HDFS-3907. Allow multiple users for local block readers. Contributed by Eli Collins

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1383053 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eli Collins 2012-09-10 19:07:05 +00:00
parent 2b75e1d80c
commit 7296dee763
3 changed files with 31 additions and 10 deletions

View File

@ -265,6 +265,8 @@ Release 2.0.2-alpha - 2012-09-07
HDFS-3888. Clean up BlockPlacementPolicyDefault. (Jing Zhao via szetszwo) HDFS-3888. Clean up BlockPlacementPolicyDefault. (Jing Zhao via szetszwo)
HDFS-3907. Allow multiple users for local block readers. (eli)
OPTIMIZATIONS OPTIMIZATIONS
HDFS-2982. Startup performance suffers when there are many edit log HDFS-2982. Startup performance suffers when there are many edit log

View File

@ -281,7 +281,7 @@ public class DataNode extends Configured
private AbstractList<File> dataDirs; private AbstractList<File> dataDirs;
private Configuration conf; private Configuration conf;
private final String userWithLocalPathAccess; private final List<String> usersWithLocalPathAccess;
private boolean connectToDnViaHostname; private boolean connectToDnViaHostname;
ReadaheadPool readaheadPool; ReadaheadPool readaheadPool;
private final boolean getHdfsBlockLocationsEnabled; private final boolean getHdfsBlockLocationsEnabled;
@ -304,8 +304,8 @@ public class DataNode extends Configured
final SecureResources resources) throws IOException { final SecureResources resources) throws IOException {
super(conf); super(conf);
this.userWithLocalPathAccess = this.usersWithLocalPathAccess = Arrays.asList(
conf.get(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY); conf.getTrimmedStrings(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY));
this.connectToDnViaHostname = conf.getBoolean( this.connectToDnViaHostname = conf.getBoolean(
DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME, DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME,
DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME_DEFAULT); DFSConfigKeys.DFS_DATANODE_USE_DN_HOSTNAME_DEFAULT);
@ -1012,7 +1012,7 @@ public class DataNode extends Configured
private void checkBlockLocalPathAccess() throws IOException { private void checkBlockLocalPathAccess() throws IOException {
checkKerberosAuthMethod("getBlockLocalPathInfo()"); checkKerberosAuthMethod("getBlockLocalPathInfo()");
String currentUser = UserGroupInformation.getCurrentUser().getShortUserName(); String currentUser = UserGroupInformation.getCurrentUser().getShortUserName();
if (!currentUser.equals(this.userWithLocalPathAccess)) { if (!usersWithLocalPathAccess.contains(currentUser)) {
throw new AccessControlException( throw new AccessControlException(
"Can't continue with getBlockLocalPathInfo() " "Can't continue with getBlockLocalPathInfo() "
+ "authorization. The user " + currentUser + "authorization. The user " + currentUser

View File

@ -224,7 +224,8 @@ public class TestShortCircuitLocalRead {
@Test @Test
public void testGetBlockLocalPathInfo() throws IOException, InterruptedException { public void testGetBlockLocalPathInfo() throws IOException, InterruptedException {
final Configuration conf = new Configuration(); final Configuration conf = new Configuration();
conf.set(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY, "alloweduser"); conf.set(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY,
"alloweduser1,alloweduser2");
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1) MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1)
.format(true).build(); .format(true).build();
cluster.waitActive(); cluster.waitActive();
@ -232,8 +233,10 @@ public class TestShortCircuitLocalRead {
FileSystem fs = cluster.getFileSystem(); FileSystem fs = cluster.getFileSystem();
try { try {
DFSTestUtil.createFile(fs, new Path("/tmp/x"), 16, (short) 1, 23); DFSTestUtil.createFile(fs, new Path("/tmp/x"), 16, (short) 1, 23);
UserGroupInformation aUgi = UserGroupInformation UserGroupInformation aUgi1 =
.createRemoteUser("alloweduser"); UserGroupInformation.createRemoteUser("alloweduser1");
UserGroupInformation aUgi2 =
UserGroupInformation.createRemoteUser("alloweduser2");
LocatedBlocks lb = cluster.getNameNode().getRpcServer() LocatedBlocks lb = cluster.getNameNode().getRpcServer()
.getBlockLocations("/tmp/x", 0, 16); .getBlockLocations("/tmp/x", 0, 16);
// Create a new block object, because the block inside LocatedBlock at // Create a new block object, because the block inside LocatedBlock at
@ -241,7 +244,7 @@ public class TestShortCircuitLocalRead {
ExtendedBlock blk = new ExtendedBlock(lb.get(0).getBlock()); ExtendedBlock blk = new ExtendedBlock(lb.get(0).getBlock());
Token<BlockTokenIdentifier> token = lb.get(0).getBlockToken(); Token<BlockTokenIdentifier> token = lb.get(0).getBlockToken();
final DatanodeInfo dnInfo = lb.get(0).getLocations()[0]; final DatanodeInfo dnInfo = lb.get(0).getLocations()[0];
ClientDatanodeProtocol proxy = aUgi ClientDatanodeProtocol proxy = aUgi1
.doAs(new PrivilegedExceptionAction<ClientDatanodeProtocol>() { .doAs(new PrivilegedExceptionAction<ClientDatanodeProtocol>() {
@Override @Override
public ClientDatanodeProtocol run() throws Exception { public ClientDatanodeProtocol run() throws Exception {
@ -256,7 +259,23 @@ public class TestShortCircuitLocalRead {
DataNodeTestUtils.getFSDataset(dn).getBlockLocalPathInfo(blk).getBlockPath(), DataNodeTestUtils.getFSDataset(dn).getBlockLocalPathInfo(blk).getBlockPath(),
blpi.getBlockPath()); blpi.getBlockPath());
// Now try with a not allowed user. // Try with the other allowed user
proxy = aUgi2
.doAs(new PrivilegedExceptionAction<ClientDatanodeProtocol>() {
@Override
public ClientDatanodeProtocol run() throws Exception {
return DFSUtil.createClientDatanodeProtocolProxy(dnInfo, conf,
60000, false);
}
});
// This should succeed as well
blpi = proxy.getBlockLocalPathInfo(blk, token);
Assert.assertEquals(
DataNodeTestUtils.getFSDataset(dn).getBlockLocalPathInfo(blk).getBlockPath(),
blpi.getBlockPath());
// Now try with a disallowed user
UserGroupInformation bUgi = UserGroupInformation UserGroupInformation bUgi = UserGroupInformation
.createRemoteUser("notalloweduser"); .createRemoteUser("notalloweduser");
proxy = bUgi proxy = bUgi