You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:57:31 UTC
svn commit: r1077262 - in
/hadoop/common/branches/branch-0.20-security-patches/src:
hdfs/org/apache/hadoop/hdfs/server/namenode/FSEditLog.java
test/org/apache/hadoop/hdfs/server/namenode/TestCheckPointForSecurityTokens.java
Author: omalley
Date: Fri Mar 4 03:57:31 2011
New Revision: 1077262
URL: http://svn.apache.org/viewvc?rev=1077262&view=rev
Log:
commit c510e17b649b58894c2e4d6bca8e26076005e09a
Author: Jitendra Nath Pandey <jitendra@sufferhome-lm.(none)>
Date: Mon Mar 1 17:25:45 2010 -0800
HDFS-1014 from https://issues.apache.org/jira/secure/attachment/12437547/HDFS-1014-y20.1.patch
+++ b/YAHOO-CHANGES.txt
+ HDFS-1014. Error in reading delegation tokens from edit logs. (jitendra)
+
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSEditLog.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestCheckPointForSecurityTokens.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSEditLog.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSEditLog.java?rev=1077262&r1=1077261&r2=1077262&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSEditLog.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSEditLog.java Fri Mar 4 03:57:31 2011
@@ -499,9 +499,6 @@ public class FSEditLog {
numOpRenewDelegationToken = 0, numOpCancelDelegationToken = 0,
numOpUpdateMasterKey = 0, numOpOther = 0;
- DelegationTokenIdentifier delegationTokenId = new DelegationTokenIdentifier();
- DelegationKey delegationKey = new DelegationKey();
-
long startTime = FSNamesystem.now();
DataInputStream in = new DataInputStream(new BufferedInputStream(edits));
@@ -795,6 +792,8 @@ public class FSEditLog {
+ " for version " + logVersion);
}
numOpGetDelegationToken++;
+ DelegationTokenIdentifier delegationTokenId =
+ new DelegationTokenIdentifier();
delegationTokenId.readFields(in);
long expiryTime = readLong(in);
fsNamesys.getDelegationTokenSecretManager()
@@ -807,6 +806,8 @@ public class FSEditLog {
+ " for version " + logVersion);
}
numOpRenewDelegationToken++;
+ DelegationTokenIdentifier delegationTokenId =
+ new DelegationTokenIdentifier();
delegationTokenId.readFields(in);
long expiryTime = readLong(in);
fsNamesys.getDelegationTokenSecretManager()
@@ -819,6 +820,8 @@ public class FSEditLog {
+ " for version " + logVersion);
}
numOpCancelDelegationToken++;
+ DelegationTokenIdentifier delegationTokenId =
+ new DelegationTokenIdentifier();
delegationTokenId.readFields(in);
fsNamesys.getDelegationTokenSecretManager()
.updatePersistedTokenCancellation(delegationTokenId);
@@ -830,6 +833,7 @@ public class FSEditLog {
+ " for version " + logVersion);
}
numOpUpdateMasterKey++;
+ DelegationKey delegationKey = new DelegationKey();
delegationKey.readFields(in);
fsNamesys.getDelegationTokenSecretManager().updatePersistedMasterKey(
delegationKey);
Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestCheckPointForSecurityTokens.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestCheckPointForSecurityTokens.java?rev=1077262&r1=1077261&r2=1077262&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestCheckPointForSecurityTokens.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestCheckPointForSecurityTokens.java Fri Mar 4 03:57:31 2011
@@ -43,6 +43,7 @@ public class TestCheckPointForSecurityTo
static final int fileSize = 8192;
static final int numDatanodes = 3;
short replication = 3;
+ MiniDFSCluster cluster = null;
NameNode startNameNode( Configuration conf,
String imageDirs,
@@ -57,13 +58,22 @@ public class TestCheckPointForSecurityTo
Assert.assertTrue(nn.isInSafeMode());
return nn;
}
-
+
+ private void cancelToken(Token<DelegationTokenIdentifier> token)
+ throws IOException {
+ cluster.getNameNode().getNamesystem().cancelDelegationToken(token);
+ }
+
+ private void renewToken(Token<DelegationTokenIdentifier> token)
+ throws IOException {
+ cluster.getNameNode().getNamesystem().renewDelegationToken(token);
+ }
+
/**
* Tests save namepsace.
*/
@Test
public void testSaveNamespace() throws IOException {
- MiniDFSCluster cluster = null;
DistributedFileSystem fs = null;
try {
Configuration conf = new Configuration();
@@ -73,8 +83,10 @@ public class TestCheckPointForSecurityTo
FSNamesystem namesystem = cluster.getNameNode().getNamesystem();
namesystem.getDelegationTokenSecretManager().startThreads();
String renewer = UserGroupInformation.getLoginUser().getUserName();
- Token<DelegationTokenIdentifier> token = namesystem
+ Token<DelegationTokenIdentifier> token1 = namesystem
.getDelegationToken(new Text(renewer));
+ Token<DelegationTokenIdentifier> token2 = namesystem
+ .getDelegationToken(new Text(renewer));
// Saving image without safe mode should fail
DFSAdmin admin = new DFSAdmin(conf);
@@ -97,20 +109,73 @@ public class TestCheckPointForSecurityTo
for(File ed : editsDirs) {
Assert.assertTrue(new File(ed, "current/edits").length() == Integer.SIZE/Byte.SIZE);
}
-
- // restart cluster and verify file exists
+ // restart cluster
cluster.shutdown();
cluster = null;
-
+
cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
cluster.waitActive();
//Should be able to renew & cancel the delegation token after cluster restart
try {
- cluster.getNameNode().getNamesystem().renewDelegationToken(token);
- cluster.getNameNode().getNamesystem().cancelDelegationToken(token);
+ renewToken(token1);
+ renewToken(token2);
+ } catch (IOException e) {
+ Assert.fail("Could not renew or cancel the token");
+ }
+
+ namesystem = cluster.getNameNode().getNamesystem();
+ namesystem.getDelegationTokenSecretManager().startThreads();
+ Token<DelegationTokenIdentifier> token3 = namesystem
+ .getDelegationToken(new Text(renewer));
+ Token<DelegationTokenIdentifier> token4 = namesystem
+ .getDelegationToken(new Text(renewer));
+
+ // restart cluster again
+ cluster.shutdown();
+ cluster = null;
+
+ cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
+ cluster.waitActive();
+
+ namesystem = cluster.getNameNode().getNamesystem();
+ namesystem.getDelegationTokenSecretManager().startThreads();
+ Token<DelegationTokenIdentifier> token5 = namesystem
+ .getDelegationToken(new Text(renewer));
+
+ try {
+ renewToken(token1);
+ renewToken(token2);
+ renewToken(token3);
+ renewToken(token4);
+ renewToken(token5);
} catch (IOException e) {
Assert.fail("Could not renew or cancel the token");
}
+
+ // restart cluster again
+ cluster.shutdown();
+ cluster = null;
+
+ cluster = new MiniDFSCluster(conf, numDatanodes, false, null);
+ cluster.waitActive();
+
+ namesystem = cluster.getNameNode().getNamesystem();
+ namesystem.getDelegationTokenSecretManager().startThreads();
+ try {
+ renewToken(token1);
+ cancelToken(token1);
+ renewToken(token2);
+ cancelToken(token2);
+ renewToken(token3);
+ cancelToken(token3);
+ renewToken(token4);
+ cancelToken(token4);
+ renewToken(token5);
+ cancelToken(token5);
+ } catch (IOException e) {
+ Assert.fail("Could not renew or cancel the token");
+ }
+
} finally {
if(fs != null) fs.close();
if(cluster!= null) cluster.shutdown();