HDFS-5010. Reduce the frequency of getCurrentUser() calls from namenode. Contributed by Kihwal Lee.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1505160 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Kihwal Lee 2013-07-20 16:22:11 +00:00
parent 5b99672658
commit 313dd02505
6 changed files with 39 additions and 25 deletions

View File

@ -3276,6 +3276,9 @@ Release 0.23.10 - UNRELEASED
IMPROVEMENTS
HDFS-5010. Reduce the frequency of getCurrentUser() calls from namenode
(kihwal)
OPTIMIZATIONS
BUG FIXES

View File

@ -860,8 +860,10 @@ public ExportedBlockKeys getBlockKeys() {
public void setBlockToken(final LocatedBlock b,
final BlockTokenSecretManager.AccessMode mode) throws IOException {
if (isBlockTokenEnabled()) {
b.setBlockToken(blockTokenSecretManager.generateToken(b.getBlock(),
EnumSet.of(mode)));
// Use cached UGI if serving RPC calls.
b.setBlockToken(blockTokenSecretManager.generateToken(
NameNode.getRemoteUser().getShortUserName(),
b.getBlock(), EnumSet.of(mode)));
}
}

View File

@ -168,6 +168,7 @@
import org.apache.hadoop.hdfs.server.namenode.INode.BlocksMapUpdateInfo;
import org.apache.hadoop.hdfs.server.namenode.JournalSet.JournalAndStream;
import org.apache.hadoop.hdfs.server.namenode.LeaseManager.Lease;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NameNode.OperationCategory;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.Phase;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
@ -2943,7 +2944,11 @@ private boolean deleteInt(String src, boolean recursive)
private FSPermissionChecker getPermissionChecker()
throws AccessControlException {
return new FSPermissionChecker(fsOwnerShortUserName, supergroup);
try {
return new FSPermissionChecker(fsOwnerShortUserName, supergroup, getRemoteUser());
} catch (IOException ioe) {
throw new AccessControlException(ioe);
}
}
/**
* Remove a file/directory from the namespace.
@ -3153,9 +3158,7 @@ boolean isFileClosed(String src)
return !INodeFile.valueOf(dir.getINode(src), src).isUnderConstruction();
} catch (AccessControlException e) {
if (isAuditEnabled() && isExternalInvocation()) {
logAuditEvent(false, UserGroupInformation.getCurrentUser(),
getRemoteIp(),
"isFileClosed", src, null, null);
logAuditEvent(false, "isFileClosed", src);
}
throw e;
} finally {
@ -5825,11 +5828,7 @@ private static InetAddress getRemoteIp() {
// optimize ugi lookup for RPC operations to avoid a trip through
// UGI.getCurrentUser which is synch'ed
private static UserGroupInformation getRemoteUser() throws IOException {
UserGroupInformation ugi = null;
if (Server.isRpcInvocation()) {
ugi = Server.getRemoteUser();
}
return (ugi != null) ? ugi : UserGroupInformation.getCurrentUser();
return NameNode.getRemoteUser();
}
/**
@ -6334,8 +6333,7 @@ public SnapshottableDirectoryStatus[] getSnapshottableDirListing()
readLock();
try {
checkOperation(OperationCategory.READ);
FSPermissionChecker checker = new FSPermissionChecker(
fsOwner.getShortUserName(), supergroup);
FSPermissionChecker checker = getPermissionChecker();
final String user = checker.isSuperUser()? null : checker.getUser();
status = snapshotManager.getSnapshottableDirListing(user);
} finally {

View File

@ -56,14 +56,10 @@ private static String toAccessControlString(INode inode) {
/** A set with group namess. Not synchronized since it is unmodifiable */
private final Set<String> groups;
private final boolean isSuper;
FSPermissionChecker(String fsOwner, String supergroup
) throws AccessControlException{
try {
ugi = UserGroupInformation.getCurrentUser();
} catch (IOException e) {
throw new AccessControlException(e);
}
FSPermissionChecker(String fsOwner, String supergroup,
UserGroupInformation callerUgi) {
ugi = callerUgi;
HashSet<String> s = new HashSet<String>(Arrays.asList(ugi.getGroupNames()));
groups = Collections.unmodifiableSet(s);
user = ugi.getShortUserName();

View File

@ -431,6 +431,15 @@ NamenodeRegistration setRegistration() {
return nodeRegistration;
}
/* optimize ugi lookup for RPC operations to avoid a trip through
* UGI.getCurrentUser which is synch'ed
*/
public static UserGroupInformation getRemoteUser() throws IOException {
UserGroupInformation ugi = Server.getRemoteUser();
return (ugi != null) ? ugi : UserGroupInformation.getCurrentUser();
}
/**
* Login as the configured user for the NameNode.
*/

View File

@ -89,6 +89,7 @@
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants.NamenodeRole;
import org.apache.hadoop.hdfs.server.common.IncorrectVersionException;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NameNode.OperationCategory;
import org.apache.hadoop.hdfs.server.namenode.metrics.NameNodeMetrics;
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
@ -349,6 +350,11 @@ InetSocketAddress getRpcAddress() {
return clientRpcAddress;
}
private static UserGroupInformation getRemoteUser() throws IOException {
return NameNode.getRemoteUser();
}
/////////////////////////////////////////////////////
// NamenodeProtocol
/////////////////////////////////////////////////////
@ -457,7 +463,7 @@ public HdfsFileStatus create(String src, FsPermission masked,
+ MAX_PATH_LENGTH + " characters, " + MAX_PATH_DEPTH + " levels.");
}
HdfsFileStatus fileStatus = namesystem.startFile(src, new PermissionStatus(
UserGroupInformation.getCurrentUser().getShortUserName(), null, masked),
getRemoteUser().getShortUserName(), null, masked),
clientName, clientMachine, flag.get(), createParent, replication,
blockSize);
metrics.incrFilesCreated();
@ -690,7 +696,7 @@ public boolean mkdirs(String src, FsPermission masked, boolean createParent)
+ MAX_PATH_LENGTH + " characters, " + MAX_PATH_DEPTH + " levels.");
}
return namesystem.mkdirs(src,
new PermissionStatus(UserGroupInformation.getCurrentUser().getShortUserName(),
new PermissionStatus(getRemoteUser().getShortUserName(),
null, masked), createParent);
}
@ -882,7 +888,7 @@ public void createSymlink(String target, String link, FsPermission dirPerms,
if ("".equals(target)) {
throw new IOException("Invalid symlink target");
}
final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
final UserGroupInformation ugi = getRemoteUser();
namesystem.createSymlink(target, link,
new PermissionStatus(ugi.getShortUserName(), null, dirPerms), createParent);
}
@ -1017,7 +1023,7 @@ public void refreshServiceAcl() throws IOException {
@Override // RefreshAuthorizationPolicyProtocol
public void refreshUserToGroupsMappings() throws IOException {
LOG.info("Refreshing all user-to-groups mappings. Requested by user: " +
UserGroupInformation.getCurrentUser().getShortUserName());
getRemoteUser().getShortUserName());
Groups.getUserToGroupsMappingService().refresh();
}