You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by sh...@apache.org on 2019/10/01 00:02:41 UTC

[hadoop] 01/02: Revert "HDFS-14305. Fix serial number calculation in BlockTokenSecretManager to avoid token key ID overlap between NameNodes. Contributed by He Xiaoqiao."

This is an automated email from the ASF dual-hosted git repository.

shv pushed a commit to branch branch-3.2
in repository https://gitbox.apache.org/repos/asf/hadoop.git

commit 3912a6fc7dc53845bc877aa8e099248ae7b6f79a
Author: Konstantin V Shvachko <sh...@apache.org>
AuthorDate: Sun Sep 29 13:11:31 2019 -0700

    Revert "HDFS-14305. Fix serial number calculation in BlockTokenSecretManager to avoid token key ID overlap between NameNodes. Contributed by He Xiaoqiao."
    
    This reverts commit 0feba4396f6e96c332743a39f965de7995b67bde.
---
 .../token/block/BlockTokenSecretManager.java       | 21 +++++----------
 .../ha/TestFailoverWithBlockTokensEnabled.java     | 31 +---------------------
 2 files changed, 7 insertions(+), 45 deletions(-)

diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
index 57f84ea..77e175d 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java
@@ -65,17 +65,6 @@ public class BlockTokenSecretManager extends
 
   public static final Token<BlockTokenIdentifier> DUMMY_TOKEN = new Token<BlockTokenIdentifier>();
 
-  /**
-   * In order to prevent serial No. of different NameNode from overlapping,
-   * Using 6 bits (identify 64=2^6 namenodes, and presuppose that no scenario
-   * where deploy more than 64 namenodes (include ANN, SBN, Observers, etc.)
-   * in one namespace) to identify index of NameNode, and the remainder 26 bits
-   * auto-incr to change the serial No.
-   */
-  @VisibleForTesting
-  public static final int NUM_VALID_BITS = 26;
-  private static final int LOW_MASK = (1 << NUM_VALID_BITS) - 1;
-
   private final boolean isMaster;
 
   /**
@@ -92,8 +81,8 @@ public class BlockTokenSecretManager extends
   private String blockPoolId;
   private final String encryptionAlgorithm;
 
-  private final int nnIndex;
-
+  private final int intRange;
+  private final int nnRangeStart;
   private final boolean useProto;
 
   private final boolean shouldWrapQOP;
@@ -152,7 +141,8 @@ public class BlockTokenSecretManager extends
   private BlockTokenSecretManager(boolean isMaster, long keyUpdateInterval,
       long tokenLifetime, String blockPoolId, String encryptionAlgorithm,
       int nnIndex, int numNNs, boolean useProto, boolean shouldWrapQOP) {
-    this.nnIndex = nnIndex;
+    this.intRange = Integer.MAX_VALUE / numNNs;
+    this.nnRangeStart = intRange * nnIndex;
     this.isMaster = isMaster;
     this.keyUpdateInterval = keyUpdateInterval;
     this.tokenLifetime = tokenLifetime;
@@ -167,7 +157,8 @@ public class BlockTokenSecretManager extends
 
   @VisibleForTesting
   public synchronized void setSerialNo(int serialNo) {
-    this.serialNo = (serialNo & LOW_MASK) | (nnIndex << NUM_VALID_BITS);
+    // we mod the serial number by the range and then add that times the index
+    this.serialNo = (serialNo % intRange) + (nnRangeStart);
   }
 
   public void setBlockPoolId(String blockPoolId) {
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java
index 850b961..43ab69d 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestFailoverWithBlockTokensEnabled.java
@@ -116,36 +116,7 @@ public class TestFailoverWithBlockTokensEnabled {
       }
     }
   }
-
-  @Test
-  public void testSerialNumberMaskMatchIndex() {
-    BlockTokenSecretManager btsm1 = cluster.getNamesystem(0).getBlockManager()
-        .getBlockTokenSecretManager();
-    BlockTokenSecretManager btsm2 = cluster.getNamesystem(1).getBlockManager()
-        .getBlockTokenSecretManager();
-    BlockTokenSecretManager btsm3 = cluster.getNamesystem(2).getBlockManager()
-        .getBlockTokenSecretManager();
-    int[] testSet = {0, Integer.MAX_VALUE, Integer.MIN_VALUE,
-        Integer.MAX_VALUE / 2, Integer.MIN_VALUE / 2,
-        Integer.MAX_VALUE / 3, Integer.MIN_VALUE / 3};
-    for (int i = 0; i < testSet.length; i++) {
-      setAndCheckHighBitsSerialNumber(testSet[i], btsm1, 0);
-      setAndCheckHighBitsSerialNumber(testSet[i], btsm2, 1);
-      setAndCheckHighBitsSerialNumber(testSet[i], btsm3, 2);
-    }
-  }
-
-  /**
-   * Check mask of serial number if equal to index of NameNode.
-   */
-  private void setAndCheckHighBitsSerialNumber(int serialNumber,
-      BlockTokenSecretManager btsm, int nnIndex) {
-    btsm.setSerialNo(serialNumber);
-    int serialNo = btsm.getSerialNoForTesting();
-    int index = serialNo >> BlockTokenSecretManager.NUM_VALID_BITS;
-    assertEquals(index, nnIndex);
-  }
-
+  
   @Test
   public void ensureInvalidBlockTokensAreRejected() throws IOException,
       URISyntaxException {


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org