From c859e87d1efdc48b9a7f6d2b41151094825d881e Mon Sep 17 00:00:00 2001 From: Todd Lipcon Date: Tue, 11 Sep 2012 04:53:08 +0000 Subject: [PATCH] HDFS-3915. QJM: Failover fails with auth error in secure cluster. Contributed by Todd Lipcon. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/HDFS-3077@1383242 13f79535-47bb-0310-9956-ffa450edef68 --- .../hadoop-hdfs/CHANGES.HDFS-3077.txt | 2 ++ .../server/namenode/ha/EditLogTailer.java | 20 ++++++++++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-3077.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-3077.txt index 67a64ebcc4b..c5b1694a6a9 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-3077.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.HDFS-3077.txt @@ -64,3 +64,5 @@ HDFS-3901. QJM: send 'heartbeat' messages to JNs even when they are out-of-sync HDFS-3899. QJM: Add client-side metrics (todd) HDFS-3914. QJM: acceptRecovery should abort current segment (todd) + +HDFS-3915. QJM: Failover fails with auth error in secure cluster (todd) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java index a403706bbfe..8e0739afb1e 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/EditLogTailer.java @@ -21,6 +21,7 @@ package org.apache.hadoop.hdfs.server.namenode.ha; import java.io.IOException; import java.net.InetSocketAddress; import java.security.PrivilegedAction; +import java.security.PrivilegedExceptionAction; import java.util.Collection; import org.apache.commons.logging.Log; @@ -172,11 +173,20 @@ public class EditLogTailer { Preconditions.checkState(tailerThread == null || !tailerThread.isAlive(), "Tailer thread should not be running once failover starts"); - try { - doTailEdits(); - } catch (InterruptedException e) { - throw new IOException(e); - } + // Important to do tailing as the login user, in case the shared + // edits storage is implemented by a JournalManager that depends + // on security credentials to access the logs (eg QuorumJournalManager). + SecurityUtil.doAsLoginUser(new PrivilegedExceptionAction() { + @Override + public Void run() throws Exception { + try { + doTailEdits(); + } catch (InterruptedException e) { + throw new IOException(e); + } + return null; + } + }); } @VisibleForTesting