View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.snapshot;
19  
20  import java.io.IOException;
21  import java.net.URI;
22  import java.security.PrivilegedExceptionAction;
23  import java.util.Collections;
24  import java.util.concurrent.TimeUnit;
25  
26  import com.google.common.collect.ListMultimap;
27  import org.apache.commons.logging.Log;
28  import org.apache.commons.logging.LogFactory;
29  import org.apache.hadoop.conf.Configuration;
30  import org.apache.hadoop.fs.FSDataInputStream;
31  import org.apache.hadoop.fs.FSDataOutputStream;
32  import org.apache.hadoop.fs.FileSystem;
33  import org.apache.hadoop.fs.FileUtil;
34  import org.apache.hadoop.fs.Path;
35  import org.apache.hadoop.fs.permission.FsPermission;
36  import org.apache.hadoop.hbase.HConstants;
37  import org.apache.hadoop.hbase.TableName;
38  import org.apache.hadoop.hbase.classification.InterfaceAudience;
39  import org.apache.hadoop.hbase.client.Admin;
40  import org.apache.hadoop.hbase.client.Connection;
41  import org.apache.hadoop.hbase.client.ConnectionFactory;
42  import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
43  import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription;
44  import org.apache.hadoop.hbase.security.User;
45  import org.apache.hadoop.hbase.security.access.AccessControlLists;
46  import org.apache.hadoop.hbase.security.access.TablePermission;
47  import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
48  import org.apache.hadoop.hbase.util.FSUtils;
49  
50  /**
51   * Utility class to help manage {@link SnapshotDescription SnapshotDesriptions}.
52   * <p>
53   * Snapshots are laid out on disk like this:
54   *
55   * <pre>
56   * /hbase/.snapshots
57   *          /.tmp                &lt;---- working directory
58   *          /[snapshot name]     &lt;----- completed snapshot
59   * </pre>
60   *
61   * A completed snapshot named 'completed' then looks like (multiple regions, servers, files, etc.
62   * signified by '...' on the same directory depth).
63   *
64   * <pre>
65   * /hbase/.snapshots/completed
66   *                   .snapshotinfo          &lt;--- Description of the snapshot
67   *                   .tableinfo             &lt;--- Copy of the tableinfo
68   *                    /.logs
69   *                        /[server_name]
70   *                            /... [log files]
71   *                         ...
72   *                   /[region name]           &lt;---- All the region's information
73   *                   .regioninfo              &lt;---- Copy of the HRegionInfo
74   *                      /[column family name]
75   *                          /[hfile name]     &lt;--- name of the hfile in the real region
76   *                          ...
77   *                      ...
78   *                    ...
79   * </pre>
80   *
81   * Utility methods in this class are useful for getting the correct locations for different parts of
82   * the snapshot, as well as moving completed snapshots into place (see
83   * {@link #completeSnapshot}, and writing the
84   * {@link SnapshotDescription} to the working snapshot directory.
85   */
86  @InterfaceAudience.Private
87  public final class SnapshotDescriptionUtils {
88  
89    /**
90     * Filter that only accepts completed snapshot directories
91     */
92    public static class CompletedSnaphotDirectoriesFilter extends FSUtils.BlackListDirFilter {
93  
94      /**
95       * @param fs
96       */
97      public CompletedSnaphotDirectoriesFilter(FileSystem fs) {
98        super(fs, Collections.singletonList(SNAPSHOT_TMP_DIR_NAME));
99      }
100   }
101 
102   private static final Log LOG = LogFactory.getLog(SnapshotDescriptionUtils.class);
103   /**
104    * Version of the fs layout for a snapshot. Future snapshots may have different file layouts,
105    * which we may need to read in differently.
106    */
107   public static final int SNAPSHOT_LAYOUT_VERSION = SnapshotManifestV2.DESCRIPTOR_VERSION;
108 
109   // snapshot directory constants
110   /**
111    * The file contains the snapshot basic information and it is under the directory of a snapshot.
112    */
113   public static final String SNAPSHOTINFO_FILE = ".snapshotinfo";
114 
115   /** Temporary directory under the snapshot directory to store in-progress snapshots */
116   public static final String SNAPSHOT_TMP_DIR_NAME = ".tmp";
117 
118   /**
119    * The configuration property that determines the filepath of the snapshot
120    * base working directory
121    */
122   public static final String SNAPSHOT_WORKING_DIR = "hbase.snapshot.working.dir";
123 
124   // snapshot operation values
125   /** Default value if no start time is specified */
126   public static final long NO_SNAPSHOT_START_TIME_SPECIFIED = 0;
127 
128   // Default value if no ttl is specified for Snapshot
129   private static final long NO_SNAPSHOT_TTL_SPECIFIED = 0;
130 
131   public static final String MASTER_SNAPSHOT_TIMEOUT_MILLIS = "hbase.snapshot.master.timeout.millis";
132 
133   /** By default, wait 300 seconds for a snapshot to complete */
134   public static final long DEFAULT_MAX_WAIT_TIME = 60000 * 5 ;
135 
136 
137   /**
138    * By default, check to see if the snapshot is complete (ms)
139    * @deprecated Use {@link #DEFAULT_MAX_WAIT_TIME} instead.
140    * */
141   @Deprecated
142   public static final int SNAPSHOT_TIMEOUT_MILLIS_DEFAULT = 60000 * 5;
143 
144   /**
145    * Conf key for # of ms elapsed before injecting a snapshot timeout error when waiting for
146    * completion.
147    * @deprecated Use {@link #MASTER_SNAPSHOT_TIMEOUT_MILLIS} instead.
148    */
149   @Deprecated
150   public static final String SNAPSHOT_TIMEOUT_MILLIS_KEY = "hbase.snapshot.master.timeoutMillis";
151 
152   private SnapshotDescriptionUtils() {
153     // private constructor for utility class
154   }
155 
156   /**
157    * @param conf {@link Configuration} from which to check for the timeout
158    * @param type type of snapshot being taken
159    * @param defaultMaxWaitTime Default amount of time to wait, if none is in the configuration
160    * @return the max amount of time the master should wait for a snapshot to complete
161    */
162   public static long getMaxMasterTimeout(Configuration conf, SnapshotDescription.Type type,
163       long defaultMaxWaitTime) {
164     String confKey;
165     switch (type) {
166     case DISABLED:
167     default:
168       confKey = MASTER_SNAPSHOT_TIMEOUT_MILLIS;
169     }
170     return Math.max(conf.getLong(confKey, defaultMaxWaitTime),
171         conf.getLong(SNAPSHOT_TIMEOUT_MILLIS_KEY, defaultMaxWaitTime));
172   }
173 
174   /**
175    * Get the snapshot root directory. All the snapshots are kept under this directory, i.e.
176    * ${hbase.rootdir}/.snapshot
177    * @param rootDir hbase root directory
178    * @return the base directory in which all snapshots are kept
179    */
180   public static Path getSnapshotRootDir(final Path rootDir) {
181     return new Path(rootDir, HConstants.SNAPSHOT_DIR_NAME);
182   }
183 
184   /**
185    * Get the directory for a specified snapshot. This directory is a sub-directory of snapshot root
186    * directory and all the data files for a snapshot are kept under this directory.
187    * @param snapshot snapshot being taken
188    * @param rootDir hbase root directory
189    * @return the final directory for the completed snapshot
190    */
191   public static Path getCompletedSnapshotDir(final SnapshotDescription snapshot, final Path rootDir) {
192     return getCompletedSnapshotDir(snapshot.getName(), rootDir);
193   }
194 
195   /**
196    * Get the directory for a completed snapshot. This directory is a sub-directory of snapshot root
197    * directory and all the data files for a snapshot are kept under this directory.
198    * @param snapshotName name of the snapshot being taken
199    * @param rootDir hbase root directory
200    * @return the final directory for the completed snapshot
201    */
202   public static Path getCompletedSnapshotDir(final String snapshotName, final Path rootDir) {
203     return getSpecifiedSnapshotDir(getSnapshotsDir(rootDir), snapshotName);
204   }
205 
206   /**
207    * Get the general working directory for snapshots - where they are built, where they are
208    * temporarily copied on export, etc.
209    * @param rootDir root directory of the HBase installation
210    * @param conf Configuration of the HBase instance
211    * @return Path to the snapshot tmp directory, relative to the passed root directory
212    */
213   public static Path getWorkingSnapshotDir(final Path rootDir, final Configuration conf) {
214     return new Path(conf.get(SNAPSHOT_WORKING_DIR,
215         getDefaultWorkingSnapshotDir(rootDir).toString()));
216   }
217 
218   /**
219    * Get the directory to build a snapshot, before it is finalized
220    * @param snapshot snapshot that will be built
221    * @param rootDir root directory of the hbase installation
222    * @param conf Configuration of the HBase instance
223    * @return {@link Path} where one can build a snapshot
224    */
225   public static Path getWorkingSnapshotDir(SnapshotDescription snapshot, final Path rootDir,
226       Configuration conf) {
227     return getWorkingSnapshotDir(snapshot.getName(), rootDir, conf);
228   }
229 
230   /**
231    * Get the directory to build a snapshot, before it is finalized
232    * @param snapshotName name of the snapshot
233    * @param rootDir root directory of the hbase installation
234    * @param conf Configuration of the HBase instance
235    * @return {@link Path} where one can build a snapshot
236    */
237   public static Path getWorkingSnapshotDir(String snapshotName, final Path rootDir,
238       Configuration conf) {
239     return getSpecifiedSnapshotDir(getWorkingSnapshotDir(rootDir, conf), snapshotName);
240   }
241 
242   /**
243    * Get the directory within the given filepath to store the snapshot instance
244    * @param snapshotsDir directory to store snapshot directory within
245    * @param snapshotName name of the snapshot to take
246    * @return the final directory for the snapshot in the given filepath
247    */
248   private static final Path getSpecifiedSnapshotDir(final Path snapshotsDir, String snapshotName) {
249     return new Path(snapshotsDir, snapshotName);
250   }
251 
252   /**
253    * @param rootDir hbase root directory
254    * @return the directory for all completed snapshots;
255    */
256   public static final Path getSnapshotsDir(Path rootDir) {
257     return new Path(rootDir, HConstants.SNAPSHOT_DIR_NAME);
258   }
259 
260   /**
261    * Determines if the given workingDir is a subdirectory of the given "root directory"
262    * @param workingDir a directory to check
263    * @param rootDir root directory of the HBase installation
264    * @return true if the given workingDir is a subdirectory of the given root directory,
265    *   false otherwise
266    */
267   public static boolean isSubDirectoryOf(final Path workingDir, final Path rootDir) {
268     return workingDir.toString().startsWith(rootDir.toString() + Path.SEPARATOR);
269   }
270 
271   /**
272    * Determines if the given workingDir is a subdirectory of the default working snapshot directory
273    * @param workingDir a directory to check
274    * @param conf configuration for the HBase cluster
275    * @return true if the given workingDir is a subdirectory of the default working directory for
276    *   snapshots, false otherwise
277    */
278   public static boolean isWithinDefaultWorkingDir(final Path workingDir, Configuration conf)
279       throws IOException {
280     Path defaultWorkingDir = getDefaultWorkingSnapshotDir(FSUtils.getRootDir(conf));
281     return workingDir.equals(defaultWorkingDir) || isSubDirectoryOf(workingDir, defaultWorkingDir);
282   }
283 
284   /**
285    * Get the default working directory for snapshots - where they are built, where they are
286    * temporarily copied on export, etc.
287    * @param rootDir root directory of the HBase installation
288    * @return Path to the default snapshot tmp directory, relative to the passed root directory
289    */
290   private static Path getDefaultWorkingSnapshotDir(final Path rootDir) {
291     return new Path(getSnapshotsDir(rootDir), SNAPSHOT_TMP_DIR_NAME);
292   }
293 
294   /**
295    * Convert the passed snapshot description into a 'full' snapshot description based on default
296    * parameters, if none have been supplied. This resolves any 'optional' parameters that aren't
297    * supplied to their default values.
298    * @param snapshot general snapshot descriptor
299    * @param conf Configuration to read configured snapshot defaults if snapshot is not complete
300    * @return a valid snapshot description
301    * @throws IllegalArgumentException if the {@link SnapshotDescription} is not a complete
302    *           {@link SnapshotDescription}.
303    */
304   public static SnapshotDescription validate(SnapshotDescription snapshot, Configuration conf)
305       throws IllegalArgumentException, IOException {
306     if (!snapshot.hasTable()) {
307       throw new IllegalArgumentException(
308         "Descriptor doesn't apply to a table, so we can't build it.");
309     }
310 
311     // set the creation time, if one hasn't been set
312     long time = snapshot.getCreationTime();
313     if (time == SnapshotDescriptionUtils.NO_SNAPSHOT_START_TIME_SPECIFIED) {
314       time = EnvironmentEdgeManager.currentTime();
315       LOG.debug("Creation time not specified, setting to:" + time + " (current time:"
316           + EnvironmentEdgeManager.currentTime() + ").");
317       SnapshotDescription.Builder builder = snapshot.toBuilder();
318       builder.setCreationTime(time);
319       snapshot = builder.build();
320     }
321     long ttl = snapshot.getTtl();
322     // set default ttl(sec) if it is not set already or the value is out of the range
323     if (ttl == SnapshotDescriptionUtils.NO_SNAPSHOT_TTL_SPECIFIED ||
324         ttl > TimeUnit.MILLISECONDS.toSeconds(Long.MAX_VALUE)) {
325       final long defaultSnapshotTtl = conf.getLong(HConstants.DEFAULT_SNAPSHOT_TTL_CONFIG_KEY,
326           HConstants.DEFAULT_SNAPSHOT_TTL);
327       if (LOG.isDebugEnabled()) {
328         LOG.debug("Snapshot current TTL value: " + ttl + " resetting it to default value: " +
329           defaultSnapshotTtl);
330       }
331       ttl = defaultSnapshotTtl;
332     }
333     SnapshotDescription.Builder builder = snapshot.toBuilder();
334     builder.setTtl(ttl);
335     snapshot = builder.build();
336 
337     // set the acl to snapshot if security feature is enabled.
338     if(isSecurityAvailable(conf)){
339       snapshot = writeAclToSnapshotDescription(snapshot, conf);
340     }
341 
342     return snapshot;
343   }
344 
345   /**
346    * Write the snapshot description into the working directory of a snapshot
347    * @param snapshot description of the snapshot being taken
348    * @param workingDir working directory of the snapshot
349    * @param fs {@link FileSystem} on which the snapshot should be taken
350    * @throws IOException if we can't reach the filesystem and the file cannot be cleaned up on
351    *           failure
352    */
353   public static void writeSnapshotInfo(SnapshotDescription snapshot, Path workingDir, FileSystem fs)
354       throws IOException {
355     FsPermission perms = FSUtils.getFilePermissions(fs, fs.getConf(),
356       HConstants.DATA_FILE_UMASK_KEY);
357     Path snapshotInfo = new Path(workingDir, SnapshotDescriptionUtils.SNAPSHOTINFO_FILE);
358     try {
359       FSDataOutputStream out = FSUtils.create(fs, snapshotInfo, perms, true);
360       try {
361         snapshot.writeTo(out);
362       } finally {
363         out.close();
364       }
365     } catch (IOException e) {
366       // if we get an exception, try to remove the snapshot info
367       if (!fs.delete(snapshotInfo, false)) {
368         String msg = "Couldn't delete snapshot info file: " + snapshotInfo;
369         LOG.error(msg);
370         throw new IOException(msg);
371       }
372     }
373   }
374 
375   /**
376    * Read in the {@link SnapshotDescription} stored for the snapshot in the passed directory
377    * @param fs filesystem where the snapshot was taken
378    * @param snapshotDir directory where the snapshot was stored
379    * @return the stored snapshot description
380    * @throws CorruptedSnapshotException if the
381    * snapshot cannot be read
382    */
383   public static SnapshotDescription readSnapshotInfo(FileSystem fs, Path snapshotDir)
384       throws CorruptedSnapshotException {
385     Path snapshotInfo = new Path(snapshotDir, SNAPSHOTINFO_FILE);
386     try {
387       FSDataInputStream in = null;
388       try {
389         in = fs.open(snapshotInfo);
390         SnapshotDescription desc = SnapshotDescription.parseFrom(in);
391         return desc;
392       } finally {
393         if (in != null) in.close();
394       }
395     } catch (IOException e) {
396       throw new CorruptedSnapshotException("Couldn't read snapshot info from:" + snapshotInfo, e);
397     }
398   }
399 
400   /**
401    * Move the finished snapshot to its final, publicly visible directory - this marks the snapshot
402    * as 'complete'.
403    * @param snapshotDir The file path of the completed snapshots
404    * @param workingDir The file path of the in progress snapshots
405    * @param fs {@link FileSystem} The file system of the completed snapshots
406    * @param workingDirFs The file system of the in progress snapshots
407    * @throws org.apache.hadoop.hbase.snapshot.SnapshotCreationException if the
408    * snapshot could not be moved
409    * @throws IOException the filesystem could not be reached
410    */
411   public static void completeSnapshot(Path snapshotDir, Path workingDir, FileSystem fs,
412       FileSystem workingDirFs, Configuration conf) throws SnapshotCreationException, IOException {
413     LOG.debug("Snapshot is done, just moving the snapshot from " + workingDir + " to "
414         + snapshotDir);
415     if (!workingDirFs.exists(workingDir)) {
416       throw new IOException("Failed to moving nonexistent snapshot working directory "
417           + workingDir + " to " + snapshotDir);
418     }
419     // If the working and completed snapshot directory are on the same file system, attempt
420     // to rename the working snapshot directory to the completed location. If that fails,
421     // or the file systems differ, attempt to copy the directory over, throwing an exception
422     // if this fails
423     URI workingURI = workingDirFs.getUri();
424     URI rootURI = fs.getUri();
425 
426     if ((shouldSkipRenameSnapshotDirectories(workingURI, rootURI)
427         || !fs.rename(workingDir, snapshotDir))
428          && !FileUtil.copy(workingDirFs, workingDir, fs, snapshotDir, true, true, conf)) {
429       throw new SnapshotCreationException("Failed to copy working directory(" + workingDir
430           + ") to completed directory(" + snapshotDir + ").");
431     }
432   }
433 
434   static boolean shouldSkipRenameSnapshotDirectories(URI workingURI, URI rootURI) {
435     // check scheme, e.g. file, hdfs
436     if (workingURI.getScheme() == null &&
437         (rootURI.getScheme() != null && !rootURI.getScheme().equalsIgnoreCase("file"))) {
438       return true;
439     }
440     if (workingURI.getScheme() != null && !workingURI.getScheme().equals(rootURI.getScheme())) {
441       return true;
442     }
443 
444     // check Authority, e.g. localhost:port
445     if (workingURI.getAuthority() == null && rootURI.getAuthority() != null) {
446       return true;
447     }
448     if (workingURI.getAuthority() != null &&
449         !workingURI.getAuthority().equals(rootURI.getAuthority())) {
450       return true;
451     }
452 
453     // check UGI/userInfo
454     if (workingURI.getUserInfo() == null && rootURI.getUserInfo() != null) {
455       return true;
456     }
457     if (workingURI.getUserInfo() != null &&
458         !workingURI.getUserInfo().equals(rootURI.getUserInfo())) {
459       return true;
460     }
461 
462     return false;
463   }
464 
465 
466   /**
467    * Check if the user is this table snapshot's owner
468    * @param snapshot the table snapshot description
469    * @param user the user
470    * @return true if the user is the owner of the snapshot,
471    *         false otherwise or the snapshot owner field is not present.
472    */
473   public static boolean isSnapshotOwner(final SnapshotDescription snapshot, final User user) {
474     if (user == null) return false;
475     if (!snapshot.hasOwner()) return false;
476     return snapshot.getOwner().equals(user.getShortName());
477   }
478 
479   public static boolean isSecurityAvailable(Configuration conf) throws IOException {
480     Connection conn = ConnectionFactory.createConnection(conf);
481     try {
482       Admin admin = conn.getAdmin();
483       try {
484         return admin.tableExists(AccessControlLists.ACL_TABLE_NAME);
485       } finally {
486         admin.close();
487       }
488     } finally {
489       conn.close();
490     }
491   }
492 
493   private static SnapshotDescription writeAclToSnapshotDescription(
494       final SnapshotDescription snapshot, final Configuration conf) throws IOException {
495     ListMultimap<String, TablePermission> perms =
496         User.runAsLoginUser(new PrivilegedExceptionAction<ListMultimap<String, TablePermission>>() {
497           @Override
498           public ListMultimap<String, TablePermission> run() throws Exception {
499             return AccessControlLists.getTablePermissions(conf,
500               TableName.valueOf(snapshot.getTable()));
501           }
502         });
503     return snapshot.toBuilder().setUsersAndPermissions(ProtobufUtil.toUserTablePermissions(perms))
504         .build();
505   }
506 }