Author: dhruba Date: Thu Jan 17 16:02:37 2008 New Revision: 613014 URL: http://svn.apache.org/viewvc?rev=613014&view=rev Log: HADOOP-2543. Implement a "no-permission-checking" mode for smooth upgrade from a pre-0.16 install of HDFS. (Hairong Kuang via dhruba)
Modified: lucene/hadoop/trunk/CHANGES.txt lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java Modified: lucene/hadoop/trunk/CHANGES.txt URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/CHANGES.txt?rev=613014&r1=613013&r2=613014&view=diff ============================================================================== --- lucene/hadoop/trunk/CHANGES.txt (original) +++ lucene/hadoop/trunk/CHANGES.txt Thu Jan 17 16:02:37 2008 @@ -492,6 +492,10 @@ HADOOP-2614. The DFS WebUI accesses are configured to be from the user specified by dfs.web.ugi. (Tsz Wo (Nicholas), SZE via dhruba) + HADOOP-2543. Implement a "no-permission-checking" mode for smooth + upgrade from a pre-0.16 install of HDFS. + (Hairong Kuang via dhruba) + Release 0.15.3 - 2008-01-18 BUG FIXES Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java?rev=613014&r1=613013&r2=613014&view=diff ============================================================================== --- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java (original) +++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java Thu Jan 17 16:02:37 2008 @@ -471,7 +471,7 @@ blockSize = Math.max(fsNamesys.getDefaultBlockSize(), first); } } - PermissionStatus permissions = PermissionChecker.ANONYMOUS; + PermissionStatus permissions = fsNamesys.getUpgradePermission(); if (logVersion <= -11) { permissions = PermissionStatus.read(in); } @@ -540,7 +540,7 @@ } case OP_MKDIR: { UTF8 src = null; - PermissionStatus permissions = PermissionChecker.ANONYMOUS; + PermissionStatus permissions = fsNamesys.getUpgradePermission(); if (logVersion >= -4) { src = new UTF8(); src.readFields(in); Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java?rev=613014&r1=613013&r2=613014&view=diff ============================================================================== --- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java (original) +++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java Thu Jan 17 16:02:37 2008 @@ -712,7 +712,7 @@ blockSize = Math.max(fsNamesys.getDefaultBlockSize(), first); } } - PermissionStatus permissions = PermissionChecker.ANONYMOUS; + PermissionStatus permissions = fsNamesys.getUpgradePermission(); if (imgVersion <= -11) { permissions = PermissionStatus.read(in); } Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java?rev=613014&r1=613013&r2=613014&view=diff ============================================================================== --- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java (original) +++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java Thu Jan 17 16:02:37 2008 @@ -61,6 +61,7 @@ private boolean isPermissionEnabled; private UserGroupInformation fsOwner; private String supergroup; + private PermissionStatus defaultPermission; // // Stores the correct file name hierarchy @@ -323,6 +324,10 @@ this.isPermissionEnabled = conf.getBoolean("dfs.permissions", true); LOG.info("supergroup=" + supergroup); LOG.info("isPermissionEnabled=" + isPermissionEnabled); + short filePermission = (short)conf.getInt("dfs.upgrade.permission", 0777); + this.defaultPermission = PermissionStatus.createImmutable( + fsOwner.getUserName(), supergroup, new FsPermission(filePermission)); + this.replicator = new ReplicationTargetChooser( conf.getBoolean("dfs.replication.considerLoad", true), @@ -360,6 +365,14 @@ this.maxFsObjects = conf.getLong("dfs.max.objects", 0); } + /** + * Return the default path permission when upgrading from releases with no + * permissions (<=0.15) to releases with permissions (>=0.16) + */ + protected PermissionStatus getUpgradePermission() { + return defaultPermission; + } + /** Return the FSNamesystem object * */ @@ -715,7 +728,9 @@ */ LocatedBlocks getBlockLocations(String clientMachine, String src, long offset, long length) throws IOException { - checkPathAccess(src, FsAction.READ); + if (isPermissionEnabled) { + checkPathAccess(src, FsAction.READ); + } return getBlockLocationsInternal(clientMachine, src, offset, length); } LocatedBlocks getBlockLocationsInternal(String clientMachine, @@ -828,7 +843,9 @@ if (isInSafeMode()) throw new SafeModeException("Cannot set replication for " + src, safeMode); verifyReplication(src, replication, null); - checkPathAccess(src, FsAction.WRITE); + if (isPermissionEnabled) { + checkPathAccess(src, FsAction.WRITE); + } int[] oldReplication = new int[1]; Block[] fileBlocks; @@ -856,7 +873,9 @@ } long getPreferredBlockSize(String filename) throws IOException { - checkTraverse(filename); + if (isPermissionEnabled) { + checkTraverse(filename); + } return dir.getPreferredBlockSize(filename); } @@ -913,11 +932,13 @@ if (!isValidName(src)) { throw new IOException("Invalid file name: " + src); } - if (overwrite && exists(src)) { - checkPathAccess(src, FsAction.WRITE); - } - else { - checkAncestorAccess(src, FsAction.WRITE); + if (isPermissionEnabled) { + if (overwrite && exists(src)) { + checkPathAccess(src, FsAction.WRITE); + } + else { + checkAncestorAccess(src, FsAction.WRITE); + } } try { @@ -1381,8 +1402,10 @@ throw new IOException("Invalid name: " + dst); } - checkParentAccess(src, FsAction.WRITE); - checkAncestorAccess(dst, FsAction.WRITE); + if (isPermissionEnabled) { + checkParentAccess(src, FsAction.WRITE); + checkAncestorAccess(dst, FsAction.WRITE); + } return dir.renameTo(src, dst); } @@ -1414,7 +1437,7 @@ NameNode.stateChangeLog.debug("DIR* NameSystem.delete: " + src); if (enforceSafeMode && isInSafeMode()) throw new SafeModeException("Cannot delete " + src, safeMode); - if (enforcePermission) { + if (enforcePermission && isPermissionEnabled) { checkPermission(src, false, null, FsAction.WRITE, null, FsAction.ALL); } @@ -1441,7 +1464,9 @@ * Return whether the given filename exists */ public boolean exists(String src) throws AccessControlException { - checkTraverse(src); + if (isPermissionEnabled) { + checkTraverse(src); + } return dir.exists(src); } @@ -1449,7 +1474,9 @@ * Whether the given name is a directory */ public boolean isDir(String src) throws AccessControlException { - checkTraverse(src); + if (isPermissionEnabled) { + checkTraverse(src); + } return dir.isDir(src); } @@ -1459,7 +1486,9 @@ * @return object containing information regarding the file */ DFSFileInfo getFileInfo(String src) throws IOException { - checkTraverse(src); + if (isPermissionEnabled) { + checkTraverse(src); + } return dir.getFileInfo(src); } @@ -1508,7 +1537,9 @@ if (!isValidName(src)) { throw new IOException("Invalid directory name: " + src); } - checkAncestorAccess(src, FsAction.WRITE); + if (isPermissionEnabled) { + checkAncestorAccess(src, FsAction.WRITE); + } // validate that we have enough inodes. This is, at best, a // heuristic because the mkdirs() operation migth need to @@ -1527,7 +1558,9 @@ * @return size in bytes */ long getContentLength(String src) throws IOException { - checkPermission(src, false, null, null, null, FsAction.READ_EXECUTE); + if (isPermissionEnabled) { + checkPermission(src, false, null, null, null, FsAction.READ_EXECUTE); + } return dir.getContentLength(src); } @@ -1752,11 +1785,13 @@ * exists so we can return file attributes (soon to be implemented) */ public DFSFileInfo[] getListing(String src) throws IOException { - if (dir.isDir(src)) { - checkPathAccess(src, FsAction.READ); - } - else { - checkTraverse(src); + if (isPermissionEnabled) { + if (dir.isDir(src)) { + checkPathAccess(src, FsAction.READ); + } + else { + checkTraverse(src); + } } return dir.getListing(src); } @@ -3914,7 +3949,7 @@ FsAction subAccess) throws AccessControlException { PermissionChecker pc = new PermissionChecker( fsOwner.getUserName(), supergroup); - if (isPermissionEnabled && !pc.isSuper) { + if (!pc.isSuper) { dir.waitForReady(); pc.checkPermission(path, dir.rootDir, doCheckOwner, ancestorAccess, parentAccess, access, subAccess); Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java?rev=613014&r1=613013&r2=613014&view=diff ============================================================================== --- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java (original) +++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java Thu Jan 17 16:02:37 2008 @@ -29,10 +29,6 @@ class PermissionChecker { static final Log LOG = LogFactory.getLog(UserGroupInformation.class); - /** Anonymous PermissionStatus. */ - static final PermissionStatus ANONYMOUS = PermissionStatus.createImmutable( - "HadoopAnonymous", "HadoopAnonymous", new FsPermission((short)0777)); - final String user; private final Set<String> groups = new HashSet<String>(); final boolean isSuper;