HDFS-5768. Consolidate the serialization code in DelegationTokenSecretManager. Contributed by Haohui Mai
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1558598 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
7274b5ff93
commit
ca5d73d1ab
@ -478,6 +478,9 @@ Trunk (Unreleased)
|
|||||||
|
|
||||||
HDFS-5726. Fix compilation error in AbstractINodeDiff for JDK7. (jing9)
|
HDFS-5726. Fix compilation error in AbstractINodeDiff for JDK7. (jing9)
|
||||||
|
|
||||||
|
HDFS-5768. Consolidate the serialization code in DelegationTokenSecretManager
|
||||||
|
(Haohui Mai via brandonli)
|
||||||
|
|
||||||
Release 2.4.0 - UNRELEASED
|
Release 2.4.0 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -59,6 +59,7 @@ public class DelegationTokenSecretManager
|
|||||||
.getLog(DelegationTokenSecretManager.class);
|
.getLog(DelegationTokenSecretManager.class);
|
||||||
|
|
||||||
private final FSNamesystem namesystem;
|
private final FSNamesystem namesystem;
|
||||||
|
private final SerializerCompat serializerCompat = new SerializerCompat();
|
||||||
|
|
||||||
public DelegationTokenSecretManager(long delegationKeyUpdateInterval,
|
public DelegationTokenSecretManager(long delegationKeyUpdateInterval,
|
||||||
long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
|
long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
|
||||||
@ -157,17 +158,14 @@ public class DelegationTokenSecretManager
|
|||||||
* @param in input stream to read fsimage
|
* @param in input stream to read fsimage
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
public synchronized void loadSecretManagerState(DataInput in)
|
public synchronized void loadSecretManagerStateCompat(DataInput in)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
if (running) {
|
if (running) {
|
||||||
// a safety check
|
// a safety check
|
||||||
throw new IOException(
|
throw new IOException(
|
||||||
"Can't load state from image in a running SecretManager.");
|
"Can't load state from image in a running SecretManager.");
|
||||||
}
|
}
|
||||||
currentId = in.readInt();
|
serializerCompat.load(in);
|
||||||
loadAllKeys(in);
|
|
||||||
delegationTokenSequenceNumber = in.readInt();
|
|
||||||
loadCurrentTokens(in);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -177,12 +175,9 @@ public class DelegationTokenSecretManager
|
|||||||
* @param sdPath String storage directory path
|
* @param sdPath String storage directory path
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
public synchronized void saveSecretManagerState(DataOutputStream out,
|
public synchronized void saveSecretManagerStateCompat(DataOutputStream out,
|
||||||
String sdPath) throws IOException {
|
String sdPath) throws IOException {
|
||||||
out.writeInt(currentId);
|
serializerCompat.save(out, sdPath);
|
||||||
saveAllKeys(out, sdPath);
|
|
||||||
out.writeInt(delegationTokenSequenceNumber);
|
|
||||||
saveCurrentTokens(out, sdPath);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -282,6 +277,75 @@ public class DelegationTokenSecretManager
|
|||||||
return allKeys.size();
|
return allKeys.size();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Call namesystem to update editlogs for new master key.
|
||||||
|
*/
|
||||||
|
@Override //AbstractDelegationTokenManager
|
||||||
|
protected void logUpdateMasterKey(DelegationKey key)
|
||||||
|
throws IOException {
|
||||||
|
synchronized (noInterruptsLock) {
|
||||||
|
// The edit logging code will fail catastrophically if it
|
||||||
|
// is interrupted during a logSync, since the interrupt
|
||||||
|
// closes the edit log files. Doing this inside the
|
||||||
|
// above lock and then checking interruption status
|
||||||
|
// prevents this bug.
|
||||||
|
if (Thread.interrupted()) {
|
||||||
|
throw new InterruptedIOException(
|
||||||
|
"Interrupted before updating master key");
|
||||||
|
}
|
||||||
|
namesystem.logUpdateMasterKey(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override //AbstractDelegationTokenManager
|
||||||
|
protected void logExpireToken(final DelegationTokenIdentifier dtId)
|
||||||
|
throws IOException {
|
||||||
|
synchronized (noInterruptsLock) {
|
||||||
|
// The edit logging code will fail catastrophically if it
|
||||||
|
// is interrupted during a logSync, since the interrupt
|
||||||
|
// closes the edit log files. Doing this inside the
|
||||||
|
// above lock and then checking interruption status
|
||||||
|
// prevents this bug.
|
||||||
|
if (Thread.interrupted()) {
|
||||||
|
throw new InterruptedIOException(
|
||||||
|
"Interrupted before expiring delegation token");
|
||||||
|
}
|
||||||
|
namesystem.logExpireDelegationToken(dtId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** A utility method for creating credentials. */
|
||||||
|
public static Credentials createCredentials(final NameNode namenode,
|
||||||
|
final UserGroupInformation ugi, final String renewer) throws IOException {
|
||||||
|
final Token<DelegationTokenIdentifier> token = namenode.getRpcServer(
|
||||||
|
).getDelegationToken(new Text(renewer));
|
||||||
|
if (token == null) {
|
||||||
|
throw new IOException("Failed to get the token for " + renewer
|
||||||
|
+ ", user=" + ugi.getShortUserName());
|
||||||
|
}
|
||||||
|
|
||||||
|
final InetSocketAddress addr = namenode.getNameNodeAddress();
|
||||||
|
SecurityUtil.setTokenService(token, addr);
|
||||||
|
final Credentials c = new Credentials();
|
||||||
|
c.addToken(new Text(ugi.getShortUserName()), token);
|
||||||
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
|
private final class SerializerCompat {
|
||||||
|
private void load(DataInput in) throws IOException {
|
||||||
|
currentId = in.readInt();
|
||||||
|
loadAllKeys(in);
|
||||||
|
delegationTokenSequenceNumber = in.readInt();
|
||||||
|
loadCurrentTokens(in);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void save(DataOutputStream out, String sdPath) throws IOException {
|
||||||
|
out.writeInt(currentId);
|
||||||
|
saveAllKeys(out, sdPath);
|
||||||
|
out.writeInt(delegationTokenSequenceNumber);
|
||||||
|
saveCurrentTokens(out, sdPath);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Private helper methods to save delegation keys and tokens in fsimage
|
* Private helper methods to save delegation keys and tokens in fsimage
|
||||||
*/
|
*/
|
||||||
@ -366,58 +430,5 @@ public class DelegationTokenSecretManager
|
|||||||
}
|
}
|
||||||
prog.endStep(Phase.LOADING_FSIMAGE, step);
|
prog.endStep(Phase.LOADING_FSIMAGE, step);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Call namesystem to update editlogs for new master key.
|
|
||||||
*/
|
|
||||||
@Override //AbstractDelegationTokenManager
|
|
||||||
protected void logUpdateMasterKey(DelegationKey key)
|
|
||||||
throws IOException {
|
|
||||||
synchronized (noInterruptsLock) {
|
|
||||||
// The edit logging code will fail catastrophically if it
|
|
||||||
// is interrupted during a logSync, since the interrupt
|
|
||||||
// closes the edit log files. Doing this inside the
|
|
||||||
// above lock and then checking interruption status
|
|
||||||
// prevents this bug.
|
|
||||||
if (Thread.interrupted()) {
|
|
||||||
throw new InterruptedIOException(
|
|
||||||
"Interrupted before updating master key");
|
|
||||||
}
|
|
||||||
namesystem.logUpdateMasterKey(key);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override //AbstractDelegationTokenManager
|
|
||||||
protected void logExpireToken(final DelegationTokenIdentifier dtId)
|
|
||||||
throws IOException {
|
|
||||||
synchronized (noInterruptsLock) {
|
|
||||||
// The edit logging code will fail catastrophically if it
|
|
||||||
// is interrupted during a logSync, since the interrupt
|
|
||||||
// closes the edit log files. Doing this inside the
|
|
||||||
// above lock and then checking interruption status
|
|
||||||
// prevents this bug.
|
|
||||||
if (Thread.interrupted()) {
|
|
||||||
throw new InterruptedIOException(
|
|
||||||
"Interrupted before expiring delegation token");
|
|
||||||
}
|
|
||||||
namesystem.logExpireDelegationToken(dtId);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/** A utility method for creating credentials. */
|
|
||||||
public static Credentials createCredentials(final NameNode namenode,
|
|
||||||
final UserGroupInformation ugi, final String renewer) throws IOException {
|
|
||||||
final Token<DelegationTokenIdentifier> token = namenode.getRpcServer(
|
|
||||||
).getDelegationToken(new Text(renewer));
|
|
||||||
if (token == null) {
|
|
||||||
throw new IOException("Failed to get the token for " + renewer
|
|
||||||
+ ", user=" + ugi.getShortUserName());
|
|
||||||
}
|
|
||||||
|
|
||||||
final InetSocketAddress addr = namenode.getNameNodeAddress();
|
|
||||||
SecurityUtil.setTokenService(token, addr);
|
|
||||||
final Credentials c = new Credentials();
|
|
||||||
c.addToken(new Text(ugi.getShortUserName()), token);
|
|
||||||
return c;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -870,7 +870,7 @@ public class FSImageFormat {
|
|||||||
//This must not happen if security is turned on.
|
//This must not happen if security is turned on.
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
namesystem.loadSecretManagerState(in);
|
namesystem.loadSecretManagerStateCompat(in);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void loadCacheManagerState(DataInput in) throws IOException {
|
private void loadCacheManagerState(DataInput in) throws IOException {
|
||||||
@ -1032,7 +1032,7 @@ public class FSImageFormat {
|
|||||||
sourceNamesystem.saveFilesUnderConstruction(out, snapshotUCMap);
|
sourceNamesystem.saveFilesUnderConstruction(out, snapshotUCMap);
|
||||||
|
|
||||||
context.checkCancelled();
|
context.checkCancelled();
|
||||||
sourceNamesystem.saveSecretManagerState(out, sdPath);
|
sourceNamesystem.saveSecretManagerStateCompat(out, sdPath);
|
||||||
context.checkCancelled();
|
context.checkCancelled();
|
||||||
sourceNamesystem.getCacheManager().saveState(out, sdPath);
|
sourceNamesystem.getCacheManager().saveState(out, sdPath);
|
||||||
context.checkCancelled();
|
context.checkCancelled();
|
||||||
|
@ -6250,16 +6250,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||||||
* @param out save state of the secret manager
|
* @param out save state of the secret manager
|
||||||
* @param sdPath String storage directory path
|
* @param sdPath String storage directory path
|
||||||
*/
|
*/
|
||||||
void saveSecretManagerState(DataOutputStream out, String sdPath)
|
void saveSecretManagerStateCompat(DataOutputStream out, String sdPath)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
dtSecretManager.saveSecretManagerState(out, sdPath);
|
dtSecretManager.saveSecretManagerStateCompat(out, sdPath);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param in load the state of secret manager from input stream
|
* @param in load the state of secret manager from input stream
|
||||||
*/
|
*/
|
||||||
void loadSecretManagerState(DataInput in) throws IOException {
|
void loadSecretManagerStateCompat(DataInput in) throws IOException {
|
||||||
dtSecretManager.loadSecretManagerState(in);
|
dtSecretManager.loadSecretManagerStateCompat(in);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
x
Reference in New Issue
Block a user