HDFS-12950. [oiv] ls will fail in secure cluster. Contributed by Wei-Chiu Chuang.

(cherry picked from commit 9654dd1f47)
This commit is contained in:
Brahma Reddy Battula 2018-06-07 10:16:02 +05:30
parent d504dfcf53
commit 630f43faf7
4 changed files with 41 additions and 2 deletions

View File

@ -72,6 +72,7 @@ public class OfflineImageViewerPB {
+ " rather than a number of bytes. (false by default)\n" + " rather than a number of bytes. (false by default)\n"
+ " * Web: Run a viewer to expose read-only WebHDFS API.\n" + " * Web: Run a viewer to expose read-only WebHDFS API.\n"
+ " -addr specifies the address to listen. (localhost:5978 by default)\n" + " -addr specifies the address to listen. (localhost:5978 by default)\n"
+ " It does not support secure mode nor HTTPS.\n"
+ " * Delimited (experimental): Generate a text file with all of the elements common\n" + " * Delimited (experimental): Generate a text file with all of the elements common\n"
+ " to both inodes and inodes-under-construction, separated by a\n" + " to both inodes and inodes-under-construction, separated by a\n"
+ " delimiter. The default delimiter is \\t, though this may be\n" + " delimiter. The default delimiter is \\t, though this may be\n"
@ -200,7 +201,7 @@ public class OfflineImageViewerPB {
case "WEB": case "WEB":
String addr = cmd.getOptionValue("addr", "localhost:5978"); String addr = cmd.getOptionValue("addr", "localhost:5978");
try (WebImageViewer viewer = try (WebImageViewer viewer =
new WebImageViewer(NetUtils.createSocketAddr(addr))) { new WebImageViewer(NetUtils.createSocketAddr(addr), conf)) {
viewer.start(inputFile); viewer.start(inputFile);
} }
break; break;

View File

@ -34,6 +34,9 @@ import io.netty.handler.codec.string.StringEncoder;
import io.netty.util.concurrent.GlobalEventExecutor; import io.netty.util.concurrent.GlobalEventExecutor;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.Closeable; import java.io.Closeable;
import java.io.IOException; import java.io.IOException;
@ -53,8 +56,12 @@ public class WebImageViewer implements Closeable {
private final EventLoopGroup bossGroup; private final EventLoopGroup bossGroup;
private final EventLoopGroup workerGroup; private final EventLoopGroup workerGroup;
private final ChannelGroup allChannels; private final ChannelGroup allChannels;
private final Configuration conf;
public WebImageViewer(InetSocketAddress address) { public WebImageViewer(InetSocketAddress address) {
this(address, new Configuration());
}
public WebImageViewer(InetSocketAddress address, Configuration conf) {
this.address = address; this.address = address;
this.bossGroup = new NioEventLoopGroup(); this.bossGroup = new NioEventLoopGroup();
this.workerGroup = new NioEventLoopGroup(); this.workerGroup = new NioEventLoopGroup();
@ -62,15 +69,25 @@ public class WebImageViewer implements Closeable {
this.bootstrap = new ServerBootstrap() this.bootstrap = new ServerBootstrap()
.group(bossGroup, workerGroup) .group(bossGroup, workerGroup)
.channel(NioServerSocketChannel.class); .channel(NioServerSocketChannel.class);
this.conf = conf;
UserGroupInformation.setConfiguration(conf);
} }
/** /**
* Start WebImageViewer and wait until the thread is interrupted. * Start WebImageViewer and wait until the thread is interrupted.
* @param fsimage the fsimage to load. * @param fsimage the fsimage to load.
* @throws IOException if failed to load the fsimage. * @throws IOException if failed to load the fsimage.
* @throws RuntimeException if security is enabled in configuration.
*/ */
public void start(String fsimage) throws IOException { public void start(String fsimage) throws IOException {
try { try {
if (UserGroupInformation.isSecurityEnabled()) {
throw new RuntimeException(
"WebImageViewer does not support secure mode. To start in " +
"non-secure mode, pass -D" +
CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION +
"=simple");
}
initServer(fsimage); initServer(fsimage);
channel.closeFuture().await(); channel.closeFuture().await();
} catch (InterruptedException e) { } catch (InterruptedException e) {

View File

@ -26,7 +26,8 @@ The Offline Image Viewer provides several output processors:
1. Web is the default output processor. It launches a HTTP server 1. Web is the default output processor. It launches a HTTP server
that exposes read-only WebHDFS API. Users can investigate the namespace that exposes read-only WebHDFS API. Users can investigate the namespace
interactively by using HTTP REST API. interactively by using HTTP REST API. It does not support secure mode, nor
HTTPS.
2. XML creates an XML document of the fsimage and includes all of the 2. XML creates an XML document of the fsimage and includes all of the
information within the fsimage. The information within the fsimage. The

View File

@ -18,6 +18,8 @@
package org.apache.hadoop.hdfs.tools.offlineImageViewer; package org.apache.hadoop.hdfs.tools.offlineImageViewer;
import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableMap;
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
import static org.apache.hadoop.fs.permission.AclEntryScope.ACCESS; import static org.apache.hadoop.fs.permission.AclEntryScope.ACCESS;
import static org.apache.hadoop.fs.permission.AclEntryType.GROUP; import static org.apache.hadoop.fs.permission.AclEntryType.GROUP;
import static org.apache.hadoop.fs.permission.AclEntryType.OTHER; import static org.apache.hadoop.fs.permission.AclEntryType.OTHER;
@ -100,8 +102,10 @@ import org.apache.hadoop.hdfs.server.namenode.NameNodeLayoutVersion;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem; import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.io.IOUtils; import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.log4j.Level; import org.apache.log4j.Level;
import org.junit.AfterClass; import org.junit.AfterClass;
import org.junit.Assert; import org.junit.Assert;
@ -583,6 +587,22 @@ public class TestOfflineImageViewer {
} }
} }
@Test
public void testWebImageViewerSecureMode() throws Exception {
Configuration conf = new Configuration();
conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos");
try (WebImageViewer viewer =
new WebImageViewer(
NetUtils.createSocketAddr("localhost:0"), conf)) {
RuntimeException ex = LambdaTestUtils.intercept(RuntimeException.class,
"WebImageViewer does not support secure mode.",
() -> viewer.start("foo"));
} finally {
conf.set(HADOOP_SECURITY_AUTHENTICATION, "simple");
UserGroupInformation.setConfiguration(conf);
}
}
@Test @Test
public void testPBDelimitedWriter() throws IOException, InterruptedException { public void testPBDelimitedWriter() throws IOException, InterruptedException {
testPBDelimitedWriter(""); // Test in memory db. testPBDelimitedWriter(""); // Test in memory db.