HDFS-3083. Cannot run an MR job with HA and security enabled when second-listed NN active. Contributed by Aaron T. Myers.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1303098 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
a24d12bdec
commit
4ceca97606
@ -1131,6 +1131,7 @@ private void saslReadAndProcess(byte[] saslToken) throws IOException,
|
|||||||
throw new AccessControlException(
|
throw new AccessControlException(
|
||||||
"Server is not configured to do DIGEST authentication.");
|
"Server is not configured to do DIGEST authentication.");
|
||||||
}
|
}
|
||||||
|
secretManager.checkAvailableForRead();
|
||||||
saslServer = Sasl.createSaslServer(AuthMethod.DIGEST
|
saslServer = Sasl.createSaslServer(AuthMethod.DIGEST
|
||||||
.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM,
|
.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM,
|
||||||
SaslRpcServer.SASL_PROPS, new SaslDigestCallbackHandler(
|
SaslRpcServer.SASL_PROPS, new SaslDigestCallbackHandler(
|
||||||
|
@ -29,6 +29,7 @@
|
|||||||
|
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.classification.InterfaceStability;
|
import org.apache.hadoop.classification.InterfaceStability;
|
||||||
|
import org.apache.hadoop.ipc.StandbyException;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -73,6 +74,17 @@ public InvalidToken(String msg) {
|
|||||||
*/
|
*/
|
||||||
public abstract T createIdentifier();
|
public abstract T createIdentifier();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* No-op if the secret manager is available for reading tokens, throw a
|
||||||
|
* StandbyException otherwise.
|
||||||
|
*
|
||||||
|
* @throws StandbyException if the secret manager is not available to read
|
||||||
|
* tokens
|
||||||
|
*/
|
||||||
|
public void checkAvailableForRead() throws StandbyException {
|
||||||
|
// Default to being available for read.
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The name of the hashing algorithm.
|
* The name of the hashing algorithm.
|
||||||
*/
|
*/
|
||||||
|
@ -318,6 +318,9 @@ Release 0.23.3 - UNRELEASED
|
|||||||
HDFS-3062. Fix bug which prevented MR job submission from creating
|
HDFS-3062. Fix bug which prevented MR job submission from creating
|
||||||
delegation tokens on an HA cluster. (Mingjie Lai via todd)
|
delegation tokens on an HA cluster. (Mingjie Lai via todd)
|
||||||
|
|
||||||
|
HDFS-3083. Cannot run an MR job with HA and security enabled when
|
||||||
|
second-listed NN active. (atm)
|
||||||
|
|
||||||
BREAKDOWN OF HDFS-1623 SUBTASKS
|
BREAKDOWN OF HDFS-1623 SUBTASKS
|
||||||
|
|
||||||
HDFS-2179. Add fencing framework and mechanisms for NameNode HA. (todd)
|
HDFS-2179. Add fencing framework and mechanisms for NameNode HA. (todd)
|
||||||
|
@ -30,7 +30,9 @@
|
|||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
|
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.NameNode;
|
import org.apache.hadoop.hdfs.server.namenode.NameNode;
|
||||||
|
import org.apache.hadoop.hdfs.server.namenode.NameNode.OperationCategory;
|
||||||
import org.apache.hadoop.io.Text;
|
import org.apache.hadoop.io.Text;
|
||||||
|
import org.apache.hadoop.ipc.StandbyException;
|
||||||
import org.apache.hadoop.security.Credentials;
|
import org.apache.hadoop.security.Credentials;
|
||||||
import org.apache.hadoop.security.SecurityUtil;
|
import org.apache.hadoop.security.SecurityUtil;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
@ -74,6 +76,16 @@ public DelegationTokenIdentifier createIdentifier() {
|
|||||||
return new DelegationTokenIdentifier();
|
return new DelegationTokenIdentifier();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override //SecretManager
|
||||||
|
public void checkAvailableForRead() throws StandbyException {
|
||||||
|
namesystem.readLock();
|
||||||
|
try {
|
||||||
|
namesystem.checkOperation(OperationCategory.READ);
|
||||||
|
} finally {
|
||||||
|
namesystem.readUnlock();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns expiry time of a token given its identifier.
|
* Returns expiry time of a token given its identifier.
|
||||||
*
|
*
|
||||||
|
@ -646,7 +646,7 @@ void stopStandbyServices() throws IOException {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void checkOperation(OperationCategory op) throws StandbyException {
|
public void checkOperation(OperationCategory op) throws StandbyException {
|
||||||
if (haContext != null) {
|
if (haContext != null) {
|
||||||
// null in some unit tests
|
// null in some unit tests
|
||||||
haContext.checkOperation(op);
|
haContext.checkOperation(op);
|
||||||
|
Loading…
Reference in New Issue
Block a user