Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.7.2
-
None
-
Reviewed
Description
The exception msg thrown by checkBlockLocalPathAccess is very specific to the implementation detail. It's really hard for users to understand it unless she reads and understands the code.
The code is shown as follows:
org.apache.hadoop.hdfs.server.datanode.DataNode
private void checkBlockLocalPathAccess() throws IOException { checkKerberosAuthMethod("getBlockLocalPathInfo()"); String currentUser = UserGroupInformation.getCurrentUser().getShortUserName(); if (!usersWithLocalPathAccess.contains(currentUser)) { throw new AccessControlException( "Can't continue with getBlockLocalPathInfo() " + "authorization. The user " + currentUser + " is not allowed to call getBlockLocalPathInfo"); } }
(basically she needs to understand the code logic of getBlockLocalPathInfo)
Note that usersWithLocalPathAccess is a private final purely coming from the configuration settings of dfs.block.local-path-access.user,
org.apache.hadoop.hdfs.server.datanode.DataNode
private final List<String> usersWithLocalPathAccess; .... this.usersWithLocalPathAccess = Arrays.asList( conf.getTrimmedStrings(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY));
In other word, the checking fails simply because the current user is not specified in the configuration setting of dfs.block.local-path-access.user. The log message should be much more clearer to make it easy for users to take actions, as demonstrated in the attached patch.
Thanks!