Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-3305

GetImageServlet should consider SBN a valid requestor in a secure HA setup

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-alpha
    • Fix Version/s: 2.0.0-alpha
    • Component/s: ha, namenode
    • Labels:
      None

      Description

      Right now only the NN and 2NN are considered valid requestors. This won't work if the ANN and SBN use distinct principal names.

      1. HDFS-3305.patch
        7 kB
        Aaron T. Myers

        Activity

        Hide
        Aaron T. Myers added a comment -

        Here's a patch which addresses the issue. In GetImageServlet#isValidRequestor, we now check to see if HA is configured for this nameservice and add the principal of the other NN as a valid requestor if HA is configured.

        In addition to the test provided, I also tested this manually with a pair of secure, HA-enabled NNs.

        Show
        Aaron T. Myers added a comment - Here's a patch which addresses the issue. In GetImageServlet#isValidRequestor, we now check to see if HA is configured for this nameservice and add the principal of the other NN as a valid requestor if HA is configured. In addition to the test provided, I also tested this manually with a pair of secure, HA-enabled NNs.
        Hide
        Todd Lipcon added a comment -

        +1 pending jenkins

        Show
        Todd Lipcon added a comment - +1 pending jenkins
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12523385/HDFS-3305.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 1 new or modified test files.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        -1 core tests. The patch failed these unit tests:
        org.apache.hadoop.hdfs.TestDatanodeBlockScanner

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/2304//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/2304//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12523385/HDFS-3305.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 1 new or modified test files. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hdfs.TestDatanodeBlockScanner +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/2304//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/2304//console This message is automatically generated.
        Hide
        Aaron T. Myers added a comment -

        I'm confident that the test failure is unrelated. That test doesn't touch this code path, and I just ran TestDatanodeBlockScanner locally on my box and confirmed that it passed just fine.

        Thanks a lot for the review, Todd. I'll commit this momentarily.

        Show
        Aaron T. Myers added a comment - I'm confident that the test failure is unrelated. That test doesn't touch this code path, and I just ran TestDatanodeBlockScanner locally on my box and confirmed that it passed just fine. Thanks a lot for the review, Todd. I'll commit this momentarily.
        Hide
        Aaron T. Myers added a comment -

        Fixing typo in issue summary.

        Show
        Aaron T. Myers added a comment - Fixing typo in issue summary.
        Hide
        Aaron T. Myers added a comment -

        I've just committed this to trunk and branch-2.

        Show
        Aaron T. Myers added a comment - I've just committed this to trunk and branch-2.
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #2112 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2112/)
        HDFS-3305. GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115)

        Result = SUCCESS
        atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115
        Files :

        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #2112 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2112/ ) HDFS-3305 . GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115) Result = SUCCESS atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115 Files : /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk-Commit #2186 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2186/)
        HDFS-3305. GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115)

        Result = SUCCESS
        atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115
        Files :

        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk-Commit #2186 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2186/ ) HDFS-3305 . GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115) Result = SUCCESS atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115 Files : /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk-Commit #2128 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2128/)
        HDFS-3305. GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115)

        Result = SUCCESS
        atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115
        Files :

        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk-Commit #2128 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2128/ ) HDFS-3305 . GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115) Result = SUCCESS atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115 Files : /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk #1020 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1020/)
        HDFS-3305. GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115)

        Result = FAILURE
        atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115
        Files :

        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk #1020 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1020/ ) HDFS-3305 . GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115) Result = FAILURE atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115 Files : /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk #1055 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1055/)
        HDFS-3305. GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115)

        Result = FAILURE
        atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115
        Files :

        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
        • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk #1055 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1055/ ) HDFS-3305 . GetImageServlet should consider SBN a valid requestor in a secure HA setup. Contributed by Aaron T. Myers. (Revision 1328115) Result = FAILURE atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1328115 Files : /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/GetImageServlet.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestGetImageServlet.java

          People

          • Assignee:
            Aaron T. Myers
            Reporter:
            Aaron T. Myers
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development