HDFS-9470. Encryption zone on root not loaded from fsimage after NN restart. Xiao Chen via wang.
This commit is contained in:
parent
43acf9ab8e
commit
9b8e50b424
|
@ -3560,6 +3560,9 @@ Release 2.6.3 - UNRELEASED
|
||||||
HDFS-9434. Recommission a datanode with 500k blocks may pause NN for 30
|
HDFS-9434. Recommission a datanode with 500k blocks may pause NN for 30
|
||||||
seconds for printing info log messags. (szetszwo)
|
seconds for printing info log messags. (szetszwo)
|
||||||
|
|
||||||
|
HDFS-9470. Encryption zone on root not loaded from fsimage after NN
|
||||||
|
restart. (Xiao Chen via wang)
|
||||||
|
|
||||||
Release 2.6.2 - 2015-10-28
|
Release 2.6.2 - 2015-10-28
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -1163,9 +1163,20 @@ public class FSDirectory implements Closeable {
|
||||||
inodeMap.put(inode);
|
inodeMap.put(inode);
|
||||||
if (!inode.isSymlink()) {
|
if (!inode.isSymlink()) {
|
||||||
final XAttrFeature xaf = inode.getXAttrFeature();
|
final XAttrFeature xaf = inode.getXAttrFeature();
|
||||||
if (xaf != null) {
|
addEncryptionZone((INodeWithAdditionalFields) inode, xaf);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void addEncryptionZone(INodeWithAdditionalFields inode,
|
||||||
|
XAttrFeature xaf) {
|
||||||
|
if (xaf == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
XAttr xattr = xaf.getXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE);
|
XAttr xattr = xaf.getXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE);
|
||||||
if (xattr != null) {
|
if (xattr == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
final HdfsProtos.ZoneEncryptionInfoProto ezProto =
|
final HdfsProtos.ZoneEncryptionInfoProto ezProto =
|
||||||
HdfsProtos.ZoneEncryptionInfoProto.parseFrom(
|
HdfsProtos.ZoneEncryptionInfoProto.parseFrom(
|
||||||
|
@ -1176,12 +1187,16 @@ public class FSDirectory implements Closeable {
|
||||||
ezProto.getKeyName());
|
ezProto.getKeyName());
|
||||||
} catch (InvalidProtocolBufferException e) {
|
} catch (InvalidProtocolBufferException e) {
|
||||||
NameNode.LOG.warn("Error parsing protocol buffer of " +
|
NameNode.LOG.warn("Error parsing protocol buffer of " +
|
||||||
"EZ XAttr " + xattr.getName());
|
"EZ XAttr " + xattr.getName() + " dir:" + inode.getFullPathName());
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is to handle encryption zone for rootDir when loading from
|
||||||
|
* fsimage, and should only be called during NN restart.
|
||||||
|
*/
|
||||||
|
public final void addRootDirToEncryptionZone(XAttrFeature xaf) {
|
||||||
|
addEncryptionZone(rootDir, xaf);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -427,6 +427,7 @@ public final class FSImageFormatPBINode {
|
||||||
if (f != null) {
|
if (f != null) {
|
||||||
dir.rootDir.addXAttrFeature(f);
|
dir.rootDir.addXAttrFeature(f);
|
||||||
}
|
}
|
||||||
|
dir.addRootDirToEncryptionZone(f);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -378,6 +378,44 @@ public class TestEncryptionZones {
|
||||||
assertZonePresent(null, nonpersistZone.toString());
|
assertZonePresent(null, nonpersistZone.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test(timeout = 60000)
|
||||||
|
public void testBasicOperationsRootDir() throws Exception {
|
||||||
|
int numZones = 0;
|
||||||
|
final Path rootDir = new Path("/");
|
||||||
|
final Path zone1 = new Path(rootDir, "zone1");
|
||||||
|
|
||||||
|
/* Normal creation of an EZ on rootDir */
|
||||||
|
dfsAdmin.createEncryptionZone(rootDir, TEST_KEY);
|
||||||
|
assertNumZones(++numZones);
|
||||||
|
assertZonePresent(null, rootDir.toString());
|
||||||
|
|
||||||
|
/* create EZ on child of rootDir which is already an EZ should fail */
|
||||||
|
fsWrapper.mkdir(zone1, FsPermission.getDirDefault(), true);
|
||||||
|
try {
|
||||||
|
dfsAdmin.createEncryptionZone(zone1, TEST_KEY);
|
||||||
|
fail("EZ over an EZ");
|
||||||
|
} catch (IOException e) {
|
||||||
|
assertExceptionContains("already in an encryption zone", e);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify rootDir ez is present after restarting the NameNode
|
||||||
|
// and saving/loading from fsimage.
|
||||||
|
fs.setSafeMode(SafeModeAction.SAFEMODE_ENTER);
|
||||||
|
fs.saveNamespace();
|
||||||
|
fs.setSafeMode(SafeModeAction.SAFEMODE_LEAVE);
|
||||||
|
cluster.restartNameNode(true);
|
||||||
|
assertNumZones(numZones);
|
||||||
|
assertZonePresent(null, rootDir.toString());
|
||||||
|
|
||||||
|
/* create EZ on child of rootDir which is already an EZ should fail */
|
||||||
|
try {
|
||||||
|
dfsAdmin.createEncryptionZone(zone1, TEST_KEY);
|
||||||
|
fail("EZ over an EZ");
|
||||||
|
} catch (IOException e) {
|
||||||
|
assertExceptionContains("already in an encryption zone", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test listing encryption zones as a non super user.
|
* Test listing encryption zones as a non super user.
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in New Issue