HDFS-5768. Consolidate the serialization code in DelegationTokenSecretManager. Contributed by Haohui Mai
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1558598 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
7274b5ff93
commit
ca5d73d1ab
|
@ -478,6 +478,9 @@ Trunk (Unreleased)
|
|||
|
||||
HDFS-5726. Fix compilation error in AbstractINodeDiff for JDK7. (jing9)
|
||||
|
||||
HDFS-5768. Consolidate the serialization code in DelegationTokenSecretManager
|
||||
(Haohui Mai via brandonli)
|
||||
|
||||
Release 2.4.0 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -59,6 +59,7 @@ public class DelegationTokenSecretManager
|
|||
.getLog(DelegationTokenSecretManager.class);
|
||||
|
||||
private final FSNamesystem namesystem;
|
||||
private final SerializerCompat serializerCompat = new SerializerCompat();
|
||||
|
||||
public DelegationTokenSecretManager(long delegationKeyUpdateInterval,
|
||||
long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
|
||||
|
@ -157,17 +158,14 @@ public class DelegationTokenSecretManager
|
|||
* @param in input stream to read fsimage
|
||||
* @throws IOException
|
||||
*/
|
||||
public synchronized void loadSecretManagerState(DataInput in)
|
||||
public synchronized void loadSecretManagerStateCompat(DataInput in)
|
||||
throws IOException {
|
||||
if (running) {
|
||||
// a safety check
|
||||
throw new IOException(
|
||||
"Can't load state from image in a running SecretManager.");
|
||||
}
|
||||
currentId = in.readInt();
|
||||
loadAllKeys(in);
|
||||
delegationTokenSequenceNumber = in.readInt();
|
||||
loadCurrentTokens(in);
|
||||
serializerCompat.load(in);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -177,12 +175,9 @@ public class DelegationTokenSecretManager
|
|||
* @param sdPath String storage directory path
|
||||
* @throws IOException
|
||||
*/
|
||||
public synchronized void saveSecretManagerState(DataOutputStream out,
|
||||
public synchronized void saveSecretManagerStateCompat(DataOutputStream out,
|
||||
String sdPath) throws IOException {
|
||||
out.writeInt(currentId);
|
||||
saveAllKeys(out, sdPath);
|
||||
out.writeInt(delegationTokenSequenceNumber);
|
||||
saveCurrentTokens(out, sdPath);
|
||||
serializerCompat.save(out, sdPath);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -282,6 +277,75 @@ public class DelegationTokenSecretManager
|
|||
return allKeys.size();
|
||||
}
|
||||
|
||||
/**
|
||||
* Call namesystem to update editlogs for new master key.
|
||||
*/
|
||||
@Override //AbstractDelegationTokenManager
|
||||
protected void logUpdateMasterKey(DelegationKey key)
|
||||
throws IOException {
|
||||
synchronized (noInterruptsLock) {
|
||||
// The edit logging code will fail catastrophically if it
|
||||
// is interrupted during a logSync, since the interrupt
|
||||
// closes the edit log files. Doing this inside the
|
||||
// above lock and then checking interruption status
|
||||
// prevents this bug.
|
||||
if (Thread.interrupted()) {
|
||||
throw new InterruptedIOException(
|
||||
"Interrupted before updating master key");
|
||||
}
|
||||
namesystem.logUpdateMasterKey(key);
|
||||
}
|
||||
}
|
||||
|
||||
@Override //AbstractDelegationTokenManager
|
||||
protected void logExpireToken(final DelegationTokenIdentifier dtId)
|
||||
throws IOException {
|
||||
synchronized (noInterruptsLock) {
|
||||
// The edit logging code will fail catastrophically if it
|
||||
// is interrupted during a logSync, since the interrupt
|
||||
// closes the edit log files. Doing this inside the
|
||||
// above lock and then checking interruption status
|
||||
// prevents this bug.
|
||||
if (Thread.interrupted()) {
|
||||
throw new InterruptedIOException(
|
||||
"Interrupted before expiring delegation token");
|
||||
}
|
||||
namesystem.logExpireDelegationToken(dtId);
|
||||
}
|
||||
}
|
||||
|
||||
/** A utility method for creating credentials. */
|
||||
public static Credentials createCredentials(final NameNode namenode,
|
||||
final UserGroupInformation ugi, final String renewer) throws IOException {
|
||||
final Token<DelegationTokenIdentifier> token = namenode.getRpcServer(
|
||||
).getDelegationToken(new Text(renewer));
|
||||
if (token == null) {
|
||||
throw new IOException("Failed to get the token for " + renewer
|
||||
+ ", user=" + ugi.getShortUserName());
|
||||
}
|
||||
|
||||
final InetSocketAddress addr = namenode.getNameNodeAddress();
|
||||
SecurityUtil.setTokenService(token, addr);
|
||||
final Credentials c = new Credentials();
|
||||
c.addToken(new Text(ugi.getShortUserName()), token);
|
||||
return c;
|
||||
}
|
||||
|
||||
private final class SerializerCompat {
|
||||
private void load(DataInput in) throws IOException {
|
||||
currentId = in.readInt();
|
||||
loadAllKeys(in);
|
||||
delegationTokenSequenceNumber = in.readInt();
|
||||
loadCurrentTokens(in);
|
||||
}
|
||||
|
||||
private void save(DataOutputStream out, String sdPath) throws IOException {
|
||||
out.writeInt(currentId);
|
||||
saveAllKeys(out, sdPath);
|
||||
out.writeInt(delegationTokenSequenceNumber);
|
||||
saveCurrentTokens(out, sdPath);
|
||||
}
|
||||
|
||||
/**
|
||||
* Private helper methods to save delegation keys and tokens in fsimage
|
||||
*/
|
||||
|
@ -366,58 +430,5 @@ public class DelegationTokenSecretManager
|
|||
}
|
||||
prog.endStep(Phase.LOADING_FSIMAGE, step);
|
||||
}
|
||||
|
||||
/**
|
||||
* Call namesystem to update editlogs for new master key.
|
||||
*/
|
||||
@Override //AbstractDelegationTokenManager
|
||||
protected void logUpdateMasterKey(DelegationKey key)
|
||||
throws IOException {
|
||||
synchronized (noInterruptsLock) {
|
||||
// The edit logging code will fail catastrophically if it
|
||||
// is interrupted during a logSync, since the interrupt
|
||||
// closes the edit log files. Doing this inside the
|
||||
// above lock and then checking interruption status
|
||||
// prevents this bug.
|
||||
if (Thread.interrupted()) {
|
||||
throw new InterruptedIOException(
|
||||
"Interrupted before updating master key");
|
||||
}
|
||||
namesystem.logUpdateMasterKey(key);
|
||||
}
|
||||
}
|
||||
|
||||
@Override //AbstractDelegationTokenManager
|
||||
protected void logExpireToken(final DelegationTokenIdentifier dtId)
|
||||
throws IOException {
|
||||
synchronized (noInterruptsLock) {
|
||||
// The edit logging code will fail catastrophically if it
|
||||
// is interrupted during a logSync, since the interrupt
|
||||
// closes the edit log files. Doing this inside the
|
||||
// above lock and then checking interruption status
|
||||
// prevents this bug.
|
||||
if (Thread.interrupted()) {
|
||||
throw new InterruptedIOException(
|
||||
"Interrupted before expiring delegation token");
|
||||
}
|
||||
namesystem.logExpireDelegationToken(dtId);
|
||||
}
|
||||
}
|
||||
|
||||
/** A utility method for creating credentials. */
|
||||
public static Credentials createCredentials(final NameNode namenode,
|
||||
final UserGroupInformation ugi, final String renewer) throws IOException {
|
||||
final Token<DelegationTokenIdentifier> token = namenode.getRpcServer(
|
||||
).getDelegationToken(new Text(renewer));
|
||||
if (token == null) {
|
||||
throw new IOException("Failed to get the token for " + renewer
|
||||
+ ", user=" + ugi.getShortUserName());
|
||||
}
|
||||
|
||||
final InetSocketAddress addr = namenode.getNameNodeAddress();
|
||||
SecurityUtil.setTokenService(token, addr);
|
||||
final Credentials c = new Credentials();
|
||||
c.addToken(new Text(ugi.getShortUserName()), token);
|
||||
return c;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -870,7 +870,7 @@ public class FSImageFormat {
|
|||
//This must not happen if security is turned on.
|
||||
return;
|
||||
}
|
||||
namesystem.loadSecretManagerState(in);
|
||||
namesystem.loadSecretManagerStateCompat(in);
|
||||
}
|
||||
|
||||
private void loadCacheManagerState(DataInput in) throws IOException {
|
||||
|
@ -1032,7 +1032,7 @@ public class FSImageFormat {
|
|||
sourceNamesystem.saveFilesUnderConstruction(out, snapshotUCMap);
|
||||
|
||||
context.checkCancelled();
|
||||
sourceNamesystem.saveSecretManagerState(out, sdPath);
|
||||
sourceNamesystem.saveSecretManagerStateCompat(out, sdPath);
|
||||
context.checkCancelled();
|
||||
sourceNamesystem.getCacheManager().saveState(out, sdPath);
|
||||
context.checkCancelled();
|
||||
|
|
|
@ -6250,16 +6250,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
* @param out save state of the secret manager
|
||||
* @param sdPath String storage directory path
|
||||
*/
|
||||
void saveSecretManagerState(DataOutputStream out, String sdPath)
|
||||
void saveSecretManagerStateCompat(DataOutputStream out, String sdPath)
|
||||
throws IOException {
|
||||
dtSecretManager.saveSecretManagerState(out, sdPath);
|
||||
dtSecretManager.saveSecretManagerStateCompat(out, sdPath);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param in load the state of secret manager from input stream
|
||||
*/
|
||||
void loadSecretManagerState(DataInput in) throws IOException {
|
||||
dtSecretManager.loadSecretManagerState(in);
|
||||
void loadSecretManagerStateCompat(DataInput in) throws IOException {
|
||||
dtSecretManager.loadSecretManagerStateCompat(in);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue