HDFS-12950. [oiv] ls will fail in secure cluster. Contributed by Wei-Chiu Chuang.
(cherry picked from commit 9654dd1f47
)
This commit is contained in:
parent
d504dfcf53
commit
630f43faf7
|
@ -72,6 +72,7 @@ public class OfflineImageViewerPB {
|
||||||
+ " rather than a number of bytes. (false by default)\n"
|
+ " rather than a number of bytes. (false by default)\n"
|
||||||
+ " * Web: Run a viewer to expose read-only WebHDFS API.\n"
|
+ " * Web: Run a viewer to expose read-only WebHDFS API.\n"
|
||||||
+ " -addr specifies the address to listen. (localhost:5978 by default)\n"
|
+ " -addr specifies the address to listen. (localhost:5978 by default)\n"
|
||||||
|
+ " It does not support secure mode nor HTTPS.\n"
|
||||||
+ " * Delimited (experimental): Generate a text file with all of the elements common\n"
|
+ " * Delimited (experimental): Generate a text file with all of the elements common\n"
|
||||||
+ " to both inodes and inodes-under-construction, separated by a\n"
|
+ " to both inodes and inodes-under-construction, separated by a\n"
|
||||||
+ " delimiter. The default delimiter is \\t, though this may be\n"
|
+ " delimiter. The default delimiter is \\t, though this may be\n"
|
||||||
|
@ -200,7 +201,7 @@ public class OfflineImageViewerPB {
|
||||||
case "WEB":
|
case "WEB":
|
||||||
String addr = cmd.getOptionValue("addr", "localhost:5978");
|
String addr = cmd.getOptionValue("addr", "localhost:5978");
|
||||||
try (WebImageViewer viewer =
|
try (WebImageViewer viewer =
|
||||||
new WebImageViewer(NetUtils.createSocketAddr(addr))) {
|
new WebImageViewer(NetUtils.createSocketAddr(addr), conf)) {
|
||||||
viewer.start(inputFile);
|
viewer.start(inputFile);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -34,6 +34,9 @@ import io.netty.handler.codec.string.StringEncoder;
|
||||||
import io.netty.util.concurrent.GlobalEventExecutor;
|
import io.netty.util.concurrent.GlobalEventExecutor;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
|
||||||
import java.io.Closeable;
|
import java.io.Closeable;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -53,8 +56,12 @@ public class WebImageViewer implements Closeable {
|
||||||
private final EventLoopGroup bossGroup;
|
private final EventLoopGroup bossGroup;
|
||||||
private final EventLoopGroup workerGroup;
|
private final EventLoopGroup workerGroup;
|
||||||
private final ChannelGroup allChannels;
|
private final ChannelGroup allChannels;
|
||||||
|
private final Configuration conf;
|
||||||
|
|
||||||
public WebImageViewer(InetSocketAddress address) {
|
public WebImageViewer(InetSocketAddress address) {
|
||||||
|
this(address, new Configuration());
|
||||||
|
}
|
||||||
|
public WebImageViewer(InetSocketAddress address, Configuration conf) {
|
||||||
this.address = address;
|
this.address = address;
|
||||||
this.bossGroup = new NioEventLoopGroup();
|
this.bossGroup = new NioEventLoopGroup();
|
||||||
this.workerGroup = new NioEventLoopGroup();
|
this.workerGroup = new NioEventLoopGroup();
|
||||||
|
@ -62,15 +69,25 @@ public class WebImageViewer implements Closeable {
|
||||||
this.bootstrap = new ServerBootstrap()
|
this.bootstrap = new ServerBootstrap()
|
||||||
.group(bossGroup, workerGroup)
|
.group(bossGroup, workerGroup)
|
||||||
.channel(NioServerSocketChannel.class);
|
.channel(NioServerSocketChannel.class);
|
||||||
|
this.conf = conf;
|
||||||
|
UserGroupInformation.setConfiguration(conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Start WebImageViewer and wait until the thread is interrupted.
|
* Start WebImageViewer and wait until the thread is interrupted.
|
||||||
* @param fsimage the fsimage to load.
|
* @param fsimage the fsimage to load.
|
||||||
* @throws IOException if failed to load the fsimage.
|
* @throws IOException if failed to load the fsimage.
|
||||||
|
* @throws RuntimeException if security is enabled in configuration.
|
||||||
*/
|
*/
|
||||||
public void start(String fsimage) throws IOException {
|
public void start(String fsimage) throws IOException {
|
||||||
try {
|
try {
|
||||||
|
if (UserGroupInformation.isSecurityEnabled()) {
|
||||||
|
throw new RuntimeException(
|
||||||
|
"WebImageViewer does not support secure mode. To start in " +
|
||||||
|
"non-secure mode, pass -D" +
|
||||||
|
CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION +
|
||||||
|
"=simple");
|
||||||
|
}
|
||||||
initServer(fsimage);
|
initServer(fsimage);
|
||||||
channel.closeFuture().await();
|
channel.closeFuture().await();
|
||||||
} catch (InterruptedException e) {
|
} catch (InterruptedException e) {
|
||||||
|
|
|
@ -26,7 +26,8 @@ The Offline Image Viewer provides several output processors:
|
||||||
|
|
||||||
1. Web is the default output processor. It launches a HTTP server
|
1. Web is the default output processor. It launches a HTTP server
|
||||||
that exposes read-only WebHDFS API. Users can investigate the namespace
|
that exposes read-only WebHDFS API. Users can investigate the namespace
|
||||||
interactively by using HTTP REST API.
|
interactively by using HTTP REST API. It does not support secure mode, nor
|
||||||
|
HTTPS.
|
||||||
|
|
||||||
2. XML creates an XML document of the fsimage and includes all of the
|
2. XML creates an XML document of the fsimage and includes all of the
|
||||||
information within the fsimage. The
|
information within the fsimage. The
|
||||||
|
|
|
@ -18,6 +18,8 @@
|
||||||
package org.apache.hadoop.hdfs.tools.offlineImageViewer;
|
package org.apache.hadoop.hdfs.tools.offlineImageViewer;
|
||||||
|
|
||||||
import com.google.common.collect.ImmutableMap;
|
import com.google.common.collect.ImmutableMap;
|
||||||
|
|
||||||
|
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
|
||||||
import static org.apache.hadoop.fs.permission.AclEntryScope.ACCESS;
|
import static org.apache.hadoop.fs.permission.AclEntryScope.ACCESS;
|
||||||
import static org.apache.hadoop.fs.permission.AclEntryType.GROUP;
|
import static org.apache.hadoop.fs.permission.AclEntryType.GROUP;
|
||||||
import static org.apache.hadoop.fs.permission.AclEntryType.OTHER;
|
import static org.apache.hadoop.fs.permission.AclEntryType.OTHER;
|
||||||
|
@ -100,8 +102,10 @@ import org.apache.hadoop.hdfs.server.namenode.NameNodeLayoutVersion;
|
||||||
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
|
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
|
||||||
import org.apache.hadoop.io.IOUtils;
|
import org.apache.hadoop.io.IOUtils;
|
||||||
import org.apache.hadoop.net.NetUtils;
|
import org.apache.hadoop.net.NetUtils;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
import org.apache.hadoop.test.GenericTestUtils;
|
import org.apache.hadoop.test.GenericTestUtils;
|
||||||
|
import org.apache.hadoop.test.LambdaTestUtils;
|
||||||
import org.apache.log4j.Level;
|
import org.apache.log4j.Level;
|
||||||
import org.junit.AfterClass;
|
import org.junit.AfterClass;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
@ -583,6 +587,22 @@ public class TestOfflineImageViewer {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testWebImageViewerSecureMode() throws Exception {
|
||||||
|
Configuration conf = new Configuration();
|
||||||
|
conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos");
|
||||||
|
try (WebImageViewer viewer =
|
||||||
|
new WebImageViewer(
|
||||||
|
NetUtils.createSocketAddr("localhost:0"), conf)) {
|
||||||
|
RuntimeException ex = LambdaTestUtils.intercept(RuntimeException.class,
|
||||||
|
"WebImageViewer does not support secure mode.",
|
||||||
|
() -> viewer.start("foo"));
|
||||||
|
} finally {
|
||||||
|
conf.set(HADOOP_SECURITY_AUTHENTICATION, "simple");
|
||||||
|
UserGroupInformation.setConfiguration(conf);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testPBDelimitedWriter() throws IOException, InterruptedException {
|
public void testPBDelimitedWriter() throws IOException, InterruptedException {
|
||||||
testPBDelimitedWriter(""); // Test in memory db.
|
testPBDelimitedWriter(""); // Test in memory db.
|
||||||
|
|
Loading…
Reference in New Issue