HDFS-3907. Allow multiple users for local block readers. Contributed by Eli Collins
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1383053 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
2b75e1d80c
commit
7296dee763
|
@ -265,6 +265,8 @@ Release 2.0.2-alpha - 2012-09-07
|
||||||
|
|
||||||
HDFS-3888. Clean up BlockPlacementPolicyDefault. (Jing Zhao via szetszwo)
|
HDFS-3888. Clean up BlockPlacementPolicyDefault. (Jing Zhao via szetszwo)
|
||||||
|
|
||||||
|
HDFS-3907. Allow multiple users for local block readers. (eli)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
HDFS-2982. Startup performance suffers when there are many edit log
|
HDFS-2982. Startup performance suffers when there are many edit log
|
||||||
|
|
|
@ -281,7 +281,7 @@ public class DataNode extends Configured
|
||||||
private AbstractList<File> dataDirs;
|
private AbstractList<File> dataDirs;
|
||||||
private Configuration conf;
|
private Configuration conf;
|
||||||
|
|
||||||
private final String userWithLocalPathAccess;
|
private final List<String> usersWithLocalPathAccess;
|
||||||
private boolean connectToDnViaHostname;
|
private boolean connectToDnViaHostname;
|
||||||
ReadaheadPool readaheadPool;
|
ReadaheadPool readaheadPool;
|
||||||
private final boolean getHdfsBlockLocationsEnabled;
|
private final boolean getHdfsBlockLocationsEnabled;
|
||||||
|
@ -304,8 +304,8 @@ public class DataNode extends Configured
|
||||||
final SecureResources resources) throws IOException {
|
final SecureResources resources) throws IOException {
|
||||||
super(conf);
|
super(conf);
|
||||||
|
|
||||||
this.userWithLocalPathAccess =
|
this.usersWithLocalPathAccess = Arrays.asList(
|
||||||
conf.get(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY);
|
conf.getTrimmedStrings(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY));
|
||||||
this.connectToDnViaHostname = conf.getBoolean(
|
this.connectToDnViaHostname = conf.getBoolean(
|
||||||
DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME,
|
DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME,
|
||||||
DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME_DEFAULT);
|
DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME_DEFAULT);
|
||||||
|
@ -1012,7 +1012,7 @@ public class DataNode extends Configured
|
||||||
private void checkBlockLocalPathAccess() throws IOException {
|
private void checkBlockLocalPathAccess() throws IOException {
|
||||||
checkKerberosAuthMethod("getBlockLocalPathInfo()");
|
checkKerberosAuthMethod("getBlockLocalPathInfo()");
|
||||||
String currentUser = UserGroupInformation.getCurrentUser().getShortUserName();
|
String currentUser = UserGroupInformation.getCurrentUser().getShortUserName();
|
||||||
if (!currentUser.equals(this.userWithLocalPathAccess)) {
|
if (!usersWithLocalPathAccess.contains(currentUser)) {
|
||||||
throw new AccessControlException(
|
throw new AccessControlException(
|
||||||
"Can't continue with getBlockLocalPathInfo() "
|
"Can't continue with getBlockLocalPathInfo() "
|
||||||
+ "authorization. The user " + currentUser
|
+ "authorization. The user " + currentUser
|
||||||
|
|
|
@ -224,7 +224,8 @@ public class TestShortCircuitLocalRead {
|
||||||
@Test
|
@Test
|
||||||
public void testGetBlockLocalPathInfo() throws IOException, InterruptedException {
|
public void testGetBlockLocalPathInfo() throws IOException, InterruptedException {
|
||||||
final Configuration conf = new Configuration();
|
final Configuration conf = new Configuration();
|
||||||
conf.set(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY, "alloweduser");
|
conf.set(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY,
|
||||||
|
"alloweduser1,alloweduser2");
|
||||||
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1)
|
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1)
|
||||||
.format(true).build();
|
.format(true).build();
|
||||||
cluster.waitActive();
|
cluster.waitActive();
|
||||||
|
@ -232,8 +233,10 @@ public class TestShortCircuitLocalRead {
|
||||||
FileSystem fs = cluster.getFileSystem();
|
FileSystem fs = cluster.getFileSystem();
|
||||||
try {
|
try {
|
||||||
DFSTestUtil.createFile(fs, new Path("/tmp/x"), 16, (short) 1, 23);
|
DFSTestUtil.createFile(fs, new Path("/tmp/x"), 16, (short) 1, 23);
|
||||||
UserGroupInformation aUgi = UserGroupInformation
|
UserGroupInformation aUgi1 =
|
||||||
.createRemoteUser("alloweduser");
|
UserGroupInformation.createRemoteUser("alloweduser1");
|
||||||
|
UserGroupInformation aUgi2 =
|
||||||
|
UserGroupInformation.createRemoteUser("alloweduser2");
|
||||||
LocatedBlocks lb = cluster.getNameNode().getRpcServer()
|
LocatedBlocks lb = cluster.getNameNode().getRpcServer()
|
||||||
.getBlockLocations("/tmp/x", 0, 16);
|
.getBlockLocations("/tmp/x", 0, 16);
|
||||||
// Create a new block object, because the block inside LocatedBlock at
|
// Create a new block object, because the block inside LocatedBlock at
|
||||||
|
@ -241,7 +244,7 @@ public class TestShortCircuitLocalRead {
|
||||||
ExtendedBlock blk = new ExtendedBlock(lb.get(0).getBlock());
|
ExtendedBlock blk = new ExtendedBlock(lb.get(0).getBlock());
|
||||||
Token<BlockTokenIdentifier> token = lb.get(0).getBlockToken();
|
Token<BlockTokenIdentifier> token = lb.get(0).getBlockToken();
|
||||||
final DatanodeInfo dnInfo = lb.get(0).getLocations()[0];
|
final DatanodeInfo dnInfo = lb.get(0).getLocations()[0];
|
||||||
ClientDatanodeProtocol proxy = aUgi
|
ClientDatanodeProtocol proxy = aUgi1
|
||||||
.doAs(new PrivilegedExceptionAction<ClientDatanodeProtocol>() {
|
.doAs(new PrivilegedExceptionAction<ClientDatanodeProtocol>() {
|
||||||
@Override
|
@Override
|
||||||
public ClientDatanodeProtocol run() throws Exception {
|
public ClientDatanodeProtocol run() throws Exception {
|
||||||
|
@ -256,7 +259,23 @@ public class TestShortCircuitLocalRead {
|
||||||
DataNodeTestUtils.getFSDataset(dn).getBlockLocalPathInfo(blk).getBlockPath(),
|
DataNodeTestUtils.getFSDataset(dn).getBlockLocalPathInfo(blk).getBlockPath(),
|
||||||
blpi.getBlockPath());
|
blpi.getBlockPath());
|
||||||
|
|
||||||
// Now try with a not allowed user.
|
// Try with the other allowed user
|
||||||
|
proxy = aUgi2
|
||||||
|
.doAs(new PrivilegedExceptionAction<ClientDatanodeProtocol>() {
|
||||||
|
@Override
|
||||||
|
public ClientDatanodeProtocol run() throws Exception {
|
||||||
|
return DFSUtil.createClientDatanodeProtocolProxy(dnInfo, conf,
|
||||||
|
60000, false);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// This should succeed as well
|
||||||
|
blpi = proxy.getBlockLocalPathInfo(blk, token);
|
||||||
|
Assert.assertEquals(
|
||||||
|
DataNodeTestUtils.getFSDataset(dn).getBlockLocalPathInfo(blk).getBlockPath(),
|
||||||
|
blpi.getBlockPath());
|
||||||
|
|
||||||
|
// Now try with a disallowed user
|
||||||
UserGroupInformation bUgi = UserGroupInformation
|
UserGroupInformation bUgi = UserGroupInformation
|
||||||
.createRemoteUser("notalloweduser");
|
.createRemoteUser("notalloweduser");
|
||||||
proxy = bUgi
|
proxy = bUgi
|
||||||
|
|
Loading…
Reference in New Issue