HDFS-5010. Reduce the frequency of getCurrentUser() calls from namenode. Contributed by Kihwal Lee.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1505160 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
5b99672658
commit
313dd02505
@ -3276,6 +3276,9 @@ Release 0.23.10 - UNRELEASED
|
||||
|
||||
IMPROVEMENTS
|
||||
|
||||
HDFS-5010. Reduce the frequency of getCurrentUser() calls from namenode
|
||||
(kihwal)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
BUG FIXES
|
||||
|
@ -860,8 +860,10 @@ public ExportedBlockKeys getBlockKeys() {
|
||||
public void setBlockToken(final LocatedBlock b,
|
||||
final BlockTokenSecretManager.AccessMode mode) throws IOException {
|
||||
if (isBlockTokenEnabled()) {
|
||||
b.setBlockToken(blockTokenSecretManager.generateToken(b.getBlock(),
|
||||
EnumSet.of(mode)));
|
||||
// Use cached UGI if serving RPC calls.
|
||||
b.setBlockToken(blockTokenSecretManager.generateToken(
|
||||
NameNode.getRemoteUser().getShortUserName(),
|
||||
b.getBlock(), EnumSet.of(mode)));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -168,6 +168,7 @@
|
||||
import org.apache.hadoop.hdfs.server.namenode.INode.BlocksMapUpdateInfo;
|
||||
import org.apache.hadoop.hdfs.server.namenode.JournalSet.JournalAndStream;
|
||||
import org.apache.hadoop.hdfs.server.namenode.LeaseManager.Lease;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNode;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNode.OperationCategory;
|
||||
import org.apache.hadoop.hdfs.server.namenode.startupprogress.Phase;
|
||||
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
|
||||
@ -2943,7 +2944,11 @@ private boolean deleteInt(String src, boolean recursive)
|
||||
|
||||
private FSPermissionChecker getPermissionChecker()
|
||||
throws AccessControlException {
|
||||
return new FSPermissionChecker(fsOwnerShortUserName, supergroup);
|
||||
try {
|
||||
return new FSPermissionChecker(fsOwnerShortUserName, supergroup, getRemoteUser());
|
||||
} catch (IOException ioe) {
|
||||
throw new AccessControlException(ioe);
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Remove a file/directory from the namespace.
|
||||
@ -3153,9 +3158,7 @@ boolean isFileClosed(String src)
|
||||
return !INodeFile.valueOf(dir.getINode(src), src).isUnderConstruction();
|
||||
} catch (AccessControlException e) {
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(false, UserGroupInformation.getCurrentUser(),
|
||||
getRemoteIp(),
|
||||
"isFileClosed", src, null, null);
|
||||
logAuditEvent(false, "isFileClosed", src);
|
||||
}
|
||||
throw e;
|
||||
} finally {
|
||||
@ -5825,11 +5828,7 @@ private static InetAddress getRemoteIp() {
|
||||
// optimize ugi lookup for RPC operations to avoid a trip through
|
||||
// UGI.getCurrentUser which is synch'ed
|
||||
private static UserGroupInformation getRemoteUser() throws IOException {
|
||||
UserGroupInformation ugi = null;
|
||||
if (Server.isRpcInvocation()) {
|
||||
ugi = Server.getRemoteUser();
|
||||
}
|
||||
return (ugi != null) ? ugi : UserGroupInformation.getCurrentUser();
|
||||
return NameNode.getRemoteUser();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -6334,8 +6333,7 @@ public SnapshottableDirectoryStatus[] getSnapshottableDirListing()
|
||||
readLock();
|
||||
try {
|
||||
checkOperation(OperationCategory.READ);
|
||||
FSPermissionChecker checker = new FSPermissionChecker(
|
||||
fsOwner.getShortUserName(), supergroup);
|
||||
FSPermissionChecker checker = getPermissionChecker();
|
||||
final String user = checker.isSuperUser()? null : checker.getUser();
|
||||
status = snapshotManager.getSnapshottableDirListing(user);
|
||||
} finally {
|
||||
|
@ -56,14 +56,10 @@ private static String toAccessControlString(INode inode) {
|
||||
/** A set with group namess. Not synchronized since it is unmodifiable */
|
||||
private final Set<String> groups;
|
||||
private final boolean isSuper;
|
||||
|
||||
FSPermissionChecker(String fsOwner, String supergroup
|
||||
) throws AccessControlException{
|
||||
try {
|
||||
ugi = UserGroupInformation.getCurrentUser();
|
||||
} catch (IOException e) {
|
||||
throw new AccessControlException(e);
|
||||
}
|
||||
|
||||
FSPermissionChecker(String fsOwner, String supergroup,
|
||||
UserGroupInformation callerUgi) {
|
||||
ugi = callerUgi;
|
||||
HashSet<String> s = new HashSet<String>(Arrays.asList(ugi.getGroupNames()));
|
||||
groups = Collections.unmodifiableSet(s);
|
||||
user = ugi.getShortUserName();
|
||||
|
@ -431,6 +431,15 @@ NamenodeRegistration setRegistration() {
|
||||
return nodeRegistration;
|
||||
}
|
||||
|
||||
/* optimize ugi lookup for RPC operations to avoid a trip through
|
||||
* UGI.getCurrentUser which is synch'ed
|
||||
*/
|
||||
public static UserGroupInformation getRemoteUser() throws IOException {
|
||||
UserGroupInformation ugi = Server.getRemoteUser();
|
||||
return (ugi != null) ? ugi : UserGroupInformation.getCurrentUser();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Login as the configured user for the NameNode.
|
||||
*/
|
||||
|
@ -89,6 +89,7 @@
|
||||
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
||||
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants.NamenodeRole;
|
||||
import org.apache.hadoop.hdfs.server.common.IncorrectVersionException;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNode;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNode.OperationCategory;
|
||||
import org.apache.hadoop.hdfs.server.namenode.metrics.NameNodeMetrics;
|
||||
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
|
||||
@ -349,6 +350,11 @@ InetSocketAddress getRpcAddress() {
|
||||
return clientRpcAddress;
|
||||
}
|
||||
|
||||
private static UserGroupInformation getRemoteUser() throws IOException {
|
||||
return NameNode.getRemoteUser();
|
||||
}
|
||||
|
||||
|
||||
/////////////////////////////////////////////////////
|
||||
// NamenodeProtocol
|
||||
/////////////////////////////////////////////////////
|
||||
@ -457,7 +463,7 @@ public HdfsFileStatus create(String src, FsPermission masked,
|
||||
+ MAX_PATH_LENGTH + " characters, " + MAX_PATH_DEPTH + " levels.");
|
||||
}
|
||||
HdfsFileStatus fileStatus = namesystem.startFile(src, new PermissionStatus(
|
||||
UserGroupInformation.getCurrentUser().getShortUserName(), null, masked),
|
||||
getRemoteUser().getShortUserName(), null, masked),
|
||||
clientName, clientMachine, flag.get(), createParent, replication,
|
||||
blockSize);
|
||||
metrics.incrFilesCreated();
|
||||
@ -690,7 +696,7 @@ public boolean mkdirs(String src, FsPermission masked, boolean createParent)
|
||||
+ MAX_PATH_LENGTH + " characters, " + MAX_PATH_DEPTH + " levels.");
|
||||
}
|
||||
return namesystem.mkdirs(src,
|
||||
new PermissionStatus(UserGroupInformation.getCurrentUser().getShortUserName(),
|
||||
new PermissionStatus(getRemoteUser().getShortUserName(),
|
||||
null, masked), createParent);
|
||||
}
|
||||
|
||||
@ -882,7 +888,7 @@ public void createSymlink(String target, String link, FsPermission dirPerms,
|
||||
if ("".equals(target)) {
|
||||
throw new IOException("Invalid symlink target");
|
||||
}
|
||||
final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
|
||||
final UserGroupInformation ugi = getRemoteUser();
|
||||
namesystem.createSymlink(target, link,
|
||||
new PermissionStatus(ugi.getShortUserName(), null, dirPerms), createParent);
|
||||
}
|
||||
@ -1017,7 +1023,7 @@ public void refreshServiceAcl() throws IOException {
|
||||
@Override // RefreshAuthorizationPolicyProtocol
|
||||
public void refreshUserToGroupsMappings() throws IOException {
|
||||
LOG.info("Refreshing all user-to-groups mappings. Requested by user: " +
|
||||
UserGroupInformation.getCurrentUser().getShortUserName());
|
||||
getRemoteUser().getShortUserName());
|
||||
Groups.getUserToGroupsMappingService().refresh();
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user