HDFS-3083. Cannot run an MR job with HA and security enabled when second-listed NN active. Contributed by Aaron T. Myers.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1303098 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Aaron Myers 2012-03-20 19:00:56 +00:00
parent a24d12bdec
commit 4ceca97606
5 changed files with 29 additions and 1 deletions

View File

@ -1131,6 +1131,7 @@ private void saslReadAndProcess(byte[] saslToken) throws IOException,
throw new AccessControlException( throw new AccessControlException(
"Server is not configured to do DIGEST authentication."); "Server is not configured to do DIGEST authentication.");
} }
secretManager.checkAvailableForRead();
saslServer = Sasl.createSaslServer(AuthMethod.DIGEST saslServer = Sasl.createSaslServer(AuthMethod.DIGEST
.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM, .getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM,
SaslRpcServer.SASL_PROPS, new SaslDigestCallbackHandler( SaslRpcServer.SASL_PROPS, new SaslDigestCallbackHandler(

View File

@ -29,6 +29,7 @@
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.ipc.StandbyException;
/** /**
@ -73,6 +74,17 @@ public InvalidToken(String msg) {
*/ */
public abstract T createIdentifier(); public abstract T createIdentifier();
/**
* No-op if the secret manager is available for reading tokens, throw a
* StandbyException otherwise.
*
* @throws StandbyException if the secret manager is not available to read
* tokens
*/
public void checkAvailableForRead() throws StandbyException {
// Default to being available for read.
}
/** /**
* The name of the hashing algorithm. * The name of the hashing algorithm.
*/ */

View File

@ -318,6 +318,9 @@ Release 0.23.3 - UNRELEASED
HDFS-3062. Fix bug which prevented MR job submission from creating HDFS-3062. Fix bug which prevented MR job submission from creating
delegation tokens on an HA cluster. (Mingjie Lai via todd) delegation tokens on an HA cluster. (Mingjie Lai via todd)
HDFS-3083. Cannot run an MR job with HA and security enabled when
second-listed NN active. (atm)
BREAKDOWN OF HDFS-1623 SUBTASKS BREAKDOWN OF HDFS-1623 SUBTASKS
HDFS-2179. Add fencing framework and mechanisms for NameNode HA. (todd) HDFS-2179. Add fencing framework and mechanisms for NameNode HA. (todd)

View File

@ -30,7 +30,9 @@
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem; import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
import org.apache.hadoop.hdfs.server.namenode.NameNode; import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NameNode.OperationCategory;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.StandbyException;
import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
@ -74,6 +76,16 @@ public DelegationTokenIdentifier createIdentifier() {
return new DelegationTokenIdentifier(); return new DelegationTokenIdentifier();
} }
@Override //SecretManager
public void checkAvailableForRead() throws StandbyException {
namesystem.readLock();
try {
namesystem.checkOperation(OperationCategory.READ);
} finally {
namesystem.readUnlock();
}
}
/** /**
* Returns expiry time of a token given its identifier. * Returns expiry time of a token given its identifier.
* *

View File

@ -646,7 +646,7 @@ void stopStandbyServices() throws IOException {
} }
void checkOperation(OperationCategory op) throws StandbyException { public void checkOperation(OperationCategory op) throws StandbyException {
if (haContext != null) { if (haContext != null) {
// null in some unit tests // null in some unit tests
haContext.checkOperation(op); haContext.checkOperation(op);