You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by jg...@apache.org on 2010/07/07 22:22:47 UTC
svn commit: r961495 - in /hadoop/hdfs/trunk: CHANGES.txt
src/java/org/apache/hadoop/hdfs/tools/DFSck.java
Author: jghoman
Date: Wed Jul 7 20:22:46 2010
New Revision: 961495
URL: http://svn.apache.org/viewvc?rev=961495&view=rev
Log:
HDFS-1005. Fsck security. Contributed by Boris Shkolnik and Kan Zhang.
Modified:
hadoop/hdfs/trunk/CHANGES.txt
hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java
Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=961495&r1=961494&r2=961495&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Wed Jul 7 20:22:46 2010
@@ -13,6 +13,8 @@ Trunk (unreleased changes)
HDFS-1004. Update NN to support Kerberized SSL from HADOOP-6584.
(jghoman and Kan Zhang via jghoman)
+ HDFS-1005. Fsck security. (borya and Kan Zhang via jghoman)
+
IMPROVEMENTS
HDFS-1096. fix for prev. commit. (boryas)
Modified: hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java?rev=961495&r1=961494&r2=961495&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java (original)
+++ hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java Wed Jul 7 20:22:46 2010
@@ -24,6 +24,7 @@ import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
+import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
@@ -31,6 +32,8 @@ import org.apache.hadoop.conf.Configured
import org.apache.hadoop.hdfs.server.namenode.NamenodeFsck;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.security.Krb5AndCertsSslSocketConnector;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;
@@ -76,6 +79,15 @@ public class DFSck extends Configured im
super(conf);
this.ugi = UserGroupInformation.getCurrentUser();
}
+
+ private String getInfoServer() {
+ Configuration conf = getConf();
+ return UserGroupInformation.isSecurityEnabled() ? conf.get(
+ DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY,
+ DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_DEFAULT) : conf.get(
+ DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY,
+ DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_DEFAULT);
+ }
/**
* Print fsck usage information
@@ -101,15 +113,34 @@ public class DFSck extends Configured im
/**
* @param args
*/
- public int run(String[] args) throws IOException {
+ public int run(final String[] args) throws IOException {
if (args.length == 0) {
printUsage();
return -1;
}
- final StringBuilder url = new StringBuilder("http://");
- url.append(getConf().get(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY,
- DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_DEFAULT));
+ try {
+ return UserGroupInformation.getCurrentUser().doAs(
+ new PrivilegedExceptionAction<Integer>() {
+ @Override
+ public Integer run() throws Exception {
+ return doWork(args);
+ }
+ });
+ } catch (InterruptedException e) {
+ throw new IOException(e);
+ }
+ }
+
+ private int doWork(final String[] args) throws IOException {
+ String proto = "http://";
+ if (UserGroupInformation.isSecurityEnabled()) {
+ System.setProperty("https.cipherSuites",
+ Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES[0]);
+ proto = "https://";
+ }
+ final StringBuilder url = new StringBuilder(proto);
+ url.append(getInfoServer());
url.append("/fsck?ugi=").append(ugi.getShortUserName()).append("&path=");
String dir = "/";
@@ -129,6 +160,7 @@ public class DFSck extends Configured im
else if (args[idx].equals("-racks")) { url.append("&racks=1"); }
}
URL path = new URL(url.toString());
+ SecurityUtil.fetchServiceTicket(path);
URLConnection connection = path.openConnection();
InputStream stream = connection.getInputStream();
BufferedReader input = new BufferedReader(new InputStreamReader(