You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by wa...@apache.org on 2015/12/01 00:01:21 UTC
hadoop git commit: HDFS-9470. Encryption zone on root not loaded from
fsimage after NN restart. Xiao Chen via wang.
Repository: hadoop
Updated Branches:
refs/heads/trunk 43acf9ab8 -> 9b8e50b42
HDFS-9470. Encryption zone on root not loaded from fsimage after NN restart. Xiao Chen via wang.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9b8e50b4
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9b8e50b4
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9b8e50b4
Branch: refs/heads/trunk
Commit: 9b8e50b424d060e16c1175b1811e7abc476e2468
Parents: 43acf9a
Author: Andrew Wang <wa...@apache.org>
Authored: Mon Nov 30 14:32:19 2015 -0800
Committer: Andrew Wang <wa...@apache.org>
Committed: Mon Nov 30 14:32:51 2015 -0800
----------------------------------------------------------------------
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 ++
.../hdfs/server/namenode/FSDirectory.java | 49 +++++++++++++-------
.../server/namenode/FSImageFormatPBINode.java | 1 +
.../apache/hadoop/hdfs/TestEncryptionZones.java | 38 +++++++++++++++
4 files changed, 74 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/9b8e50b4/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index d73dbd2..5ee5446 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -3560,6 +3560,9 @@ Release 2.6.3 - UNRELEASED
HDFS-9434. Recommission a datanode with 500k blocks may pause NN for 30
seconds for printing info log messags. (szetszwo)
+ HDFS-9470. Encryption zone on root not loaded from fsimage after NN
+ restart. (Xiao Chen via wang)
+
Release 2.6.2 - 2015-10-28
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/9b8e50b4/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
index 0f3011a..661d788 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
@@ -1163,28 +1163,43 @@ public class FSDirectory implements Closeable {
inodeMap.put(inode);
if (!inode.isSymlink()) {
final XAttrFeature xaf = inode.getXAttrFeature();
- if (xaf != null) {
- XAttr xattr = xaf.getXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE);
- if (xattr != null) {
- try {
- final HdfsProtos.ZoneEncryptionInfoProto ezProto =
- HdfsProtos.ZoneEncryptionInfoProto.parseFrom(
- xattr.getValue());
- ezManager.unprotectedAddEncryptionZone(inode.getId(),
- PBHelperClient.convert(ezProto.getSuite()),
- PBHelperClient.convert(ezProto.getCryptoProtocolVersion()),
- ezProto.getKeyName());
- } catch (InvalidProtocolBufferException e) {
- NameNode.LOG.warn("Error parsing protocol buffer of " +
- "EZ XAttr " + xattr.getName());
- }
- }
- }
+ addEncryptionZone((INodeWithAdditionalFields) inode, xaf);
}
}
}
+
+ private void addEncryptionZone(INodeWithAdditionalFields inode,
+ XAttrFeature xaf) {
+ if (xaf == null) {
+ return;
+ }
+ XAttr xattr = xaf.getXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE);
+ if (xattr == null) {
+ return;
+ }
+ try {
+ final HdfsProtos.ZoneEncryptionInfoProto ezProto =
+ HdfsProtos.ZoneEncryptionInfoProto.parseFrom(
+ xattr.getValue());
+ ezManager.unprotectedAddEncryptionZone(inode.getId(),
+ PBHelperClient.convert(ezProto.getSuite()),
+ PBHelperClient.convert(ezProto.getCryptoProtocolVersion()),
+ ezProto.getKeyName());
+ } catch (InvalidProtocolBufferException e) {
+ NameNode.LOG.warn("Error parsing protocol buffer of " +
+ "EZ XAttr " + xattr.getName() + " dir:" + inode.getFullPathName());
+ }
+ }
/**
+ * This is to handle encryption zone for rootDir when loading from
+ * fsimage, and should only be called during NN restart.
+ */
+ public final void addRootDirToEncryptionZone(XAttrFeature xaf) {
+ addEncryptionZone(rootDir, xaf);
+ }
+
+ /**
* This method is always called with writeLock of FSDirectory held.
*/
public final void removeFromInodeMap(List<? extends INode> inodes) {
http://git-wip-us.apache.org/repos/asf/hadoop/blob/9b8e50b4/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java
index cf7895b..2f74a2b 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java
@@ -427,6 +427,7 @@ public final class FSImageFormatPBINode {
if (f != null) {
dir.rootDir.addXAttrFeature(f);
}
+ dir.addRootDirToEncryptionZone(f);
}
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/9b8e50b4/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
index 3630f19..90cbc0b 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
@@ -378,6 +378,44 @@ public class TestEncryptionZones {
assertZonePresent(null, nonpersistZone.toString());
}
+ @Test(timeout = 60000)
+ public void testBasicOperationsRootDir() throws Exception {
+ int numZones = 0;
+ final Path rootDir = new Path("/");
+ final Path zone1 = new Path(rootDir, "zone1");
+
+ /* Normal creation of an EZ on rootDir */
+ dfsAdmin.createEncryptionZone(rootDir, TEST_KEY);
+ assertNumZones(++numZones);
+ assertZonePresent(null, rootDir.toString());
+
+ /* create EZ on child of rootDir which is already an EZ should fail */
+ fsWrapper.mkdir(zone1, FsPermission.getDirDefault(), true);
+ try {
+ dfsAdmin.createEncryptionZone(zone1, TEST_KEY);
+ fail("EZ over an EZ");
+ } catch (IOException e) {
+ assertExceptionContains("already in an encryption zone", e);
+ }
+
+ // Verify rootDir ez is present after restarting the NameNode
+ // and saving/loading from fsimage.
+ fs.setSafeMode(SafeModeAction.SAFEMODE_ENTER);
+ fs.saveNamespace();
+ fs.setSafeMode(SafeModeAction.SAFEMODE_LEAVE);
+ cluster.restartNameNode(true);
+ assertNumZones(numZones);
+ assertZonePresent(null, rootDir.toString());
+
+ /* create EZ on child of rootDir which is already an EZ should fail */
+ try {
+ dfsAdmin.createEncryptionZone(zone1, TEST_KEY);
+ fail("EZ over an EZ");
+ } catch (IOException e) {
+ assertExceptionContains("already in an encryption zone", e);
+ }
+ }
+
/**
* Test listing encryption zones as a non super user.
*/