You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by sh...@apache.org on 2019/10/01 00:02:41 UTC
[hadoop] 01/02: Revert "HDFS-14305. Fix serial number calculation
in BlockTokenSecretManager to avoid token key ID overlap between NameNodes.
Contributed by He Xiaoqiao."
This is an automated email from the ASF dual-hosted git repository.
shv pushed a commit to branch branch-3.2
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit 3912a6fc7dc53845bc877aa8e099248ae7b6f79a
Author: Konstantin V Shvachko <sh...@apache.org>
AuthorDate: Sun Sep 29 13:11:31 2019 -0700
Revert "HDFS-14305. Fix serial number calculation in BlockTokenSecretManager to avoid token key ID overlap between NameNodes. Contributed by He Xiaoqiao."
This reverts commit 0feba4396f6e96c332743a39f965de7995b67bde.
---
.../token/block/BlockTokenSecretManager.java | 21 +++++----------
.../ha/TestFailoverWithBlockTokensEnabled.java | 31 +---------------------
2 files changed, 7 insertions(+), 45 deletions(-)
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
index 57f84ea..77e175d 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
@@ -65,17 +65,6 @@ public class BlockTokenSecretManager extends
public static final Token<BlockTokenIdentifier> DUMMY_TOKEN = new Token<BlockTokenIdentifier>();
- /**
- * In order to prevent serial No. of different NameNode from overlapping,
- * Using 6 bits (identify 64=2^6 namenodes, and presuppose that no scenario
- * where deploy more than 64 namenodes (include ANN, SBN, Observers, etc.)
- * in one namespace) to identify index of NameNode, and the remainder 26 bits
- * auto-incr to change the serial No.
- */
- @VisibleForTesting
- public static final int NUM_VALID_BITS = 26;
- private static final int LOW_MASK = (1 << NUM_VALID_BITS) - 1;
-
private final boolean isMaster;
/**
@@ -92,8 +81,8 @@ public class BlockTokenSecretManager extends
private String blockPoolId;
private final String encryptionAlgorithm;
- private final int nnIndex;
-
+ private final int intRange;
+ private final int nnRangeStart;
private final boolean useProto;
private final boolean shouldWrapQOP;
@@ -152,7 +141,8 @@ public class BlockTokenSecretManager extends
private BlockTokenSecretManager(boolean isMaster, long keyUpdateInterval,
long tokenLifetime, String blockPoolId, String encryptionAlgorithm,
int nnIndex, int numNNs, boolean useProto, boolean shouldWrapQOP) {
- this.nnIndex = nnIndex;
+ this.intRange = Integer.MAX_VALUE / numNNs;
+ this.nnRangeStart = intRange * nnIndex;
this.isMaster = isMaster;
this.keyUpdateInterval = keyUpdateInterval;
this.tokenLifetime = tokenLifetime;
@@ -167,7 +157,8 @@ public class BlockTokenSecretManager extends
@VisibleForTesting
public synchronized void setSerialNo(int serialNo) {
- this.serialNo = (serialNo & LOW_MASK) | (nnIndex << NUM_VALID_BITS);
+ // we mod the serial number by the range and then add that times the index
+ this.serialNo = (serialNo % intRange) + (nnRangeStart);
}
public void setBlockPoolId(String blockPoolId) {
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java
index 850b961..43ab69d 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java
@@ -116,36 +116,7 @@ public class TestFailoverWithBlockTokensEnabled {
}
}
}
-
- @Test
- public void testSerialNumberMaskMatchIndex() {
- BlockTokenSecretManager btsm1 = cluster.getNamesystem(0).getBlockManager()
- .getBlockTokenSecretManager();
- BlockTokenSecretManager btsm2 = cluster.getNamesystem(1).getBlockManager()
- .getBlockTokenSecretManager();
- BlockTokenSecretManager btsm3 = cluster.getNamesystem(2).getBlockManager()
- .getBlockTokenSecretManager();
- int[] testSet = {0, Integer.MAX_VALUE, Integer.MIN_VALUE,
- Integer.MAX_VALUE / 2, Integer.MIN_VALUE / 2,
- Integer.MAX_VALUE / 3, Integer.MIN_VALUE / 3};
- for (int i = 0; i < testSet.length; i++) {
- setAndCheckHighBitsSerialNumber(testSet[i], btsm1, 0);
- setAndCheckHighBitsSerialNumber(testSet[i], btsm2, 1);
- setAndCheckHighBitsSerialNumber(testSet[i], btsm3, 2);
- }
- }
-
- /**
- * Check mask of serial number if equal to index of NameNode.
- */
- private void setAndCheckHighBitsSerialNumber(int serialNumber,
- BlockTokenSecretManager btsm, int nnIndex) {
- btsm.setSerialNo(serialNumber);
- int serialNo = btsm.getSerialNoForTesting();
- int index = serialNo >> BlockTokenSecretManager.NUM_VALID_BITS;
- assertEquals(index, nnIndex);
- }
-
+
@Test
public void ensureInvalidBlockTokensAreRejected() throws IOException,
URISyntaxException {
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org