diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java index 3b614691bd42..29ff82576eb4 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java @@ -230,43 +230,55 @@ public void join() throws InterruptedException { public ContainerWithPipeline allocateContainer(HddsProtos.ReplicationType replicationType, HddsProtos.ReplicationFactor factor, String owner) throws IOException { - if (scm.getScmContext().isInSafeMode()) { - throw new SCMException("SafeModePrecheck failed for allocateContainer", - ResultCodes.SAFE_MODE_EXCEPTION); + + Map auditMap = Maps.newHashMap(); + auditMap.put("replicationType", String.valueOf(replicationType)); + auditMap.put("factor", String.valueOf(factor)); + auditMap.put("owner", String.valueOf(owner)); + + try { + if (scm.getScmContext().isInSafeMode()) { + throw new SCMException("SafeModePrecheck failed for allocateContainer", + ResultCodes.SAFE_MODE_EXCEPTION); + } + getScm().checkAdminAccess(getRemoteUser(), false); + final ContainerInfo container = scm.getContainerManager() + .allocateContainer( + ReplicationConfig.fromProtoTypeAndFactor(replicationType, factor), + owner); + final Pipeline pipeline = scm.getPipelineManager() + .getPipeline(container.getPipelineID()); + ContainerWithPipeline cp = new ContainerWithPipeline(container, pipeline); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.ALLOCATE_CONTAINER, auditMap) + ); + return cp; + } catch (Exception ex) { + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.ALLOCATE_CONTAINER, auditMap, ex) + ); + throw ex; } - getScm().checkAdminAccess(getRemoteUser(), false); - final ContainerInfo container = scm.getContainerManager() - .allocateContainer( - ReplicationConfig.fromProtoTypeAndFactor(replicationType, factor), - owner); - final Pipeline pipeline = scm.getPipelineManager() - .getPipeline(container.getPipelineID()); - return new ContainerWithPipeline(container, pipeline); } @Override public ContainerInfo getContainer(long containerID) throws IOException { - boolean auditSuccess = true; Map auditMap = Maps.newHashMap(); auditMap.put("containerID", String.valueOf(containerID)); - getScm().checkAdminAccess(getRemoteUser(), true); try { - return scm.getContainerManager() + getScm().checkAdminAccess(getRemoteUser(), true); + ContainerInfo info = scm.getContainerManager() .getContainer(ContainerID.valueOf(containerID)); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_CONTAINER, auditMap) + ); + return info; } catch (IOException ex) { - auditSuccess = false; - AUDIT.logReadFailure( - buildAuditMessageForFailure(SCMAction.GET_CONTAINER, auditMap, ex) + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_CONTAINER, auditMap, ex) ); throw ex; - } finally { - if (auditSuccess) { - AUDIT.logReadSuccess( - buildAuditMessageForSuccess(SCMAction.GET_CONTAINER, auditMap) - ); - } } - } private ContainerWithPipeline getContainerWithPipelineCommon( @@ -306,18 +318,16 @@ private ContainerWithPipeline getContainerWithPipelineCommon( @Override public ContainerWithPipeline getContainerWithPipeline(long containerID) throws IOException { + final Map auditMap = Maps.newHashMap(); + auditMap.put("containerID", ContainerID.valueOf(containerID).toString()); try { ContainerWithPipeline cp = getContainerWithPipelineCommon(containerID); AUDIT.logReadSuccess(buildAuditMessageForSuccess( - SCMAction.GET_CONTAINER_WITH_PIPELINE, - Collections.singletonMap("containerID", - ContainerID.valueOf(containerID).toString()))); + SCMAction.GET_CONTAINER_WITH_PIPELINE, auditMap)); return cp; } catch (IOException ex) { AUDIT.logReadFailure(buildAuditMessageForFailure( - SCMAction.GET_CONTAINER_WITH_PIPELINE, - Collections.singletonMap("containerID", - ContainerID.valueOf(containerID).toString()), ex)); + SCMAction.GET_CONTAINER_WITH_PIPELINE, auditMap, ex)); throw ex; } } @@ -326,23 +336,36 @@ public ContainerWithPipeline getContainerWithPipeline(long containerID) public List getContainerReplicas( long containerId, int clientVersion) throws IOException { List results = new ArrayList<>(); + Map auditMap = new HashMap<>(); + auditMap.put("containerId", String.valueOf(containerId)); + auditMap.put("clientVersion", String.valueOf(clientVersion)); - Set replicas = getScm().getContainerManager() - .getContainerReplicas(ContainerID.valueOf(containerId)); - for (ContainerReplica r : replicas) { - results.add( - HddsProtos.SCMContainerReplicaProto.newBuilder() - .setContainerID(containerId) - .setState(r.getState().toString()) - .setDatanodeDetails(r.getDatanodeDetails().toProto(clientVersion)) - .setBytesUsed(r.getBytesUsed()) - .setPlaceOfBirth(r.getOriginDatanodeId().toString()) - .setKeyCount(r.getKeyCount()) - .setSequenceID(r.getSequenceId()) - .setReplicaIndex(r.getReplicaIndex()).build() - ); + try { + Set replicas = getScm().getContainerManager() + .getContainerReplicas(ContainerID.valueOf(containerId)); + for (ContainerReplica r : replicas) { + results.add( + HddsProtos.SCMContainerReplicaProto.newBuilder() + .setContainerID(containerId) + .setState(r.getState().toString()) + .setDatanodeDetails(r.getDatanodeDetails().toProto(clientVersion)) + .setBytesUsed(r.getBytesUsed()) + .setPlaceOfBirth(r.getOriginDatanodeId().toString()) + .setKeyCount(r.getKeyCount()) + .setSequenceID(r.getSequenceId()) + .setReplicaIndex(r.getReplicaIndex()).build() + ); + } + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_CONTAINER_WITH_PIPELINE_BATCH, + auditMap)); + return results; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_CONTAINER_REPLICAS, + auditMap, ex)); + throw ex; } - return results; } @Override @@ -579,9 +602,14 @@ public void deleteContainer(long containerID) throws IOException { @Override public Map> getContainersOnDecomNode(DatanodeDetails dn) throws IOException { + Map auditMap = Maps.newHashMap(); + auditMap.put("datanodeDetails", String.valueOf(dn)); try { - return scm.getScmDecommissionManager().getContainersPendingReplication(dn); + Map> result = scm.getScmDecommissionManager().getContainersPendingReplication(dn); + AUDIT.logReadSuccess(buildAuditMessageForSuccess(SCMAction.GET_CONTAINERS_ON_DECOM_NODE, auditMap)); + return result; } catch (NodeNotFoundException e) { + AUDIT.logReadFailure(buildAuditMessageForFailure(SCMAction.GET_CONTAINERS_ON_DECOM_NODE, auditMap, e)); throw new IOException("Failed to get containers list. Unable to find required node", e); } } @@ -591,30 +619,44 @@ public List queryNode( HddsProtos.NodeOperationalState opState, HddsProtos.NodeState state, HddsProtos.QueryScope queryScope, String poolName, int clientVersion) throws IOException { + final Map auditMap = Maps.newHashMap(); + auditMap.put("opState", String.valueOf(opState)); + auditMap.put("state", String.valueOf(state)); + auditMap.put("queryScope", String.valueOf(queryScope)); + auditMap.put("poolName", poolName); + auditMap.put("clientVersion", String.valueOf(clientVersion)); + if (queryScope == HddsProtos.QueryScope.POOL) { - throw new IllegalArgumentException("Not Supported yet"); + IllegalArgumentException ex = new IllegalArgumentException("Not Supported yet"); + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.QUERY_NODE, auditMap, ex)); + throw ex; } - - List result = new ArrayList<>(); - for (DatanodeDetails node : queryNode(opState, state)) { - try { + try { + List result = new ArrayList<>(); + for (DatanodeDetails node : queryNode(opState, state)) { NodeStatus ns = scm.getScmNodeManager().getNodeStatus(node); result.add(HddsProtos.Node.newBuilder() .setNodeID(node.toProto(clientVersion)) .addNodeStates(ns.getHealth()) .addNodeOperationalStates(ns.getOperationalState()) .build()); - } catch (NodeNotFoundException e) { - throw new IOException( - "An unexpected error occurred querying the NodeStatus", e); } + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.QUERY_NODE, auditMap)); + return result; + } catch (NodeNotFoundException e) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.QUERY_NODE, auditMap, e)); + throw new IOException("An unexpected error occurred querying the NodeStatus", e); } - return result; } @Override public HddsProtos.Node queryNode(UUID uuid) throws IOException { + final Map auditMap = Maps.newHashMap(); + auditMap.put("uuid", String.valueOf(uuid)); HddsProtos.Node result = null; try { DatanodeDetails node = scm.getScmNodeManager().getNode(DatanodeID.of(uuid)); @@ -627,20 +669,33 @@ public HddsProtos.Node queryNode(UUID uuid) .build(); } } catch (NodeNotFoundException e) { - throw new IOException( + IOException ex = new IOException( "An unexpected error occurred querying the NodeStatus", e); + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.QUERY_NODE, auditMap, ex)); + throw ex; } + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.QUERY_NODE, auditMap)); return result; } @Override public List decommissionNodes(List nodes, boolean force) throws IOException { + final Map auditMap = Maps.newHashMap(); + auditMap.put("nodes", String.valueOf(nodes)); + auditMap.put("force", String.valueOf(force)); + try { getScm().checkAdminAccess(getRemoteUser(), false); - return scm.getScmDecommissionManager().decommissionNodes(nodes, force); + List result = scm.getScmDecommissionManager().decommissionNodes(nodes, force); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.DECOMMISSION_NODES, auditMap)); + return result; } catch (Exception ex) { - LOG.error("Failed to decommission nodes", ex); + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.DECOMMISSION_NODES, auditMap, ex)); throw ex; } } @@ -648,11 +703,17 @@ public List decommissionNodes(List nodes, boolean fo @Override public List recommissionNodes(List nodes) throws IOException { + final Map auditMap = Maps.newHashMap(); + auditMap.put("nodes", String.valueOf(nodes)); try { getScm().checkAdminAccess(getRemoteUser(), false); - return scm.getScmDecommissionManager().recommissionNodes(nodes); + List result = scm.getScmDecommissionManager().recommissionNodes(nodes); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.DECOMMISSION_NODES, auditMap)); + return result; } catch (Exception ex) { - LOG.error("Failed to recommission nodes", ex); + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.DECOMMISSION_NODES, auditMap, ex)); throw ex; } } @@ -660,19 +721,26 @@ public List recommissionNodes(List nodes) @Override public List startMaintenanceNodes(List nodes, int endInHours, boolean force) throws IOException { + final Map auditMap = Maps.newHashMap(); + auditMap.put("nodes", String.valueOf(nodes)); + auditMap.put("endInHours", String.valueOf(endInHours)); + auditMap.put("force", String.valueOf(force)); try { getScm().checkAdminAccess(getRemoteUser(), false); - return scm.getScmDecommissionManager() + List result = scm.getScmDecommissionManager() .startMaintenanceNodes(nodes, endInHours, force); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.START_MAINTENANCE_NODES, auditMap)); + return result; } catch (Exception ex) { - LOG.error("Failed to place nodes into maintenance mode", ex); + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.START_MAINTENANCE_NODES, auditMap, ex)); throw ex; } } @Override public void closeContainer(long containerID) throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); final UserGroupInformation remoteUser = getRemoteUser(); final Map auditMap = Maps.newHashMap(); auditMap.put("containerID", String.valueOf(containerID)); @@ -708,7 +776,7 @@ public void closeContainer(long containerID) throws IOException { public Pipeline createReplicationPipeline(HddsProtos.ReplicationType type, HddsProtos.ReplicationFactor factor, HddsProtos.NodePool nodePool) throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); + Map auditMap = Maps.newHashMap(); if (type != null) { auditMap.put("replicationType", type.toString()); @@ -724,6 +792,7 @@ public Pipeline createReplicationPipeline(HddsProtos.ReplicationType type, auditMap.put("nodePool", String.join(", ", nodeIpAddresses)); } try { + getScm().checkAdminAccess(getRemoteUser(), false); Pipeline result = scm.getPipelineManager().createPipeline( ReplicationConfig.fromProtoTypeAndFactor(type, factor)); AUDIT.logWriteSuccess(buildAuditMessageForSuccess( @@ -737,17 +806,34 @@ public Pipeline createReplicationPipeline(HddsProtos.ReplicationType type, } @Override - public List listPipelines() { - AUDIT.logReadSuccess( - buildAuditMessageForSuccess(SCMAction.LIST_PIPELINE, null)); - return scm.getPipelineManager().getPipelines(); + public List listPipelines() throws IOException { + try { + List pipelines = scm.getPipelineManager().getPipelines(); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.LIST_PIPELINE, null)); + return pipelines; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.LIST_PIPELINE, null, ex)); + throw ex; + } } @Override public Pipeline getPipeline(HddsProtos.PipelineID pipelineID) throws IOException { - return scm.getPipelineManager().getPipeline( - PipelineID.getFromProtobuf(pipelineID)); + final Map auditMap = Maps.newHashMap(); + auditMap.put("pipelineID", pipelineID.getId()); + try { + Pipeline pipeline = scm.getPipelineManager().getPipeline(PipelineID.getFromProtobuf(pipelineID)); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_PIPELINE, auditMap)); + return pipeline; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_PIPELINE, auditMap, ex)); + throw ex; + } } @Override @@ -808,40 +894,34 @@ public void closePipeline(HddsProtos.PipelineID pipelineID) @Override public ScmInfo getScmInfo() { - boolean auditSuccess = true; try { ScmInfo.Builder builder = new ScmInfo.Builder() .setClusterId(scm.getScmStorageConfig().getClusterID()) .setScmId(scm.getScmStorageConfig().getScmId()) .setPeerRoles(scm.getScmHAManager().getRatisServer().getRatisRoles()); - return builder.build(); + ScmInfo info = builder.build(); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_SCM_INFO, null)); + return info; } catch (Exception ex) { - auditSuccess = false; - AUDIT.logReadFailure( - buildAuditMessageForFailure(SCMAction.GET_SCM_INFO, null, ex) + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_SCM_INFO, null, ex) ); throw ex; - } finally { - if (auditSuccess) { - AUDIT.logReadSuccess( - buildAuditMessageForSuccess(SCMAction.GET_SCM_INFO, null) - ); - } } } @Override public void transferLeadership(String newLeaderId) throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); - checkIfCertSignRequestAllowed(scm.getRootCARotationManager(), - false, config, "transferLeadership"); - boolean auditSuccess = true; Map auditMap = Maps.newHashMap(); auditMap.put("newLeaderId", newLeaderId); try { + getScm().checkAdminAccess(getRemoteUser(), false); + checkIfCertSignRequestAllowed(scm.getRootCARotationManager(), + false, config, "transferLeadership"); SCMRatisServer scmRatisServer = scm.getScmHAManager().getRatisServer(); RaftGroup group = scmRatisServer.getDivision().getGroup(); RaftPeerId targetPeerId; @@ -864,16 +944,12 @@ public void transferLeadership(String newLeaderId) RatisHelper.transferRatisLeadership(scm.getConfiguration(), group, targetPeerId, tlsConfig); } catch (Exception ex) { - auditSuccess = false; AUDIT.logReadFailure(buildAuditMessageForFailure( SCMAction.TRANSFER_LEADERSHIP, auditMap, ex)); throw ex; - } finally { - if (auditSuccess) { - AUDIT.logReadSuccess(buildAuditMessageForSuccess( - SCMAction.TRANSFER_LEADERSHIP, auditMap)); - } } + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.TRANSFER_LEADERSHIP, auditMap)); } @Override @@ -883,6 +959,7 @@ public List getFailedDeletedBlockTxn(int count, Map auditMap = Maps.newHashMap(); auditMap.put("count", String.valueOf(count)); auditMap.put("startTxId", String.valueOf(startTxId)); + try { result = scm.getScmBlockManager().getDeletedBlockLog() .getFailedTransactions(count, startTxId).stream() @@ -902,12 +979,12 @@ public List getFailedDeletedBlockTxn(int count, @Override public int resetDeletedBlockRetryCount(List txIDs) throws IOException { - Map auditMap = Maps.newHashMap(); - getScm().checkAdminAccess(getRemoteUser(), false); + final Map auditMap = Maps.newHashMap(); + auditMap.put("txIDs", txIDs.toString()); try { + getScm().checkAdminAccess(getRemoteUser(), false); int count = scm.getScmBlockManager().getDeletedBlockLog(). resetCount(txIDs); - auditMap.put("txIDs", txIDs.toString()); AUDIT.logWriteSuccess(buildAuditMessageForSuccess( SCMAction.RESET_DELETED_BLOCK_RETRY_COUNT, auditMap)); return count; @@ -935,7 +1012,16 @@ public boolean inSafeMode() throws IOException { @Override public Map> getSafeModeRuleStatuses() throws IOException { - return scm.getRuleStatus(); + try { + Map> result = scm.getRuleStatus(); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_SAFE_MODE_RULE_STATUSES, null)); + return result; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_SAFE_MODE_RULE_STATUSES, null, ex)); + throw ex; + } } /** @@ -946,27 +1032,49 @@ public Map> getSafeModeRuleStatuses() */ @Override public boolean forceExitSafeMode() throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); - AUDIT.logWriteSuccess( - buildAuditMessageForSuccess(SCMAction.FORCE_EXIT_SAFE_MODE, null) - ); - return scm.exitSafeMode(); + try { + getScm().checkAdminAccess(getRemoteUser(), false); + boolean result = scm.exitSafeMode(); + AUDIT.logWriteSuccess( + buildAuditMessageForSuccess(SCMAction.FORCE_EXIT_SAFE_MODE, null) + ); + return result; + + } catch (Exception ex) { + AUDIT.logWriteFailure( + buildAuditMessageForFailure(SCMAction.FORCE_EXIT_SAFE_MODE, null, ex) + ); + throw ex; + } } @Override public void startReplicationManager() throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); - AUDIT.logWriteSuccess(buildAuditMessageForSuccess( - SCMAction.START_REPLICATION_MANAGER, null)); - scm.getReplicationManager().start(); + try { + getScm().checkAdminAccess(getRemoteUser(), false); + scm.getReplicationManager().start(); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.START_REPLICATION_MANAGER, null)); + + } catch (Exception ex) { + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.START_REPLICATION_MANAGER, null, ex)); + throw ex; + } } @Override public void stopReplicationManager() throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); - AUDIT.logWriteSuccess(buildAuditMessageForSuccess( - SCMAction.STOP_REPLICATION_MANAGER, null)); - scm.getReplicationManager().stop(); + try { + getScm().checkAdminAccess(getRemoteUser(), false); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.STOP_REPLICATION_MANAGER, null)); + scm.getReplicationManager().stop(); + } catch (Exception ex) { + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.STOP_REPLICATION_MANAGER, null, ex)); + throw ex; + } } @Override @@ -986,35 +1094,49 @@ public ReplicationManagerReport getReplicationManagerReport() { @Override public StatusAndMessages finalizeScmUpgrade(String upgradeClientID) throws IOException { - // check admin authorization + final Map auditMap = Maps.newHashMap(); + auditMap.put("upgradeClientID", upgradeClientID); try { + // check admin authorization getScm().checkAdminAccess(getRemoteUser(), false); - } catch (IOException e) { - LOG.error("Authorization failed for finalize scm upgrade", e); - throw e; + // TODO HDDS-6762: Return to the client once the FINALIZATION_STARTED + // checkpoint has been crossed and continue finalizing asynchronously. + StatusAndMessages result = scm.getFinalizationManager().finalizeUpgrade(upgradeClientID); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.FINALIZE_SCM_UPGRADE, auditMap)); + return result; + } catch (Exception ex) { + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.FINALIZE_SCM_UPGRADE, auditMap, ex)); + throw ex; } - // TODO HDDS-6762: Return to the client once the FINALIZATION_STARTED - // checkpoint has been crossed and continue finalizing asynchronously. - return scm.getFinalizationManager().finalizeUpgrade(upgradeClientID); + } @Override public StatusAndMessages queryUpgradeFinalizationProgress( String upgradeClientID, boolean force, boolean readonly) throws IOException { - if (!readonly) { + Map auditMap = Maps.newHashMap(); + auditMap.put("upgradeClientID", upgradeClientID); + auditMap.put("force", String.valueOf(force)); + auditMap.put("readonly", String.valueOf(readonly)); + + try { // check admin authorization - try { + if (!readonly) { getScm().checkAdminAccess(getRemoteUser(), true); - } catch (IOException e) { - LOG.error("Authorization failed for query scm upgrade finalization " + - "progress", e); - throw e; } + StatusAndMessages result = scm.getFinalizationManager() + .queryUpgradeFinalizationProgress(upgradeClientID, force, readonly); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.QUERY_UPGRADE_FINALIZATION_PROGRESS, auditMap)); + return result; + } catch (IOException ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.QUERY_UPGRADE_FINALIZATION_PROGRESS, auditMap, ex)); + throw ex; } - - return scm.getFinalizationManager() - .queryUpgradeFinalizationProgress(upgradeClientID, force, readonly); } @Override @@ -1030,11 +1152,11 @@ public StartContainerBalancerResponseProto startContainerBalancer( Optional networkTopologyEnable, Optional includeNodes, Optional excludeNodes) throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); - ContainerBalancerConfiguration cbc = - scm.getConfiguration().getObject(ContainerBalancerConfiguration.class); Map auditMap = Maps.newHashMap(); try { + getScm().checkAdminAccess(getRemoteUser(), false); + ContainerBalancerConfiguration cbc = + scm.getConfiguration().getObject(ContainerBalancerConfiguration.class); if (threshold.isPresent()) { double tsd = threshold.get(); auditMap.put("threshold", String.valueOf(tsd)); @@ -1160,8 +1282,8 @@ public StartContainerBalancerResponseProto startContainerBalancer( @Override public void stopContainerBalancer() throws IOException { - getScm().checkAdminAccess(getRemoteUser(), false); try { + getScm().checkAdminAccess(getRemoteUser(), false); scm.getContainerBalancer().stopBalancer(); AUDIT.logWriteSuccess(buildAuditMessageForSuccess( SCMAction.STOP_CONTAINER_BALANCER, null)); @@ -1212,33 +1334,40 @@ public ContainerBalancerStatusInfoResponseProto getContainerBalancerStatusInfo() public List getDatanodeUsageInfo( String address, String uuid, int clientVersion) throws IOException { - // check admin authorisation + final Map auditMap = Maps.newHashMap(); + auditMap.put("address", address); + auditMap.put("uuid", uuid); + auditMap.put("clientVersion", String.valueOf(clientVersion)); + try { + // check admin authorisation getScm().checkAdminAccess(getRemoteUser(), true); - } catch (IOException e) { - LOG.error("Authorization failed", e); - throw e; - } + // get datanodes by ip or uuid + List nodes = new ArrayList<>(); + if (!Strings.isNullOrEmpty(uuid)) { + nodes.add(scm.getScmNodeManager().getNode(DatanodeID.fromUuidString(uuid))); + } else if (!Strings.isNullOrEmpty(address)) { + nodes = scm.getScmNodeManager().getNodesByAddress(address); + } else { + throw new IOException( + "Could not get datanode with the specified parameters." + ); + } - // get datanodes by ip or uuid - List nodes = new ArrayList<>(); - if (!Strings.isNullOrEmpty(uuid)) { - nodes.add(scm.getScmNodeManager().getNode(DatanodeID.fromUuidString(uuid))); - } else if (!Strings.isNullOrEmpty(address)) { - nodes = scm.getScmNodeManager().getNodesByAddress(address); - } else { - throw new IOException( - "Could not get datanode with the specified parameters." - ); - } + // get datanode usage info + List infoList = new ArrayList<>(); + for (DatanodeDetails node : nodes) { + infoList.add(getUsageInfoFromDatanodeDetails(node, clientVersion)); + } - // get datanode usage info - List infoList = new ArrayList<>(); - for (DatanodeDetails node : nodes) { - infoList.add(getUsageInfoFromDatanodeDetails(node, clientVersion)); - } + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_DATANODE_USAGE_INFO, auditMap)); - return infoList; + return infoList; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure(SCMAction.GET_DATANODE_USAGE_INFO, auditMap, ex)); + throw ex; + } } /** @@ -1270,62 +1399,116 @@ public List getDatanodeUsageInfo( boolean mostUsed, int count, int clientVersion) throws IOException, IllegalArgumentException { - // check admin authorisation + final Map auditMap = Maps.newHashMap(); + auditMap.put("mostUsed", String.valueOf(mostUsed)); + auditMap.put("count", String.valueOf(count)); + auditMap.put("clientVersion", String.valueOf(clientVersion)); + try { + // check admin authorisation getScm().checkAdminAccess(getRemoteUser(), true); - } catch (IOException e) { - LOG.error("Authorization failed", e); - throw e; - } + if (count < 1) { + throw new IllegalArgumentException("The specified parameter count must " + + "be an integer greater than zero."); + } + List datanodeUsageInfoList = + scm.getScmNodeManager().getMostOrLeastUsedDatanodes(mostUsed); - if (count < 1) { - throw new IllegalArgumentException("The specified parameter count must " + - "be an integer greater than zero."); - } + // if count is greater than the size of list containing healthy, + // in-service nodes, just set count to that size + if (count > datanodeUsageInfoList.size()) { + count = datanodeUsageInfoList.size(); + } - List datanodeUsageInfoList = - scm.getScmNodeManager().getMostOrLeastUsedDatanodes(mostUsed); + // return count number of DatanodeUsageInfoProto + List result = datanodeUsageInfoList.stream() + .map(each -> each.toProto(clientVersion)) + .limit(count) + .collect(Collectors.toList()); - // if count is greater than the size of list containing healthy, - // in-service nodes, just set count to that size - if (count > datanodeUsageInfoList.size()) { - count = datanodeUsageInfoList.size(); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_DATANODE_USAGE_INFO, auditMap)); + return result; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_DATANODE_USAGE_INFO, auditMap, ex)); + throw ex; } - - // return count number of DatanodeUsageInfoProto - return datanodeUsageInfoList.stream() - .map(each -> each.toProto(clientVersion)) - .limit(count) - .collect(Collectors.toList()); } @Override public Token getContainerToken(ContainerID containerID) throws IOException { - UserGroupInformation remoteUser = getRemoteUser(); - getScm().checkAdminAccess(remoteUser, true); + final Map auditMap = Maps.newHashMap(); + auditMap.put("containerID", String.valueOf(containerID)); + try { + UserGroupInformation remoteUser = getRemoteUser(); + getScm().checkAdminAccess(getRemoteUser(), true); - return scm.getContainerTokenGenerator() - .generateToken(remoteUser.getUserName(), containerID); + Token token = scm.getContainerTokenGenerator() + .generateToken(remoteUser.getUserName(), containerID); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_CONTAINER_TOKEN, auditMap)); + return token; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_CONTAINER_TOKEN, auditMap, ex)); + throw ex; + } } @Override public long getContainerCount() throws IOException { - return scm.getContainerManager().getContainers().size(); + try { + long count = scm.getContainerManager().getContainers().size(); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_CONTAINER_COUNT, null)); + return count; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_CONTAINER_COUNT, null, ex)); + throw ex; + } } @Override public long getContainerCount(HddsProtos.LifeCycleState state) throws IOException { - return scm.getContainerManager().getContainers(state).size(); + final Map auditMap = Maps.newHashMap(); + auditMap.put("state", String.valueOf(state)); + + try { + long count = scm.getContainerManager().getContainers(state).size(); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_CONTAINER_COUNT, auditMap)); + return count; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_CONTAINER_COUNT, auditMap, ex)); + throw ex; + } } @Override public List getListOfContainers( long startContainerID, int count, HddsProtos.LifeCycleState state) throws IOException { - return scm.getContainerManager().getContainers( - ContainerID.valueOf(startContainerID), count, state); + + final Map auditMap = Maps.newHashMap(); + auditMap.put("startContainerID", String.valueOf(startContainerID)); + auditMap.put("count", String.valueOf(count)); + auditMap.put("state", String.valueOf(state)); + try { + List results = scm.getContainerManager().getContainers( + ContainerID.valueOf(startContainerID), count, state); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.LIST_CONTAINER, auditMap)); + return results; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.LIST_CONTAINER, auditMap, ex)); + throw ex; + } } /** @@ -1414,6 +1597,8 @@ public void close() throws IOException { @Override public DecommissionScmResponseProto decommissionScm( String scmId) { + final Map auditMap = Maps.newHashMap(); + auditMap.put("scmId", scmId); Builder decommissionScmResponseBuilder = DecommissionScmResponseProto.newBuilder(); @@ -1421,17 +1606,32 @@ public DecommissionScmResponseProto decommissionScm( getScm().checkAdminAccess(getRemoteUser(), false); decommissionScmResponseBuilder .setSuccess(scm.removePeerFromHARing(scmId)); + AUDIT.logWriteSuccess(buildAuditMessageForSuccess( + SCMAction.DECOMMISSION_SCM, auditMap)); } catch (IOException ex) { decommissionScmResponseBuilder .setSuccess(false) .setErrorMsg(ex.getMessage()); + AUDIT.logWriteFailure(buildAuditMessageForFailure( + SCMAction.DECOMMISSION_SCM, auditMap, ex)); } return decommissionScmResponseBuilder.build(); } @Override public String getMetrics(String query) throws IOException { - FetchMetrics fetchMetrics = new FetchMetrics(); - return fetchMetrics.getMetrics(query); + final Map auditMap = Maps.newHashMap(); + auditMap.put("query", query); + try { + FetchMetrics fetchMetrics = new FetchMetrics(); + String metrics = fetchMetrics.getMetrics(query); + AUDIT.logReadSuccess(buildAuditMessageForSuccess( + SCMAction.GET_METRICS, auditMap)); + return metrics; + } catch (Exception ex) { + AUDIT.logReadFailure(buildAuditMessageForFailure( + SCMAction.GET_METRICS, auditMap, ex)); + throw ex; + } } } diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/ozone/audit/SCMAction.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/ozone/audit/SCMAction.java index 23f56c342c05..a514bda0d4ff 100644 --- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/ozone/audit/SCMAction.java +++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/ozone/audit/SCMAction.java @@ -54,7 +54,21 @@ public enum SCMAction implements AuditAction { GET_REPLICATION_MANAGER_REPORT, RESET_DELETED_BLOCK_RETRY_COUNT, TRANSFER_LEADERSHIP, - GET_FAILED_DELETED_BLOCKS_TRANSACTION; + GET_FAILED_DELETED_BLOCKS_TRANSACTION, + GET_CONTAINER_REPLICAS, + GET_CONTAINERS_ON_DECOM_NODE, + DECOMMISSION_NODES, + START_MAINTENANCE_NODES, + GET_SAFE_MODE_RULE_STATUSES, + FINALIZE_SCM_UPGRADE, + QUERY_UPGRADE_FINALIZATION_PROGRESS, + GET_DATANODE_USAGE_INFO, + GET_CONTAINER_TOKEN, + GET_CONTAINER_COUNT, + DECOMMISSION_SCM, + GET_METRICS, + QUERY_NODE, + GET_PIPELINE; @Override public String getAction() {