big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-3083. Cannot run an MR job with HA and security enabled when second-listed NN active. Contributed by Aaron T. Myers.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1303098 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Aaron Myers 2012-03-20 19:00:56 +00:00
parent a24d12bdec
commit 4ceca97606
5 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
View File

@ -1131,6 +1131,7 @@ private void saslReadAndProcess(byte[] saslToken) throws IOException,
throw new AccessControlException(
"Server is not configured to do DIGEST authentication.");
}
secretManager.checkAvailableForRead();
saslServer = Sasl.createSaslServer(AuthMethod.DIGEST
.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM,
SaslRpcServer.SASL_PROPS, new SaslDigestCallbackHandler(

12
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/SecretManager.java
View File

@ -29,6 +29,7 @@
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.ipc.StandbyException;
/**
@ -73,6 +74,17 @@ public InvalidToken(String msg) {
*/
public abstract T createIdentifier();
/**
* No-op if the secret manager is available for reading tokens, throw a
* StandbyException otherwise.
*
* @throws StandbyException if the secret manager is not available to read
* tokens
*/
public void checkAvailableForRead() throws StandbyException {
// Default to being available for read.
}
/**
* The name of the hashing algorithm.
*/

3
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
View File

@ -318,6 +318,9 @@ Release 0.23.3 - UNRELEASED
HDFS-3062. Fix bug which prevented MR job submission from creating
delegation tokens on an HA cluster. (Mingjie Lai via todd)
HDFS-3083. Cannot run an MR job with HA and security enabled when
second-listed NN active. (atm)
BREAKDOWN OF HDFS-1623 SUBTASKS
HDFS-2179. Add fencing framework and mechanisms for NameNode HA. (todd)

12
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java
View File

@ -30,7 +30,9 @@
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NameNode.OperationCategory;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.StandbyException;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
@ -74,6 +76,16 @@ public DelegationTokenIdentifier createIdentifier() {
return new DelegationTokenIdentifier();
}
@Override //SecretManager
public void checkAvailableForRead() throws StandbyException {
namesystem.readLock();
try {
namesystem.checkOperation(OperationCategory.READ);
} finally {
namesystem.readUnlock();
}
}
/**
* Returns expiry time of a token given its identifier.
*

2
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
View File

@ -646,7 +646,7 @@ void stopStandbyServices() throws IOException {
}
void checkOperation(OperationCategory op) throws StandbyException {
public void checkOperation(OperationCategory op) throws StandbyException {
if (haContext != null) {
// null in some unit tests
haContext.checkOperation(op);