YARN-10901. Permission checking error on an existing directory in LogAggregationFileController#verifyAndCreateRemoteLogDir (#3409)
Co-authored-by: Tamas Domok <tdomok@cloudera.com>
This commit is contained in:
parent
51a4a23e37
commit
8e4ac01135
|
@ -18,6 +18,7 @@
|
||||||
|
|
||||||
package org.apache.hadoop.yarn.logaggregation.filecontroller;
|
package org.apache.hadoop.yarn.logaggregation.filecontroller;
|
||||||
|
|
||||||
|
import org.apache.commons.lang3.RandomStringUtils;
|
||||||
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
|
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
|
||||||
|
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
|
@ -373,10 +374,13 @@ public abstract class LogAggregationFileController {
|
||||||
throw new YarnRuntimeException("Failed to create remoteLogDir ["
|
throw new YarnRuntimeException("Failed to create remoteLogDir ["
|
||||||
+ remoteRootLogDir + "]", e);
|
+ remoteRootLogDir + "]", e);
|
||||||
}
|
}
|
||||||
} else{
|
} else {
|
||||||
//Check if FS has capability to set/modify permissions
|
//Check if FS has capability to set/modify permissions
|
||||||
|
Path permissionCheckFile = new Path(qualified, String.format("%s.permission_check",
|
||||||
|
RandomStringUtils.randomAlphanumeric(8)));
|
||||||
try {
|
try {
|
||||||
remoteFS.setPermission(qualified, new FsPermission(TLDIR_PERMISSIONS));
|
remoteFS.createNewFile(permissionCheckFile);
|
||||||
|
remoteFS.setPermission(permissionCheckFile, new FsPermission(TLDIR_PERMISSIONS));
|
||||||
} catch (UnsupportedOperationException use) {
|
} catch (UnsupportedOperationException use) {
|
||||||
LOG.info("Unable to set permissions for configured filesystem since"
|
LOG.info("Unable to set permissions for configured filesystem since"
|
||||||
+ " it does not support this", remoteFS.getScheme());
|
+ " it does not support this", remoteFS.getScheme());
|
||||||
|
@ -384,6 +388,11 @@ public abstract class LogAggregationFileController {
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
LOG.warn("Failed to check if FileSystem suppports permissions on "
|
LOG.warn("Failed to check if FileSystem suppports permissions on "
|
||||||
+ "remoteLogDir [" + remoteRootLogDir + "]", e);
|
+ "remoteLogDir [" + remoteRootLogDir + "]", e);
|
||||||
|
} finally {
|
||||||
|
try {
|
||||||
|
remoteFS.delete(permissionCheckFile, false);
|
||||||
|
} catch (IOException ignored) {
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,17 +19,23 @@
|
||||||
package org.apache.hadoop.yarn.logaggregation.filecontroller;
|
package org.apache.hadoop.yarn.logaggregation.filecontroller;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.FileStatus;
|
||||||
import org.apache.hadoop.fs.FileSystem;
|
import org.apache.hadoop.fs.FileSystem;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
|
import org.apache.hadoop.fs.permission.FsPermission;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||||
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.mockito.ArgumentMatcher;
|
||||||
import org.mockito.Mockito;
|
import org.mockito.Mockito;
|
||||||
|
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
|
||||||
|
import static org.apache.hadoop.yarn.logaggregation.filecontroller.LogAggregationFileController.TLDIR_PERMISSIONS;
|
||||||
import static org.mockito.ArgumentMatchers.any;
|
import static org.mockito.ArgumentMatchers.any;
|
||||||
|
import static org.mockito.ArgumentMatchers.argThat;
|
||||||
import static org.mockito.ArgumentMatchers.eq;
|
import static org.mockito.ArgumentMatchers.eq;
|
||||||
import static org.mockito.Mockito.doReturn;
|
import static org.mockito.Mockito.doReturn;
|
||||||
import static org.mockito.Mockito.doThrow;
|
import static org.mockito.Mockito.doThrow;
|
||||||
|
@ -88,4 +94,51 @@ public class TestLogAggregationFileController {
|
||||||
|
|
||||||
verify(fs).setOwner(any(), eq("yarn_user"), eq(testGroupName));
|
verify(fs).setOwner(any(), eq("yarn_user"), eq(testGroupName));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static class PathContainsString implements ArgumentMatcher<Path> {
|
||||||
|
private final String expected;
|
||||||
|
|
||||||
|
PathContainsString(String expected) {
|
||||||
|
this.expected = expected;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean matches(Path path) {
|
||||||
|
return path.getName().contains(expected);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "Path with name=" + expected;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRemoteDirCreationWithCustomUser() throws Exception {
|
||||||
|
FileSystem fs = mock(FileSystem.class);
|
||||||
|
doReturn(new URI("")).when(fs).getUri();
|
||||||
|
doReturn(new FileStatus(128, false, 0, 64, System.currentTimeMillis(),
|
||||||
|
System.currentTimeMillis(), new FsPermission(TLDIR_PERMISSIONS),
|
||||||
|
"not_yarn_user", "yarn_group", new Path("/tmp/logs"))).when(fs)
|
||||||
|
.getFileStatus(any(Path.class));
|
||||||
|
|
||||||
|
Configuration conf = new Configuration();
|
||||||
|
LogAggregationFileController controller = mock(
|
||||||
|
LogAggregationFileController.class, Mockito.CALLS_REAL_METHODS);
|
||||||
|
controller.fsSupportsChmod = true;
|
||||||
|
doReturn(fs).when(controller).getFileSystem(any(Configuration.class));
|
||||||
|
|
||||||
|
UserGroupInformation ugi = UserGroupInformation.createUserForTesting(
|
||||||
|
"yarn_user", new String[]{"yarn_group", "other_group"});
|
||||||
|
UserGroupInformation.setLoginUser(ugi);
|
||||||
|
|
||||||
|
controller.initialize(conf, "TFile");
|
||||||
|
controller.verifyAndCreateRemoteLogDir();
|
||||||
|
|
||||||
|
verify(fs).createNewFile(argThat(new PathContainsString(".permission_check")));
|
||||||
|
verify(fs).setPermission(argThat(new PathContainsString(".permission_check")),
|
||||||
|
eq(new FsPermission(TLDIR_PERMISSIONS)));
|
||||||
|
verify(fs).delete(argThat(new PathContainsString(".permission_check")), eq(false));
|
||||||
|
Assert.assertTrue(controller.fsSupportsChmod);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue