HADOOP-11017. Addendum to fix RM HA. KMS delegation token secret manager should be able to use zookeeper as store. (Arun Suresh via kasha)
(cherry picked from commit ef784a2e08
)
This commit is contained in:
parent
fd3003d63b
commit
b34858c1f8
|
@ -133,7 +133,7 @@ extends AbstractDelegationTokenIdentifier>
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add a previously used master key to cache (when NN restarts),
|
* Add a previously used master key to cache (when NN restarts),
|
||||||
* should be called before activate().
|
* should be called before activate().
|
||||||
* */
|
* */
|
||||||
public synchronized void addKey(DelegationKey key) throws IOException {
|
public synchronized void addKey(DelegationKey key) throws IOException {
|
||||||
if (running) // a safety check
|
if (running) // a safety check
|
||||||
|
@ -141,7 +141,7 @@ extends AbstractDelegationTokenIdentifier>
|
||||||
if (key.getKeyId() > currentId) {
|
if (key.getKeyId() > currentId) {
|
||||||
currentId = key.getKeyId();
|
currentId = key.getKeyId();
|
||||||
}
|
}
|
||||||
storeDelegationKey(key);
|
allKeys.put(key.getKeyId(), key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public synchronized DelegationKey[] getAllKeys() {
|
public synchronized DelegationKey[] getAllKeys() {
|
||||||
|
@ -268,6 +268,8 @@ extends AbstractDelegationTokenIdentifier>
|
||||||
/**
|
/**
|
||||||
* This method is intended to be used for recovering persisted delegation
|
* This method is intended to be used for recovering persisted delegation
|
||||||
* tokens
|
* tokens
|
||||||
|
* This method must be called before this secret manager is activated (before
|
||||||
|
* startThreads() is called)
|
||||||
* @param identifier identifier read from persistent storage
|
* @param identifier identifier read from persistent storage
|
||||||
* @param renewDate token renew time
|
* @param renewDate token renew time
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
|
@ -280,18 +282,17 @@ extends AbstractDelegationTokenIdentifier>
|
||||||
"Can't add persisted delegation token to a running SecretManager.");
|
"Can't add persisted delegation token to a running SecretManager.");
|
||||||
}
|
}
|
||||||
int keyId = identifier.getMasterKeyId();
|
int keyId = identifier.getMasterKeyId();
|
||||||
DelegationKey dKey = getDelegationKey(keyId);
|
DelegationKey dKey = allKeys.get(keyId);
|
||||||
if (dKey == null) {
|
if (dKey == null) {
|
||||||
LOG.warn("No KEY found for persisted identifier " + identifier.toString());
|
LOG.warn("No KEY found for persisted identifier " + identifier.toString());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
byte[] password = createPassword(identifier.getBytes(), dKey.getKey());
|
byte[] password = createPassword(identifier.getBytes(), dKey.getKey());
|
||||||
int delegationTokenSeqNum = getDelegationTokenSeqNum();
|
if (identifier.getSequenceNumber() > delegationTokenSequenceNumber) {
|
||||||
if (identifier.getSequenceNumber() > delegationTokenSeqNum) {
|
delegationTokenSequenceNumber = identifier.getSequenceNumber();
|
||||||
setDelegationTokenSeqNum(identifier.getSequenceNumber());
|
|
||||||
}
|
}
|
||||||
if (getTokenInfo(identifier) == null) {
|
if (getTokenInfo(identifier) == null) {
|
||||||
storeToken(identifier, new DelegationTokenInformation(renewDate,
|
currentTokens.put(identifier, new DelegationTokenInformation(renewDate,
|
||||||
password, getTrackingIdIfEnabled(identifier)));
|
password, getTrackingIdIfEnabled(identifier)));
|
||||||
} else {
|
} else {
|
||||||
throw new IOException("Same delegation token being added twice.");
|
throw new IOException("Same delegation token being added twice.");
|
||||||
|
@ -315,7 +316,6 @@ extends AbstractDelegationTokenIdentifier>
|
||||||
+ keyUpdateInterval + tokenMaxLifetime, generateSecret());
|
+ keyUpdateInterval + tokenMaxLifetime, generateSecret());
|
||||||
//Log must be invoked outside the lock on 'this'
|
//Log must be invoked outside the lock on 'this'
|
||||||
logUpdateMasterKey(newKey);
|
logUpdateMasterKey(newKey);
|
||||||
storeNewMasterKey(newKey);
|
|
||||||
synchronized (this) {
|
synchronized (this) {
|
||||||
currentId = newKey.getKeyId();
|
currentId = newKey.getKeyId();
|
||||||
currentKey = newKey;
|
currentKey = newKey;
|
||||||
|
|
Loading…
Reference in New Issue