HADOOP-11017. Addendum to fix RM HA. KMS delegation token secret manager should be able to use zookeeper as store. (Arun Suresh via kasha)

(cherry picked from commit ef784a2e08)
This commit is contained in:
Karthik Kambatla 2014-09-23 17:07:32 -07:00
parent fd3003d63b
commit b34858c1f8
1 changed files with 8 additions and 8 deletions

View File

@ -133,7 +133,7 @@ extends AbstractDelegationTokenIdentifier>
/** /**
* Add a previously used master key to cache (when NN restarts), * Add a previously used master key to cache (when NN restarts),
* should be called before activate(). * should be called before activate().
* */ * */
public synchronized void addKey(DelegationKey key) throws IOException { public synchronized void addKey(DelegationKey key) throws IOException {
if (running) // a safety check if (running) // a safety check
@ -141,7 +141,7 @@ extends AbstractDelegationTokenIdentifier>
if (key.getKeyId() > currentId) { if (key.getKeyId() > currentId) {
currentId = key.getKeyId(); currentId = key.getKeyId();
} }
storeDelegationKey(key); allKeys.put(key.getKeyId(), key);
} }
public synchronized DelegationKey[] getAllKeys() { public synchronized DelegationKey[] getAllKeys() {
@ -268,6 +268,8 @@ extends AbstractDelegationTokenIdentifier>
/** /**
* This method is intended to be used for recovering persisted delegation * This method is intended to be used for recovering persisted delegation
* tokens * tokens
* This method must be called before this secret manager is activated (before
* startThreads() is called)
* @param identifier identifier read from persistent storage * @param identifier identifier read from persistent storage
* @param renewDate token renew time * @param renewDate token renew time
* @throws IOException * @throws IOException
@ -280,18 +282,17 @@ extends AbstractDelegationTokenIdentifier>
"Can't add persisted delegation token to a running SecretManager."); "Can't add persisted delegation token to a running SecretManager.");
} }
int keyId = identifier.getMasterKeyId(); int keyId = identifier.getMasterKeyId();
DelegationKey dKey = getDelegationKey(keyId); DelegationKey dKey = allKeys.get(keyId);
if (dKey == null) { if (dKey == null) {
LOG.warn("No KEY found for persisted identifier " + identifier.toString()); LOG.warn("No KEY found for persisted identifier " + identifier.toString());
return; return;
} }
byte[] password = createPassword(identifier.getBytes(), dKey.getKey()); byte[] password = createPassword(identifier.getBytes(), dKey.getKey());
int delegationTokenSeqNum = getDelegationTokenSeqNum(); if (identifier.getSequenceNumber() > delegationTokenSequenceNumber) {
if (identifier.getSequenceNumber() > delegationTokenSeqNum) { delegationTokenSequenceNumber = identifier.getSequenceNumber();
setDelegationTokenSeqNum(identifier.getSequenceNumber());
} }
if (getTokenInfo(identifier) == null) { if (getTokenInfo(identifier) == null) {
storeToken(identifier, new DelegationTokenInformation(renewDate, currentTokens.put(identifier, new DelegationTokenInformation(renewDate,
password, getTrackingIdIfEnabled(identifier))); password, getTrackingIdIfEnabled(identifier)));
} else { } else {
throw new IOException("Same delegation token being added twice."); throw new IOException("Same delegation token being added twice.");
@ -315,7 +316,6 @@ extends AbstractDelegationTokenIdentifier>
+ keyUpdateInterval + tokenMaxLifetime, generateSecret()); + keyUpdateInterval + tokenMaxLifetime, generateSecret());
//Log must be invoked outside the lock on 'this' //Log must be invoked outside the lock on 'this'
logUpdateMasterKey(newKey); logUpdateMasterKey(newKey);
storeNewMasterKey(newKey);
synchronized (this) { synchronized (this) {
currentId = newKey.getKeyId(); currentId = newKey.getKeyId();
currentKey = newKey; currentKey = newKey;