You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bh...@apache.org on 2019/08/18 17:06:12 UTC
[hadoop] branch trunk updated: HDDS-1974. Implement OM
CancelDelegationToken request to use Cache and DoubleBuffer. (#1308)
This is an automated email from the ASF dual-hosted git repository.
bharat pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new b83eae7 HDDS-1974. Implement OM CancelDelegationToken request to use Cache and DoubleBuffer. (#1308)
b83eae7 is described below
commit b83eae7bdb9ec908cfe5ab87c8862cc9125c8aed
Author: Bharat Viswanadham <bh...@apache.org>
AuthorDate: Sun Aug 18 10:06:00 2019 -0700
HDDS-1974. Implement OM CancelDelegationToken request to use Cache and DoubleBuffer. (#1308)
---
.../OzoneDelegationTokenSecretManager.java | 38 +++++--
.../om/request/bucket/OMBucketCreateRequest.java | 1 +
.../security/OMCancelDelegationTokenRequest.java | 125 +++++++++++++++++++++
.../security/OMGetDelegationTokenRequest.java | 24 ++--
...e.java => OMCancelDelegationTokenResponse.java} | 20 ++--
...onse.java => OMGetDelegationTokenResponse.java} | 20 ++--
6 files changed, 191 insertions(+), 37 deletions(-)
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
index 1a6da6d..30fe17e 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
@@ -287,18 +287,40 @@ public class OzoneDelegationTokenSecretManager
throw new AccessControlException(canceller
+ " is not authorized to cancel the token " + formatTokenId(id));
}
- try {
- store.removeToken(id);
- } catch (IOException e) {
- LOG.error("Unable to remove token " + id.getSequenceNumber(), e);
- }
- TokenInfo info = currentTokens.remove(id);
- if (info == null) {
- throw new InvalidToken("Token not found " + formatTokenId(id));
+
+ // For HA ratis will take care of removal.
+ // This check will be removed, when HA/Non-HA code is merged.
+ if (!isRatisEnabled) {
+ try {
+ store.removeToken(id);
+ } catch (IOException e) {
+ LOG.error("Unable to remove token " + id.getSequenceNumber(), e);
+ }
+ TokenInfo info = currentTokens.remove(id);
+ if (info == null) {
+ throw new InvalidToken("Token not found " + formatTokenId(id));
+ }
+ } else {
+ // Check whether token is there in-memory map of tokens or not on the
+ // OM leader.
+ TokenInfo info = currentTokens.get(id);
+ if (info == null) {
+ throw new InvalidToken("Token not found in-memory map of tokens" +
+ formatTokenId(id));
+ }
}
return id;
}
+ /**
+ * Remove the expired token from in-memory map.
+ * @param ozoneTokenIdentifier
+ * @throws IOException
+ */
+ public void removeToken(OzoneTokenIdentifier ozoneTokenIdentifier) {
+ currentTokens.remove(ozoneTokenIdentifier);
+ }
+
@Override
public byte[] retrievePassword(OzoneTokenIdentifier identifier)
throws InvalidToken {
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java
index ea2210d..65a25ac 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java
@@ -152,6 +152,7 @@ public class OMBucketCreateRequest extends OMClientRequest {
throw new OMException("Volume doesn't exist",
OMException.ResultCodes.VOLUME_NOT_FOUND);
}
+
//Check if bucket already exists
if (metadataManager.getBucketTable().get(bucketKey) != null) {
LOG.debug("bucket: {} already exists ", bucketName);
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMCancelDelegationTokenRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMCancelDelegationTokenRequest.java
new file mode 100644
index 0000000..b28090d
--- /dev/null
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMCancelDelegationTokenRequest.java
@@ -0,0 +1,125 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.ozone.om.request.security;
+
+import com.google.common.base.Optional;
+import org.apache.hadoop.ozone.om.OMMetadataManager;
+import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
+import org.apache.hadoop.ozone.om.request.OMClientRequest;
+import org.apache.hadoop.ozone.om.response.OMClientResponse;
+import org.apache.hadoop.ozone.om.response.security.OMCancelDelegationTokenResponse;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.CancelDelegationTokenResponseProto;
+import org.apache.hadoop.ozone.protocolPB.OMPBHelper;
+import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
+import org.apache.hadoop.security.proto.SecurityProtos;
+import org.apache.hadoop.security.proto.SecurityProtos.CancelDelegationTokenRequestProto;
+import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.utils.db.cache.CacheKey;
+import org.apache.hadoop.utils.db.cache.CacheValue;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+
+/**
+ * Handle CancelDelegationToken Request.
+ */
+public class OMCancelDelegationTokenRequest extends OMClientRequest {
+
+ private static final Logger LOG =
+ LoggerFactory.getLogger(OMGetDelegationTokenRequest.class);
+
+ public OMCancelDelegationTokenRequest(OMRequest omRequest) {
+ super(omRequest);
+ }
+
+ @Override
+ public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
+
+ // Call OM to cancel token, this does check whether we can cancel token
+ // or not. This does not remove token from DB/in-memory.
+ ozoneManager.cancelDelegationToken(getToken());
+
+ return super.preExecute(ozoneManager);
+ }
+
+ @Override
+ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
+ long transactionLogIndex,
+ OzoneManagerDoubleBufferHelper ozoneManagerDoubleBufferHelper) {
+
+ OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
+
+ OMClientResponse omClientResponse = null;
+ OMResponse.Builder omResponse =
+ OMResponse.newBuilder()
+ .setCmdType(OzoneManagerProtocolProtos.Type.CancelDelegationToken)
+ .setStatus(OzoneManagerProtocolProtos.Status.OK)
+ .setSuccess(true);
+ OzoneTokenIdentifier ozoneTokenIdentifier = null;
+ try {
+ ozoneTokenIdentifier =
+ OzoneTokenIdentifier.readProtoBuf(getToken().getIdentifier());
+
+ // Remove token from in-memory.
+ ozoneManager.getDelegationTokenMgr().removeToken(ozoneTokenIdentifier);
+
+ // Update Cache.
+ omMetadataManager.getDelegationTokenTable().addCacheEntry(
+ new CacheKey<>(ozoneTokenIdentifier),
+ new CacheValue<>(Optional.absent(), transactionLogIndex));
+
+ omClientResponse =
+ new OMCancelDelegationTokenResponse(ozoneTokenIdentifier,
+ omResponse.setCancelDelegationTokenResponse(
+ CancelDelegationTokenResponseProto.newBuilder().setResponse(
+ SecurityProtos.CancelDelegationTokenResponseProto
+ .newBuilder())).build());
+ } catch (IOException ex) {
+ LOG.error("Error in cancel DelegationToken {}", ozoneTokenIdentifier, ex);
+ omClientResponse = new OMCancelDelegationTokenResponse(null,
+ createErrorOMResponse(omResponse, ex));
+ } finally {
+ if (omClientResponse != null) {
+ omClientResponse.setFlushFuture(
+ ozoneManagerDoubleBufferHelper.add(omClientResponse,
+ transactionLogIndex));
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Cancelled delegation token: {}", ozoneTokenIdentifier);
+ }
+
+ return omClientResponse;
+ }
+
+
+ public Token<OzoneTokenIdentifier> getToken() {
+ CancelDelegationTokenRequestProto cancelDelegationTokenRequest =
+ getOmRequest().getCancelDelegationTokenRequest();
+
+ return OMPBHelper.convertToDelegationToken(
+ cancelDelegationTokenRequest.getToken());
+ }
+}
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java
index 18d50e9..df9400e 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/security/OMGetDelegationTokenRequest.java
@@ -25,7 +25,7 @@ import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.response.OMClientResponse;
-import org.apache.hadoop.ozone.om.response.security.OMDelegationTokenResponse;
+import org.apache.hadoop.ozone.om.response.security.OMGetDelegationTokenResponse;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.GetDelegationTokenResponseProto;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest;
@@ -65,13 +65,13 @@ public class OMGetDelegationTokenRequest extends OMClientRequest {
.getDelegationToken(new Text(getDelegationTokenRequest.getRenewer()));
- // Client issues GetDelegationToken request, when received by OM leader will
- // it generate Token. Original GetDelegationToken request is converted to
- // UpdateGetDelegationToken request with the generated token information.
- // This updated request will be submitted to Ratis. In this way delegation
- // token created by leader, will be replicated across all OMs.
- // And also original GetDelegationToken request from client does not need
- // any proto changes.
+ // Client issues GetDelegationToken request, when received by OM leader
+ // it will generate a token. Original GetDelegationToken request is
+ // converted to UpdateGetDelegationToken request with the generated token
+ // information. This updated request will be submitted to Ratis. In this
+ // way delegation token created by leader, will be replicated across all
+ // OMs. With this approach, original GetDelegationToken request from
+ // client does not need any proto changes.
// Create UpdateGetDelegationTokenRequest with token response.
OMRequest.Builder omRequest = OMRequest.newBuilder()
@@ -129,14 +129,14 @@ public class OMGetDelegationTokenRequest extends OMClientRequest {
new CacheValue<>(Optional.of(renewTime), transactionLogIndex));
omClientResponse =
- new OMDelegationTokenResponse(ozoneTokenIdentifier, renewTime,
+ new OMGetDelegationTokenResponse(ozoneTokenIdentifier, renewTime,
omResponse.setGetDelegationTokenResponse(
updateGetDelegationTokenRequest
.getGetDelegationTokenResponse()).build());
} catch (IOException ex) {
- LOG.error("Error in Updating DelegationToken {} to DB",
+ LOG.error("Error in Updating DelegationToken {}",
ozoneTokenIdentifierToken, ex);
- omClientResponse = new OMDelegationTokenResponse(null, -1L,
+ omClientResponse = new OMGetDelegationTokenResponse(null, -1L,
createErrorOMResponse(omResponse, ex));
} finally {
if (omClientResponse != null) {
@@ -147,7 +147,7 @@ public class OMGetDelegationTokenRequest extends OMClientRequest {
}
if (LOG.isDebugEnabled()) {
- LOG.debug("Updated delegation token to OM DB: {}",
+ LOG.debug("Updated delegation token in-memory map: {}",
ozoneTokenIdentifierToken);
}
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMDelegationTokenResponse.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMCancelDelegationTokenResponse.java
similarity index 76%
copy from hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMDelegationTokenResponse.java
copy to hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMCancelDelegationTokenResponse.java
index 71e3371..d2092bd 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMDelegationTokenResponse.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMCancelDelegationTokenResponse.java
@@ -24,30 +24,32 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.utils.db.BatchOperation;
+import org.apache.hadoop.utils.db.Table;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import java.io.IOException;
/**
- * Handle response for DelegationToken request.
+ * Handle response for CancelDelegationToken request.
*/
-public class OMDelegationTokenResponse extends OMClientResponse {
+public class OMCancelDelegationTokenResponse extends OMClientResponse {
private OzoneTokenIdentifier ozoneTokenIdentifier;
- private long renewTime;
- public OMDelegationTokenResponse(OzoneTokenIdentifier ozoneTokenIdentifier,
- long renewTime, OMResponse omResponse) {
+
+ public OMCancelDelegationTokenResponse(
+ @Nullable OzoneTokenIdentifier ozoneTokenIdentifier,
+ @Nonnull OMResponse omResponse) {
super(omResponse);
this.ozoneTokenIdentifier = ozoneTokenIdentifier;
- this.renewTime = renewTime;
}
@Override
public void addToDBBatch(OMMetadataManager omMetadataManager,
BatchOperation batchOperation) throws IOException {
-
+ Table table = omMetadataManager.getDelegationTokenTable();
if (getOMResponse().getStatus() == OzoneManagerProtocolProtos.Status.OK) {
- omMetadataManager.getDelegationTokenTable().putWithBatch(batchOperation,
- ozoneTokenIdentifier, renewTime);
+ table.deleteWithBatch(batchOperation, ozoneTokenIdentifier);
}
}
}
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMDelegationTokenResponse.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMGetDelegationTokenResponse.java
similarity index 75%
rename from hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMDelegationTokenResponse.java
rename to hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMGetDelegationTokenResponse.java
index 71e3371..40b9a96 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMDelegationTokenResponse.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/response/security/OMGetDelegationTokenResponse.java
@@ -24,18 +24,23 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.utils.db.BatchOperation;
+import org.apache.hadoop.utils.db.Table;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import java.io.IOException;
/**
- * Handle response for DelegationToken request.
+ * Handle response for GetDelegationToken request.
*/
-public class OMDelegationTokenResponse extends OMClientResponse {
+public class OMGetDelegationTokenResponse extends OMClientResponse {
private OzoneTokenIdentifier ozoneTokenIdentifier;
- private long renewTime;
- public OMDelegationTokenResponse(OzoneTokenIdentifier ozoneTokenIdentifier,
- long renewTime, OMResponse omResponse) {
+ private long renewTime = -1L;
+
+ public OMGetDelegationTokenResponse(
+ @Nullable OzoneTokenIdentifier ozoneTokenIdentifier,
+ long renewTime, @Nonnull OMResponse omResponse) {
super(omResponse);
this.ozoneTokenIdentifier = ozoneTokenIdentifier;
this.renewTime = renewTime;
@@ -44,10 +49,9 @@ public class OMDelegationTokenResponse extends OMClientResponse {
@Override
public void addToDBBatch(OMMetadataManager omMetadataManager,
BatchOperation batchOperation) throws IOException {
-
+ Table table = omMetadataManager.getDelegationTokenTable();
if (getOMResponse().getStatus() == OzoneManagerProtocolProtos.Status.OK) {
- omMetadataManager.getDelegationTokenTable().putWithBatch(batchOperation,
- ozoneTokenIdentifier, renewTime);
+ table.putWithBatch(batchOperation, ozoneTokenIdentifier, renewTime);
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org