From 2a51494ce1b05fc494fb3a818a7a3526f3f40070 Mon Sep 17 00:00:00 2001
From: "Aaron T. Myers" <atm@apache.org>
Date: Wed, 8 Oct 2014 17:58:53 -0700
Subject: [PATCH] HADOOP-11161. Expose close method in KeyProvider to give
 clients of Provider implementations a hook to release resources. Contribued
 by Arun Suresh.

---
 .../hadoop-common/CHANGES.txt                  |  3 +++
 .../apache/hadoop/crypto/key/KeyProvider.java  |  8 ++++++++
 .../crypto/key/KeyProviderCryptoExtension.java |  9 ++++++++-
 .../crypto/key/kms/KMSClientProvider.java      | 11 +++++++++++
 .../hadoop/crypto/key/kms/ValueQueue.java      | 14 +++++++++++---
 .../java/org/apache/hadoop/hdfs/DFSClient.java | 18 ++++++++++++------
 6 files changed, 53 insertions(+), 10 deletions(-)

diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 404d978886b..0f40caf5700 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -811,6 +811,9 @@ Release 2.6.0 - UNRELEASED
     HADOOP-10404. Some accesses to DomainSocketWatcher#closed are not protected
     by the lock (cmccabe)
 
+    HADOOP-11161. Expose close method in KeyProvider to give clients of
+    Provider implementations a hook to release resources. (Arun Suresh via atm)
+
     BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
   
       HADOOP-10734. Implement high-performance secure random number sources.
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
index 36ccbada0bc..dd2d5b99fb2 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
@@ -533,6 +533,14 @@ public abstract class KeyProvider {
                                              byte[] material
                                             ) throws IOException;
 
+  /**
+   * Can be used by implementing classes to close any resources
+   * that require closing
+   */
+  public void close() throws IOException {
+    // NOP
+  }
+
   /**
    * Roll a new version of the given key generating the material for it.
    * <p/>
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
index 968e341338b..7e952118e22 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
@@ -408,6 +408,13 @@ public class KeyProviderCryptoExtension extends
                          ? (CryptoExtension) keyProvider
                          : new DefaultCryptoExtension(keyProvider);
     return new KeyProviderCryptoExtension(keyProvider, cryptoExtension);
-  }  
+  }
+
+  @Override
+  public void close() throws IOException {
+    if (getKeyProvider() != null) {
+      getKeyProvider().close();
+    }
+  }
 
 }
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
index d6abcbb34c9..4f4e8433ba7 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
@@ -791,4 +791,15 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
     return tokens;
   }
 
+  /**
+   * Shutdown valueQueue executor threads
+   */
+  @Override
+  public void close() throws IOException {
+    try {
+      encKeyVersionQueue.shutdown();
+    } catch (Exception e) {
+      throw new IOException(e);
+    }
+  }
 }
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/ValueQueue.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/ValueQueue.java
index ee10483185d..aa0e62458de 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/ValueQueue.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/ValueQueue.java
@@ -75,6 +75,8 @@ public class ValueQueue <E> {
   private final int numValues;
   private final float lowWatermark;
 
+  private volatile boolean executorThreadsStarted = false;
+
   /**
    * A <code>Runnable</code> which takes a string name.
    */
@@ -187,9 +189,6 @@ public class ValueQueue <E> {
             TimeUnit.MILLISECONDS, queue, new ThreadFactoryBuilder()
                 .setDaemon(true)
                 .setNameFormat(REFILL_THREAD).build());
-    // To ensure all requests are first queued, make coreThreads = maxThreads
-    // and pre-start all the Core Threads.
-    executor.prestartAllCoreThreads();
   }
 
   public ValueQueue(final int numValues, final float lowWaterMark, long expiry,
@@ -297,6 +296,15 @@ public class ValueQueue <E> {
 
   private void submitRefillTask(final String keyName,
       final Queue<E> keyQueue) throws InterruptedException {
+    if (!executorThreadsStarted) {
+      synchronized (this) {
+        // To ensure all requests are first queued, make coreThreads =
+        // maxThreads
+        // and pre-start all the Core Threads.
+        executor.prestartAllCoreThreads();
+        executorThreadsStarted = true;
+      }
+    }
     // The submit/execute method of the ThreadPoolExecutor is bypassed and
     // the Runnable is directly put in the backing BlockingQueue so that we
     // can control exactly how the runnable is inserted into the queue.
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
index 362c62de92c..94a68e239d5 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
@@ -935,12 +935,18 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
    */
   @Override
   public synchronized void close() throws IOException {
-    if(clientRunning) {
-      closeAllFilesBeingWritten(false);
-      clientRunning = false;
-      getLeaseRenewer().closeClient(this);
-      // close connections to the namenode
-      closeConnectionToNamenode();
+    try {
+      if(clientRunning) {
+        closeAllFilesBeingWritten(false);
+        clientRunning = false;
+        getLeaseRenewer().closeClient(this);
+        // close connections to the namenode
+        closeConnectionToNamenode();
+      }
+    } finally {
+      if (provider != null) {
+        provider.close();
+      }
     }
   }