You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by to...@apache.org on 2010/09/30 02:12:58 UTC
svn commit: r1002904 - in /hadoop/hdfs/trunk: CHANGES.txt
src/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNodeAdapter.java
Author: tomwhite
Date: Thu Sep 30 00:12:57 2010
New Revision: 1002904
URL: http://svn.apache.org/viewvc?rev=1002904&view=rev
Log:
HDFS-1399. Distinct minicluster services (e.g. NN and JT) overwrite each other's service policies. Contributed by Aaron T. Myers.
Modified:
hadoop/hdfs/trunk/CHANGES.txt
hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNodeAdapter.java
Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=1002904&r1=1002903&r2=1002904&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Thu Sep 30 00:12:57 2010
@@ -282,6 +282,9 @@ Trunk (unreleased changes)
HDFS-1364. Makes long running HFTP-based applications do relogins
if necessary. (Jitendra Pandey via ddas)
+ HDFS-1399. Distinct minicluster services (e.g. NN and JT) overwrite each
+ other's service policies. (Aaron T. Myers via tomwhite)
+
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES
Modified: hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java?rev=1002904&r1=1002903&r2=1002904&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java (original)
+++ hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java Thu Sep 30 00:12:57 2010
@@ -54,6 +54,7 @@ import org.apache.commons.logging.LogFac
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.LocalFileSystem;
import org.apache.hadoop.fs.Path;
@@ -111,7 +112,6 @@ import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
-import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.Daemon;
@@ -454,12 +454,6 @@ public class DataNode extends Configured
// adjust info port
this.dnRegistration.setInfoPort(this.infoServer.getPort());
myMetrics = new DataNodeMetrics(conf, dnRegistration.getName());
-
- // set service-level authorization security policy
- if (conf.getBoolean(
- ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
- ServiceAuthorizationManager.refresh(conf, new HDFSPolicyProvider());
- }
// BlockTokenSecretManager is created here, but it shouldn't be
// used until it is initialized in register().
@@ -471,7 +465,13 @@ public class DataNode extends Configured
ipcServer = RPC.getServer(DataNode.class, this, ipcAddr.getHostName(),
ipcAddr.getPort(), conf.getInt("dfs.datanode.handler.count", 3), false,
conf, blockTokenSecretManager);
-
+
+ // set service-level authorization security policy
+ if (conf.getBoolean(
+ CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
+ ipcServer.refreshServiceAcl(conf, new HDFSPolicyProvider());
+ }
+
dnRegistration.setIpcPort(ipcServer.getListenerAddress().getPort());
LOG.info("dnRegistration = " + dnRegistration);
Modified: hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=1002904&r1=1002903&r2=1002904&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java Thu Sep 30 00:12:57 2010
@@ -33,6 +33,7 @@ import org.apache.hadoop.classification.
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.ContentSummary;
import org.apache.hadoop.fs.CreateFlag;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FsServerDefaults;
import org.apache.hadoop.fs.Options;
@@ -95,7 +96,6 @@ import org.apache.hadoop.security.author
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol;
-import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.ServicePlugin;
@@ -166,8 +166,8 @@ public class NameNode implements Namenod
protected FSNamesystem namesystem;
protected NamenodeRole role;
- /** RPC server. */
- protected Server server;
+ /** RPC server. Package-protected for use in tests. */
+ Server server;
/** RPC server for HDFS Services communication.
BackupNode, Datanodes and all other services
should be connecting to this server if it is
@@ -348,13 +348,6 @@ public class NameNode implements Namenod
SecurityUtil.login(conf, DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY,
DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, socAddr.getHostName());
int handlerCount = conf.getInt("dfs.namenode.handler.count", 10);
-
- // set service-level authorization security policy
- if (serviceAuthEnabled =
- conf.getBoolean(
- ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
- ServiceAuthorizationManager.refresh(conf, new HDFSPolicyProvider());
- }
NameNode.initMetrics(conf, this.getRole());
loadNamesystem(conf);
@@ -374,6 +367,17 @@ public class NameNode implements Namenod
socAddr.getHostName(), socAddr.getPort(),
handlerCount, false, conf,
namesystem.getDelegationTokenSecretManager());
+
+ // set service-level authorization security policy
+ if (serviceAuthEnabled =
+ conf.getBoolean(
+ CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
+ this.server.refreshServiceAcl(conf, new HDFSPolicyProvider());
+ if (this.serviceRpcServer != null) {
+ this.serviceRpcServer.refreshServiceAcl(conf, new HDFSPolicyProvider());
+ }
+ }
+
// The rpc-server port can be ephemeral... ensure we have the correct info
this.rpcAddress = this.server.getListenerAddress();
setRpcServerAddress(conf);
@@ -1417,8 +1421,10 @@ public class NameNode implements Namenod
throw new AuthorizationException("Service Level Authorization not enabled!");
}
- ServiceAuthorizationManager.refresh(
- new Configuration(), new HDFSPolicyProvider());
+ this.server.refreshServiceAcl(new Configuration(), new HDFSPolicyProvider());
+ if (this.serviceRpcServer != null) {
+ this.serviceRpcServer.refreshServiceAcl(new Configuration(), new HDFSPolicyProvider());
+ }
}
@Override
Modified: hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNodeAdapter.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNodeAdapter.java?rev=1002904&r1=1002903&r2=1002904&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNodeAdapter.java (original)
+++ hadoop/hdfs/trunk/src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNodeAdapter.java Thu Sep 30 00:12:57 2010
@@ -19,6 +19,7 @@ package org.apache.hadoop.hdfs.server.na
import java.io.IOException;
+import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.hdfs.protocol.LocatedBlocks;
/**
@@ -48,4 +49,12 @@ public class NameNodeAdapter {
public static void refreshBlockCounts(NameNode namenode) {
namenode.getNamesystem().blockManager.updateState();
}
-}
\ No newline at end of file
+
+ /**
+ * Get the internal RPC server instance.
+ * @return rpc server
+ */
+ public static Server getRpcServer(NameNode namenode) {
+ return namenode.server;
+ }
+}