Author: dhruba
Date: Thu Jan 17 16:02:37 2008
New Revision: 613014
URL: http://svn.apache.org/viewvc?rev=613014&view=rev
Log:
HADOOP-2543. Implement a "no-permission-checking" mode for smooth
upgrade from a pre-0.16 install of HDFS.
(Hairong Kuang via dhruba)
Modified:
lucene/hadoop/trunk/CHANGES.txt
lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java
lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java
lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java
lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java
Modified: lucene/hadoop/trunk/CHANGES.txt
URL:
http://svn.apache.org/viewvc/lucene/hadoop/trunk/CHANGES.txt?rev=613014&r1=613013&r2=613014&view=diff
==============================================================================
--- lucene/hadoop/trunk/CHANGES.txt (original)
+++ lucene/hadoop/trunk/CHANGES.txt Thu Jan 17 16:02:37 2008
@@ -492,6 +492,10 @@
HADOOP-2614. The DFS WebUI accesses are configured to be from the user
specified by dfs.web.ugi. (Tsz Wo (Nicholas), SZE via dhruba)
+ HADOOP-2543. Implement a "no-permission-checking" mode for smooth
+ upgrade from a pre-0.16 install of HDFS.
+ (Hairong Kuang via dhruba)
+
Release 0.15.3 - 2008-01-18
BUG FIXES
Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java
URL:
http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java?rev=613014&r1=613013&r2=613014&view=diff
==============================================================================
--- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java (original)
+++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSEditLog.java Thu Jan
17 16:02:37 2008
@@ -471,7 +471,7 @@
blockSize = Math.max(fsNamesys.getDefaultBlockSize(), first);
}
}
- PermissionStatus permissions = PermissionChecker.ANONYMOUS;
+ PermissionStatus permissions = fsNamesys.getUpgradePermission();
if (logVersion <= -11) {
permissions = PermissionStatus.read(in);
}
@@ -540,7 +540,7 @@
}
case OP_MKDIR: {
UTF8 src = null;
- PermissionStatus permissions = PermissionChecker.ANONYMOUS;
+ PermissionStatus permissions = fsNamesys.getUpgradePermission();
if (logVersion >= -4) {
src = new UTF8();
src.readFields(in);
Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java
URL:
http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java?rev=613014&r1=613013&r2=613014&view=diff
==============================================================================
--- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java (original)
+++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSImage.java Thu Jan 17
16:02:37 2008
@@ -712,7 +712,7 @@
blockSize = Math.max(fsNamesys.getDefaultBlockSize(), first);
}
}
- PermissionStatus permissions = PermissionChecker.ANONYMOUS;
+ PermissionStatus permissions = fsNamesys.getUpgradePermission();
if (imgVersion <= -11) {
permissions = PermissionStatus.read(in);
}
Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java
URL:
http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java?rev=613014&r1=613013&r2=613014&view=diff
==============================================================================
--- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java
(original)
+++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java Thu
Jan 17 16:02:37 2008
@@ -61,6 +61,7 @@
private boolean isPermissionEnabled;
private UserGroupInformation fsOwner;
private String supergroup;
+ private PermissionStatus defaultPermission;
//
// Stores the correct file name hierarchy
@@ -323,6 +324,10 @@
this.isPermissionEnabled = conf.getBoolean("dfs.permissions", true);
LOG.info("supergroup=" + supergroup);
LOG.info("isPermissionEnabled=" + isPermissionEnabled);
+ short filePermission = (short)conf.getInt("dfs.upgrade.permission", 0777);
+ this.defaultPermission = PermissionStatus.createImmutable(
+ fsOwner.getUserName(), supergroup, new FsPermission(filePermission));
+
this.replicator = new ReplicationTargetChooser(
conf.getBoolean("dfs.replication.considerLoad", true),
@@ -360,6 +365,14 @@
this.maxFsObjects = conf.getLong("dfs.max.objects", 0);
}
+ /**
+ * Return the default path permission when upgrading from releases with no
+ * permissions (<=0.15) to releases with permissions (>=0.16)
+ */
+ protected PermissionStatus getUpgradePermission() {
+ return defaultPermission;
+ }
+
/** Return the FSNamesystem object
*
*/
@@ -715,7 +728,9 @@
*/
LocatedBlocks getBlockLocations(String clientMachine, String src,
long offset, long length) throws IOException {
- checkPathAccess(src, FsAction.READ);
+ if (isPermissionEnabled) {
+ checkPathAccess(src, FsAction.READ);
+ }
return getBlockLocationsInternal(clientMachine, src, offset, length);
}
LocatedBlocks getBlockLocationsInternal(String clientMachine,
@@ -828,7 +843,9 @@
if (isInSafeMode())
throw new SafeModeException("Cannot set replication for " + src,
safeMode);
verifyReplication(src, replication, null);
- checkPathAccess(src, FsAction.WRITE);
+ if (isPermissionEnabled) {
+ checkPathAccess(src, FsAction.WRITE);
+ }
int[] oldReplication = new int[1];
Block[] fileBlocks;
@@ -856,7 +873,9 @@
}
long getPreferredBlockSize(String filename) throws IOException {
- checkTraverse(filename);
+ if (isPermissionEnabled) {
+ checkTraverse(filename);
+ }
return dir.getPreferredBlockSize(filename);
}
@@ -913,11 +932,13 @@
if (!isValidName(src)) {
throw new IOException("Invalid file name: " + src);
}
- if (overwrite && exists(src)) {
- checkPathAccess(src, FsAction.WRITE);
- }
- else {
- checkAncestorAccess(src, FsAction.WRITE);
+ if (isPermissionEnabled) {
+ if (overwrite && exists(src)) {
+ checkPathAccess(src, FsAction.WRITE);
+ }
+ else {
+ checkAncestorAccess(src, FsAction.WRITE);
+ }
}
try {
@@ -1381,8 +1402,10 @@
throw new IOException("Invalid name: " + dst);
}
- checkParentAccess(src, FsAction.WRITE);
- checkAncestorAccess(dst, FsAction.WRITE);
+ if (isPermissionEnabled) {
+ checkParentAccess(src, FsAction.WRITE);
+ checkAncestorAccess(dst, FsAction.WRITE);
+ }
return dir.renameTo(src, dst);
}
@@ -1414,7 +1437,7 @@
NameNode.stateChangeLog.debug("DIR* NameSystem.delete: " + src);
if (enforceSafeMode && isInSafeMode())
throw new SafeModeException("Cannot delete " + src, safeMode);
- if (enforcePermission) {
+ if (enforcePermission && isPermissionEnabled) {
checkPermission(src, false, null, FsAction.WRITE, null, FsAction.ALL);
}
@@ -1441,7 +1464,9 @@
* Return whether the given filename exists
*/
public boolean exists(String src) throws AccessControlException {
- checkTraverse(src);
+ if (isPermissionEnabled) {
+ checkTraverse(src);
+ }
return dir.exists(src);
}
@@ -1449,7 +1474,9 @@
* Whether the given name is a directory
*/
public boolean isDir(String src) throws AccessControlException {
- checkTraverse(src);
+ if (isPermissionEnabled) {
+ checkTraverse(src);
+ }
return dir.isDir(src);
}
@@ -1459,7 +1486,9 @@
* @return object containing information regarding the file
*/
DFSFileInfo getFileInfo(String src) throws IOException {
- checkTraverse(src);
+ if (isPermissionEnabled) {
+ checkTraverse(src);
+ }
return dir.getFileInfo(src);
}
@@ -1508,7 +1537,9 @@
if (!isValidName(src)) {
throw new IOException("Invalid directory name: " + src);
}
- checkAncestorAccess(src, FsAction.WRITE);
+ if (isPermissionEnabled) {
+ checkAncestorAccess(src, FsAction.WRITE);
+ }
// validate that we have enough inodes. This is, at best, a
// heuristic because the mkdirs() operation migth need to
@@ -1527,7 +1558,9 @@
* @return size in bytes
*/
long getContentLength(String src) throws IOException {
- checkPermission(src, false, null, null, null, FsAction.READ_EXECUTE);
+ if (isPermissionEnabled) {
+ checkPermission(src, false, null, null, null, FsAction.READ_EXECUTE);
+ }
return dir.getContentLength(src);
}
@@ -1752,11 +1785,13 @@
* exists so we can return file attributes (soon to be implemented)
*/
public DFSFileInfo[] getListing(String src) throws IOException {
- if (dir.isDir(src)) {
- checkPathAccess(src, FsAction.READ);
- }
- else {
- checkTraverse(src);
+ if (isPermissionEnabled) {
+ if (dir.isDir(src)) {
+ checkPathAccess(src, FsAction.READ);
+ }
+ else {
+ checkTraverse(src);
+ }
}
return dir.getListing(src);
}
@@ -3914,7 +3949,7 @@
FsAction subAccess) throws AccessControlException {
PermissionChecker pc = new PermissionChecker(
fsOwner.getUserName(), supergroup);
- if (isPermissionEnabled && !pc.isSuper) {
+ if (!pc.isSuper) {
dir.waitForReady();
pc.checkPermission(path, dir.rootDir, doCheckOwner,
ancestorAccess, parentAccess, access, subAccess);
Modified:
lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java
URL:
http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java?rev=613014&r1=613013&r2=613014&view=diff
==============================================================================
--- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java
(original)
+++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/PermissionChecker.java
Thu Jan 17 16:02:37 2008
@@ -29,10 +29,6 @@
class PermissionChecker {
static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
- /** Anonymous PermissionStatus. */
- static final PermissionStatus ANONYMOUS = PermissionStatus.createImmutable(
- "HadoopAnonymous", "HadoopAnonymous", new FsPermission((short)0777));
-
final String user;
private final Set<String> groups = new HashSet<String>();
final boolean isSuper;
