View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.rest;
20  
21  import java.util.ArrayList;
22  import java.util.HashSet;
23  import java.util.List;
24  import java.util.Map;
25  import java.util.Map.Entry;
26  import java.util.Set;
27  
28  import org.apache.commons.cli.CommandLine;
29  import org.apache.commons.cli.HelpFormatter;
30  import org.apache.commons.cli.Options;
31  import org.apache.commons.cli.ParseException;
32  import org.apache.commons.cli.PosixParser;
33  import org.apache.commons.lang.ArrayUtils;
34  import org.apache.commons.logging.Log;
35  import org.apache.commons.logging.LogFactory;
36  import org.apache.hadoop.hbase.classification.InterfaceAudience;
37  import org.apache.hadoop.conf.Configuration;
38  import org.apache.hadoop.hbase.HBaseConfiguration;
39  import org.apache.hadoop.hbase.HBaseInterfaceAudience;
40  import org.apache.hadoop.hbase.http.HttpServer;
41  import org.apache.hadoop.hbase.http.InfoServer;
42  import org.apache.hadoop.hbase.rest.filter.AuthFilter;
43  import org.apache.hadoop.hbase.rest.filter.RestCsrfPreventionFilter;
44  import org.apache.hadoop.hbase.security.UserProvider;
45  import org.apache.hadoop.hbase.util.DNS;
46  import org.apache.hadoop.hbase.util.HttpServerUtil;
47  import org.apache.hadoop.hbase.util.Pair;
48  import org.apache.hadoop.hbase.util.Strings;
49  import org.apache.hadoop.hbase.util.VersionInfo;
50  import org.apache.hadoop.util.StringUtils;
51  import org.mortbay.jetty.Connector;
52  import org.mortbay.jetty.Server;
53  import org.mortbay.jetty.nio.SelectChannelConnector;
54  import org.mortbay.jetty.security.SslSelectChannelConnector;
55  import org.mortbay.jetty.servlet.Context;
56  import org.mortbay.jetty.servlet.FilterHolder;
57  import org.mortbay.jetty.servlet.ServletHolder;
58  import org.mortbay.thread.QueuedThreadPool;
59  
60  import com.google.common.base.Preconditions;
61  import com.sun.jersey.api.json.JSONConfiguration;
62  import com.sun.jersey.spi.container.servlet.ServletContainer;
63  
64  /**
65   * Main class for launching REST gateway as a servlet hosted by Jetty.
66   * <p>
67   * The following options are supported:
68   * <ul>
69   * <li>-p --port : service port</li>
70   * <li>-ro --readonly : server mode</li>
71   * </ul>
72   */
73  @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.TOOLS)
74  public class RESTServer implements Constants {
75    static Log LOG = LogFactory.getLog("RESTServer");
76  
77    static String REST_CSRF_ENABLED_KEY = "hbase.rest.csrf.enabled";
78    static boolean REST_CSRF_ENABLED_DEFAULT = false;
79    static boolean restCSRFEnabled = false;
80    static String REST_CSRF_CUSTOM_HEADER_KEY ="hbase.rest.csrf.custom.header";
81    static String REST_CSRF_CUSTOM_HEADER_DEFAULT = "X-XSRF-HEADER";
82    static String REST_CSRF_METHODS_TO_IGNORE_KEY = "hbase.rest.csrf.methods.to.ignore";
83    static String REST_CSRF_METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
84  
85    private static void printUsageAndExit(Options options, int exitCode) {
86      HelpFormatter formatter = new HelpFormatter();
87      formatter.printHelp("bin/hbase rest start", "", options,
88        "\nTo run the REST server as a daemon, execute " +
89        "bin/hbase-daemon.sh start|stop rest [--infoport <port>] [-p <port>] [-ro]\n", true);
90      System.exit(exitCode);
91    }
92  
93    /**
94     * Returns a list of strings from a comma-delimited configuration value.
95     *
96     * @param conf configuration to check
97     * @param name configuration property name
98     * @param defaultValue default value if no value found for name
99     * @return list of strings from comma-delimited configuration value, or an
100    *     empty list if not found
101    */
102   private static List<String> getTrimmedStringList(Configuration conf,
103     String name, String defaultValue) {
104     String valueString = conf.get(name, defaultValue);
105     if (valueString == null) {
106       return new ArrayList<>();
107     }
108     return new ArrayList<>(StringUtils.getTrimmedStringCollection(valueString));
109   }
110 
111   static String REST_CSRF_BROWSER_USERAGENTS_REGEX_KEY = "hbase.rest-csrf.browser-useragents-regex";
112   static void addCSRFFilter(Context context, Configuration conf) {
113     restCSRFEnabled = conf.getBoolean(REST_CSRF_ENABLED_KEY, REST_CSRF_ENABLED_DEFAULT);
114     if (restCSRFEnabled) {
115       String[] urls = { "/*" };
116       Set<String> restCsrfMethodsToIgnore = new HashSet<>();
117       restCsrfMethodsToIgnore.addAll(getTrimmedStringList(conf,
118         REST_CSRF_METHODS_TO_IGNORE_KEY, REST_CSRF_METHODS_TO_IGNORE_DEFAULT));
119       Map<String, String> restCsrfParams = RestCsrfPreventionFilter
120           .getFilterParams(conf, "hbase.rest-csrf.");
121       HttpServer.defineFilter(context, "csrf", RestCsrfPreventionFilter.class.getName(),
122         restCsrfParams, urls);
123     }
124   }
125 
126   // login the server principal (if using secure Hadoop)
127   private static Pair<FilterHolder, Class<? extends ServletContainer>> loginServerPrincipal(
128     UserProvider userProvider, Configuration conf) throws Exception {
129     Class<? extends ServletContainer> containerClass = ServletContainer.class;
130     if (userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled()) {
131       String machineName = Strings.domainNamePointerToHostName(
132         DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"),
133           conf.get(REST_DNS_NAMESERVER, "default")));
134       String keytabFilename = conf.get(REST_KEYTAB_FILE);
135       Preconditions.checkArgument(keytabFilename != null && !keytabFilename.isEmpty(),
136         REST_KEYTAB_FILE + " should be set if security is enabled");
137       String principalConfig = conf.get(REST_KERBEROS_PRINCIPAL);
138       Preconditions.checkArgument(principalConfig != null && !principalConfig.isEmpty(),
139         REST_KERBEROS_PRINCIPAL + " should be set if security is enabled");
140       userProvider.login(REST_KEYTAB_FILE, REST_KERBEROS_PRINCIPAL, machineName);
141       if (conf.get(REST_AUTHENTICATION_TYPE) != null) {
142         containerClass = RESTServletContainer.class;
143         FilterHolder authFilter = new FilterHolder();
144         authFilter.setClassName(AuthFilter.class.getName());
145         authFilter.setName("AuthenticationFilter");
146         return new Pair<FilterHolder, Class<? extends ServletContainer>>(authFilter,containerClass);
147       }
148     }
149     return new Pair<FilterHolder, Class<? extends ServletContainer>>(null, containerClass);
150   }
151 
152   private static void parseCommandLine(String[] args, RESTServlet servlet) {
153     Options options = new Options();
154     options.addOption("p", "port", true, "Port to bind to [default: 8080]");
155     options.addOption("ro", "readonly", false, "Respond only to GET HTTP " +
156       "method requests [default: false]");
157     options.addOption(null, "infoport", true, "Port for web UI");
158 
159     CommandLine commandLine = null;
160     try {
161       commandLine = new PosixParser().parse(options, args);
162     } catch (ParseException e) {
163       LOG.error("Could not parse: ", e);
164       printUsageAndExit(options, -1);
165     }
166 
167     // check for user-defined port setting, if so override the conf
168     if (commandLine != null && commandLine.hasOption("port")) {
169       String val = commandLine.getOptionValue("port");
170       servlet.getConfiguration()
171           .setInt("hbase.rest.port", Integer.valueOf(val));
172       LOG.debug("port set to " + val);
173     }
174 
175     // check if server should only process GET requests, if so override the conf
176     if (commandLine != null && commandLine.hasOption("readonly")) {
177       servlet.getConfiguration().setBoolean("hbase.rest.readonly", true);
178       LOG.debug("readonly set to true");
179     }
180 
181     // check for user-defined info server port setting, if so override the conf
182     if (commandLine != null && commandLine.hasOption("infoport")) {
183       String val = commandLine.getOptionValue("infoport");
184       servlet.getConfiguration()
185           .setInt("hbase.rest.info.port", Integer.valueOf(val));
186       LOG.debug("Web UI port set to " + val);
187     }
188 
189     @SuppressWarnings("unchecked")
190     List<String> remainingArgs = commandLine != null ?
191         commandLine.getArgList() : new ArrayList<String>();
192     if (remainingArgs.size() != 1) {
193       printUsageAndExit(options, 1);
194     }
195 
196     String command = remainingArgs.get(0);
197     if ("start".equals(command)) {
198       // continue and start container
199     } else if ("stop".equals(command)) {
200       System.exit(1);
201     } else {
202       printUsageAndExit(options, 1);
203     }
204   }
205 
206   /**
207    * The main method for the HBase rest server.
208    * @param args command-line arguments
209    * @throws Exception exception
210    */
211   public static void main(String[] args) throws Exception {
212     VersionInfo.logVersion();
213     Configuration conf = HBaseConfiguration.create();
214     UserProvider userProvider = UserProvider.instantiate(conf);
215     Pair<FilterHolder, Class<? extends ServletContainer>> pair = loginServerPrincipal(
216       userProvider, conf);
217     FilterHolder authFilter = pair.getFirst();
218     Class<? extends ServletContainer> containerClass = pair.getSecond();
219     RESTServlet servlet = RESTServlet.getInstance(conf, userProvider);
220 
221     parseCommandLine(args, servlet);
222 
223     // set up the Jersey servlet container for Jetty
224     ServletHolder sh = new ServletHolder(containerClass);
225     sh.setInitParameter(
226       "com.sun.jersey.config.property.resourceConfigClass",
227       ResourceConfig.class.getCanonicalName());
228     sh.setInitParameter("com.sun.jersey.config.property.packages",
229       "jetty");
230     // The servlet holder below is instantiated to only handle the case
231     // of the /status/cluster returning arrays of nodes (live/dead). Without
232     // this servlet holder, the problem is that the node arrays in the response
233     // are collapsed to single nodes. We want to be able to treat the
234     // node lists as POJO in the response to /status/cluster servlet call,
235     // but not change the behavior for any of the other servlets
236     // Hence we don't use the servlet holder for all servlets / paths
237     ServletHolder shPojoMap = new ServletHolder(containerClass);
238     @SuppressWarnings("unchecked")
239     Map<String, String> shInitMap = sh.getInitParameters();
240     for (Entry<String, String> e : shInitMap.entrySet()) {
241       shPojoMap.setInitParameter(e.getKey(), e.getValue());
242     }
243     shPojoMap.setInitParameter(JSONConfiguration.FEATURE_POJO_MAPPING, "true");
244 
245     // set up Jetty and run the embedded server
246 
247     Server server = new Server();
248 
249     Connector connector = new SelectChannelConnector();
250     if(conf.getBoolean(REST_SSL_ENABLED, false)) {
251       SslSelectChannelConnector sslConnector = new SslSelectChannelConnector();
252       String keystore = conf.get(REST_SSL_KEYSTORE_STORE);
253       String password = HBaseConfiguration.getPassword(conf,
254         REST_SSL_KEYSTORE_PASSWORD, null);
255       String keyPassword = HBaseConfiguration.getPassword(conf,
256         REST_SSL_KEYSTORE_KEYPASSWORD, password);
257       sslConnector.setKeystore(keystore);
258       sslConnector.setPassword(password);
259       sslConnector.setKeyPassword(keyPassword);
260       connector = sslConnector;
261     }
262     connector.setPort(servlet.getConfiguration().getInt("hbase.rest.port", 8080));
263     connector.setHost(servlet.getConfiguration().get("hbase.rest.host", "0.0.0.0"));
264     connector.setHeaderBufferSize(65536);
265 
266     server.addConnector(connector);
267 
268     // Set the default max thread number to 100 to limit
269     // the number of concurrent requests so that REST server doesn't OOM easily.
270     // Jetty set the default max thread number to 250, if we don't set it.
271     //
272     // Our default min thread number 2 is the same as that used by Jetty.
273     int maxThreads = servlet.getConfiguration().getInt("hbase.rest.threads.max", 100);
274     int minThreads = servlet.getConfiguration().getInt("hbase.rest.threads.min", 2);
275     QueuedThreadPool threadPool = new QueuedThreadPool(maxThreads);
276     threadPool.setMinThreads(minThreads);
277     server.setThreadPool(threadPool);
278 
279     server.setSendServerVersion(false);
280     server.setSendDateHeader(false);
281     server.setStopAtShutdown(true);
282       // set up context
283     Context context = new Context(server, "/", Context.SESSIONS);
284     context.addServlet(shPojoMap, "/status/cluster");
285     context.addServlet(sh, "/*");
286     if (authFilter != null) {
287       context.addFilter(authFilter, "/*", 1);
288     }
289 
290     // Load filters from configuration.
291     String[] filterClasses = servlet.getConfiguration().getStrings(FILTER_CLASSES,
292       ArrayUtils.EMPTY_STRING_ARRAY);
293     for (String filter : filterClasses) {
294       filter = filter.trim();
295       context.addFilter(Class.forName(filter), "/*", 0);
296     }
297     addCSRFFilter(context, conf);
298     HttpServerUtil.constrainHttpMethods(context);
299 
300     // Put up info server.
301     int port = conf.getInt("hbase.rest.info.port", 8085);
302     if (port >= 0) {
303       conf.setLong("startcode", System.currentTimeMillis());
304       String a = conf.get("hbase.rest.info.bindAddress", "0.0.0.0");
305       InfoServer infoServer = new InfoServer("rest", a, port, false, conf);
306       infoServer.setAttribute("hbase.conf", conf);
307       infoServer.start();
308     }
309     // start server
310     server.start();
311     server.join();
312   }
313 }