You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by el...@apache.org on 2012/02/10 01:46:17 UTC
svn commit: r1242626 - in
/hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src:
main/java/org/apache/hadoop/ha/ test/java/org/apache/hadoop/ha/
Author: eli
Date: Fri Feb 10 00:46:17 2012
New Revision: 1242626
URL: http://svn.apache.org/viewvc?rev=1242626&view=rev
Log:
HDFS-2917. HA: haadmin should not work if run by regular user. Contributed by Eli Collins
Modified:
hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/FailoverController.java
hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAAdmin.java
hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAServiceProtocol.java
hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/TestFailoverController.java
Modified: hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/FailoverController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/FailoverController.java?rev=1242626&r1=1242625&r2=1242626&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/FailoverController.java (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/FailoverController.java Fri Feb 10 00:46:17 2012
@@ -61,6 +61,7 @@ public class FailoverController {
boolean forceActive)
throws FailoverFailedException {
HAServiceState toSvcState;
+
try {
toSvcState = toSvc.getServiceState();
} catch (IOException e) {
@@ -68,10 +69,12 @@ public class FailoverController {
LOG.error(msg, e);
throw new FailoverFailedException(msg, e);
}
+
if (!toSvcState.equals(HAServiceState.STANDBY)) {
throw new FailoverFailedException(
"Can't failover to an active service");
}
+
try {
HAServiceProtocolHelper.monitorHealth(toSvc);
} catch (HealthCheckFailedException hce) {
@@ -81,6 +84,7 @@ public class FailoverController {
throw new FailoverFailedException(
"Got an IO exception", e);
}
+
try {
if (!toSvc.readyToBecomeActive()) {
if (!forceActive) {
Modified: hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAAdmin.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAAdmin.java?rev=1242626&r1=1242625&r2=1242626&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAAdmin.java (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAAdmin.java Fri Feb 10 00:46:17 2012
@@ -249,7 +249,10 @@ public abstract class HAAdmin extends Co
try {
return runCmd(argv);
} catch (IllegalArgumentException iae) {
- errOut.println("Illegal argument: " + iae.getMessage());
+ errOut.println("Illegal argument: " + iae.getLocalizedMessage());
+ return -1;
+ } catch (IOException ioe) {
+ errOut.println("Operation failed: " + ioe.getLocalizedMessage());
return -1;
}
}
Modified: hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAServiceProtocol.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAServiceProtocol.java?rev=1242626&r1=1242625&r2=1242626&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAServiceProtocol.java (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ha/HAServiceProtocol.java Fri Feb 10 00:46:17 2012
@@ -21,6 +21,7 @@ import org.apache.hadoop.classification.
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.ipc.VersionedProtocol;
+import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.KerberosInfo;
import java.io.IOException;
@@ -75,10 +76,13 @@ public interface HAServiceProtocol exten
*
* @throws HealthCheckFailedException
* if the health check of a service fails.
+ * @throws AccessControlException
+ * if access is denied.
* @throws IOException
* if other errors happen
*/
public void monitorHealth() throws HealthCheckFailedException,
+ AccessControlException,
IOException;
/**
@@ -87,10 +91,13 @@ public interface HAServiceProtocol exten
*
* @throws ServiceFailedException
* if transition from standby to active fails.
+ * @throws AccessControlException
+ * if access is denied.
* @throws IOException
* if other errors happen
*/
public void transitionToActive() throws ServiceFailedException,
+ AccessControlException,
IOException;
/**
@@ -99,28 +106,37 @@ public interface HAServiceProtocol exten
*
* @throws ServiceFailedException
* if transition from active to standby fails.
+ * @throws AccessControlException
+ * if access is denied.
* @throws IOException
* if other errors happen
*/
public void transitionToStandby() throws ServiceFailedException,
+ AccessControlException,
IOException;
/**
* Return the current state of the service.
*
+ * @throws AccessControlException
+ * if access is denied.
* @throws IOException
* if other errors happen
*/
- public HAServiceState getServiceState() throws IOException;
+ public HAServiceState getServiceState() throws AccessControlException,
+ IOException;
/**
* Return true if the service is capable and ready to transition
* from the standby state to the active state.
*
* @return true if the service is ready to become active, false otherwise.
+ * @throws AccessControlException
+ * if access is denied.
* @throws IOException
* if other errors happen
*/
public boolean readyToBecomeActive() throws ServiceFailedException,
+ AccessControlException,
IOException;
}
Modified: hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/TestFailoverController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/TestFailoverController.java?rev=1242626&r1=1242625&r2=1242626&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/TestFailoverController.java (original)
+++ hadoop/common/branches/HDFS-1623/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ha/TestFailoverController.java Fri Feb 10 00:46:17 2012
@@ -32,6 +32,7 @@ import static org.apache.hadoop.ha.TestN
import org.apache.hadoop.ipc.ProtocolSignature;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.AccessControlException;
import org.junit.Test;
import static org.junit.Assert.*;
@@ -134,6 +135,31 @@ public class TestFailoverController {
}
@Test
+ public void testFailoverWithoutPermission() throws Exception {
+ DummyService svc1 = new DummyService(HAServiceState.ACTIVE) {
+ @Override
+ public HAServiceState getServiceState() throws IOException {
+ throw new AccessControlException("Access denied");
+ }
+ };
+ DummyService svc2 = new DummyService(HAServiceState.STANDBY) {
+ @Override
+ public HAServiceState getServiceState() throws IOException {
+ throw new AccessControlException("Access denied");
+ }
+ };
+ NodeFencer fencer = setupFencer(AlwaysSucceedFencer.class.getName());
+
+ try {
+ FailoverController.failover(svc1, svc1Addr, svc2, svc2Addr, fencer, false, false);
+ fail("Can't failover when access is denied");
+ } catch (FailoverFailedException ffe) {
+ assertTrue(ffe.getCause().getMessage().contains("Access denied"));
+ }
+ }
+
+
+ @Test
public void testFailoverToUnreadyService() throws Exception {
DummyService svc1 = new DummyService(HAServiceState.ACTIVE);
DummyService svc2 = new DummyService(HAServiceState.STANDBY) {