicalName())) + return true; + } + + return false; + } + + /** * @param req Request. * @return Not null session. * @throws IgniteCheckedException If failed. http://git-wip-us.apache.org/repos/asf/ignite/blob/1b2f5052/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java index d0b88d8..4606b7c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java @@ -61,6 +61,7 @@ import org.apache.ignite.internal.managers.deployment.GridDeployment; import org.apache.ignite.internal.managers.eventstorage.GridLocalEventListener; import org.apache.ignite.internal.processors.GridProcessorAdapter; import org.apache.ignite.internal.processors.cache.IgniteInternalCache; +import org.apache.ignite.internal.processors.cluster.IgniteChangeGlobalStateSupport; import org.apache.ignite.internal.util.GridConcurrentFactory; import org.apache.ignite.internal.util.GridSpinReadWriteLock; import org.apache.ignite.internal.util.lang.GridPeerDeployAware; @@ -91,7 +92,7 @@ import static org.apache.ignite.internal.processors.task.GridTaskThreadContextKe /** * This class defines task processor. */ -public class GridTaskProcessor extends GridProcessorAdapter { +public class GridTaskProcessor extends GridProcessorAdapter implements IgniteChangeGlobalStateSupport { /** Wait for 5 seconds to allow discovery to take effect (best effort). */ private static final long DISCO_TIMEOUT = 5000; @@ -154,6 +155,9 @@ public class GridTaskProcessor extends GridProcessorAdapter { /** {@inheritDoc} */ @Override public void onKernalStart(boolean active) throws IgniteCheckedException { + if (!active) + return; + tasksMetaCache = ctx.security().enabled() && !ctx.isDaemon() ? ctx.cache().<GridTaskNameHashKey, String>utilityCache() : null; @@ -694,7 +698,7 @@ public class GridTaskProcessor extends GridProcessorAdapter { IgniteCheckedException securityEx = null; - if (ctx.security().enabled() && deployEx == null) { + if (ctx.security().enabled() && deployEx == null && !dep.internalTask(task, taskCls)) { try { saveTaskMetadata(taskName); } @@ -1144,6 +1148,16 @@ public class GridTaskProcessor extends GridProcessorAdapter { } } + /** {@inheritDoc} */ + @Override public void onActivate(GridKernalContext kctx) throws IgniteCheckedException { + onKernalStart(true); + } + + /** {@inheritDoc} */ + @Override public void onDeActivate(GridKernalContext kctx) { + onKernalStop(true); + } + /** * @return Number of executed tasks. */