You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by to...@apache.org on 2012/02/09 19:22:03 UTC
svn commit: r1242439 - in
/hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs: ./
src/main/java/org/apache/hadoop/hdfs/server/namenode/
src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/
Author: todd
Date: Thu Feb 9 18:22:02 2012
New Revision: 1242439
URL: http://svn.apache.org/viewvc?rev=1242439&view=rev
Log:
HDFS-2924. Standby checkpointing fails to authenticate in secure cluster. Contributed by Todd Lipcon.
Modified:
hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt
hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java
hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/StandbyCheckpointer.java
Modified: hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt?rev=1242439&r1=1242438&r2=1242439&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-1623.txt Thu Feb 9 18:22:02 2012
@@ -186,3 +186,5 @@ HDFS-2905. HA: Standby NN NPE when share
HDFS-2579. Starting delegation token manager during safemode fails. (todd)
HDFS-2510. Add HA-related metrics. (atm)
+
+HDFS-2924. Standby checkpointing fails to authenticate in secure cluster. (todd)
Modified: hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java?rev=1242439&r1=1242438&r2=1242439&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java Thu Feb 9 18:22:02 2012
@@ -307,25 +307,14 @@ public class SecondaryNameNode implement
}
public void run() {
- if (UserGroupInformation.isSecurityEnabled()) {
- UserGroupInformation ugi = null;
- try {
- ugi = UserGroupInformation.getLoginUser();
- } catch (IOException e) {
- LOG.error("Exception while getting login user", e);
- e.printStackTrace();
- Runtime.getRuntime().exit(-1);
- }
- ugi.doAs(new PrivilegedAction<Object>() {
+ SecurityUtil.doAsLoginUserOrFatal(
+ new PrivilegedAction<Object>() {
@Override
public Object run() {
doWork();
return null;
}
});
- } else {
- doWork();
- }
}
//
// The main work loop
Modified: hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java?rev=1242439&r1=1242438&r2=1242439&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java Thu Feb 9 18:22:02 2012
@@ -20,6 +20,7 @@ package org.apache.hadoop.hdfs.server.na
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.security.PrivilegedAction;
import java.util.Collection;
import org.apache.commons.logging.Log;
@@ -40,6 +41,7 @@ import org.apache.hadoop.hdfs.server.nam
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol;
import org.apache.hadoop.ipc.RPC;
+import org.apache.hadoop.security.SecurityUtil;
import static org.apache.hadoop.hdfs.server.common.Util.now;
@@ -284,6 +286,17 @@ public class EditLogTailer {
@Override
public void run() {
+ SecurityUtil.doAsLoginUserOrFatal(
+ new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ doWork();
+ return null;
+ }
+ });
+ }
+
+ private void doWork() {
while (shouldRun) {
try {
// There's no point in triggering a log roll if the Standby hasn't
Modified: hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/StandbyCheckpointer.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/StandbyCheckpointer.java?rev=1242439&r1=1242438&r2=1242439&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/StandbyCheckpointer.java (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/StandbyCheckpointer.java Thu Feb 9 18:22:02 2012
@@ -35,6 +35,7 @@ import org.apache.hadoop.hdfs.server.nam
import org.apache.hadoop.hdfs.server.namenode.SaveNamespaceCancelledException;
import org.apache.hadoop.hdfs.server.namenode.TransferFsImage;
import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import static org.apache.hadoop.hdfs.server.common.Util.now;
@@ -212,26 +213,14 @@ public class StandbyCheckpointer {
public void run() {
// We have to make sure we're logged in as far as JAAS
// is concerned, in order to use kerberized SSL properly.
- // This code copied from SecondaryNameNode - TODO: refactor
- // to a utility function.
- if (UserGroupInformation.isSecurityEnabled()) {
- UserGroupInformation ugi = null;
- try {
- ugi = UserGroupInformation.getLoginUser();
- } catch (IOException e) {
- LOG.error("Exception while getting login user", e);
- Runtime.getRuntime().exit(-1);
- }
- ugi.doAs(new PrivilegedAction<Object>() {
+ SecurityUtil.doAsLoginUserOrFatal(
+ new PrivilegedAction<Object>() {
@Override
public Object run() {
doWork();
return null;
}
});
- } else {
- doWork();
- }
}
/**