HDFS-12950. [oiv] ls will fail in secure cluster. Contributed by Wei-Chiu Chuang.
(cherry picked from commit 9654dd1f47
)
This commit is contained in:
parent
d504dfcf53
commit
630f43faf7
|
@ -72,6 +72,7 @@ public class OfflineImageViewerPB {
|
|||
+ " rather than a number of bytes. (false by default)\n"
|
||||
+ " * Web: Run a viewer to expose read-only WebHDFS API.\n"
|
||||
+ " -addr specifies the address to listen. (localhost:5978 by default)\n"
|
||||
+ " It does not support secure mode nor HTTPS.\n"
|
||||
+ " * Delimited (experimental): Generate a text file with all of the elements common\n"
|
||||
+ " to both inodes and inodes-under-construction, separated by a\n"
|
||||
+ " delimiter. The default delimiter is \\t, though this may be\n"
|
||||
|
@ -200,7 +201,7 @@ public class OfflineImageViewerPB {
|
|||
case "WEB":
|
||||
String addr = cmd.getOptionValue("addr", "localhost:5978");
|
||||
try (WebImageViewer viewer =
|
||||
new WebImageViewer(NetUtils.createSocketAddr(addr))) {
|
||||
new WebImageViewer(NetUtils.createSocketAddr(addr), conf)) {
|
||||
viewer.start(inputFile);
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -34,6 +34,9 @@ import io.netty.handler.codec.string.StringEncoder;
|
|||
import io.netty.util.concurrent.GlobalEventExecutor;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
|
||||
import java.io.Closeable;
|
||||
import java.io.IOException;
|
||||
|
@ -53,8 +56,12 @@ public class WebImageViewer implements Closeable {
|
|||
private final EventLoopGroup bossGroup;
|
||||
private final EventLoopGroup workerGroup;
|
||||
private final ChannelGroup allChannels;
|
||||
private final Configuration conf;
|
||||
|
||||
public WebImageViewer(InetSocketAddress address) {
|
||||
this(address, new Configuration());
|
||||
}
|
||||
public WebImageViewer(InetSocketAddress address, Configuration conf) {
|
||||
this.address = address;
|
||||
this.bossGroup = new NioEventLoopGroup();
|
||||
this.workerGroup = new NioEventLoopGroup();
|
||||
|
@ -62,15 +69,25 @@ public class WebImageViewer implements Closeable {
|
|||
this.bootstrap = new ServerBootstrap()
|
||||
.group(bossGroup, workerGroup)
|
||||
.channel(NioServerSocketChannel.class);
|
||||
this.conf = conf;
|
||||
UserGroupInformation.setConfiguration(conf);
|
||||
}
|
||||
|
||||
/**
|
||||
* Start WebImageViewer and wait until the thread is interrupted.
|
||||
* @param fsimage the fsimage to load.
|
||||
* @throws IOException if failed to load the fsimage.
|
||||
* @throws RuntimeException if security is enabled in configuration.
|
||||
*/
|
||||
public void start(String fsimage) throws IOException {
|
||||
try {
|
||||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
throw new RuntimeException(
|
||||
"WebImageViewer does not support secure mode. To start in " +
|
||||
"non-secure mode, pass -D" +
|
||||
CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION +
|
||||
"=simple");
|
||||
}
|
||||
initServer(fsimage);
|
||||
channel.closeFuture().await();
|
||||
} catch (InterruptedException e) {
|
||||
|
|
|
@ -26,7 +26,8 @@ The Offline Image Viewer provides several output processors:
|
|||
|
||||
1. Web is the default output processor. It launches a HTTP server
|
||||
that exposes read-only WebHDFS API. Users can investigate the namespace
|
||||
interactively by using HTTP REST API.
|
||||
interactively by using HTTP REST API. It does not support secure mode, nor
|
||||
HTTPS.
|
||||
|
||||
2. XML creates an XML document of the fsimage and includes all of the
|
||||
information within the fsimage. The
|
||||
|
|
|
@ -18,6 +18,8 @@
|
|||
package org.apache.hadoop.hdfs.tools.offlineImageViewer;
|
||||
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
|
||||
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
|
||||
import static org.apache.hadoop.fs.permission.AclEntryScope.ACCESS;
|
||||
import static org.apache.hadoop.fs.permission.AclEntryType.GROUP;
|
||||
import static org.apache.hadoop.fs.permission.AclEntryType.OTHER;
|
||||
|
@ -100,8 +102,10 @@ import org.apache.hadoop.hdfs.server.namenode.NameNodeLayoutVersion;
|
|||
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
|
||||
import org.apache.hadoop.io.IOUtils;
|
||||
import org.apache.hadoop.net.NetUtils;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.test.GenericTestUtils;
|
||||
import org.apache.hadoop.test.LambdaTestUtils;
|
||||
import org.apache.log4j.Level;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Assert;
|
||||
|
@ -583,6 +587,22 @@ public class TestOfflineImageViewer {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWebImageViewerSecureMode() throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos");
|
||||
try (WebImageViewer viewer =
|
||||
new WebImageViewer(
|
||||
NetUtils.createSocketAddr("localhost:0"), conf)) {
|
||||
RuntimeException ex = LambdaTestUtils.intercept(RuntimeException.class,
|
||||
"WebImageViewer does not support secure mode.",
|
||||
() -> viewer.start("foo"));
|
||||
} finally {
|
||||
conf.set(HADOOP_SECURITY_AUTHENTICATION, "simple");
|
||||
UserGroupInformation.setConfiguration(conf);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPBDelimitedWriter() throws IOException, InterruptedException {
|
||||
testPBDelimitedWriter(""); // Test in memory db.
|
||||
|
|
Loading…
Reference in New Issue