Author: eli
Date: Fri May 11 03:15:54 2012
New Revision: 1337017
URL: http://svn.apache.org/viewvc?rev=1337017&view=rev
Log:
HDFS-3400. DNs should be able start with jsvc even if security is disabled.
Contributed by Aaron T. Myers
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/bin/hdfs
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
Modified: hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1337017&r1=1337016&r2=1337017&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Fri May 11
03:15:54 2012
@@ -451,6 +451,9 @@ Release 2.0.0 - UNRELEASED
HDFS-3401. Cleanup DatanodeDescriptor creation in the tests. (eli)
+ HDFS-3400. DNs should be able start with jsvc even if security is disabled.
+ (atm via eli)
+
OPTIMIZATIONS
HDFS-3024. Improve performance of stringification in addStoredBlock (todd)
Modified: hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/bin/hdfs
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/bin/hdfs?rev=1337017&r1=1337016&r2=1337017&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/bin/hdfs
(original)
+++ hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/bin/hdfs Fri
May 11 03:15:54 2012
@@ -56,16 +56,21 @@ shift
# Determine if we're starting a secure datanode, and if so, redefine
appropriate variables
if [ "$COMMAND" == "datanode" ] && [ "$EUID" -eq 0 ] && [ -n
"$HADOOP_SECURE_DN_USER" ]; then
- if [ -n "$HADOOP_SECURE_DN_PID_DIR" ]; then
- HADOOP_PID_DIR=$HADOOP_SECURE_DN_PID_DIR
- fi
-
- if [ -n "$HADOOP_SECURE_DN_LOG_DIR" ]; then
- HADOOP_LOG_DIR=$HADOOP_SECURE_DN_LOG_DIR
+ if [ -n "$JSVC_HOME" ]; then
+ if [ -n "$HADOOP_SECURE_DN_PID_DIR" ]; then
+ HADOOP_PID_DIR=$HADOOP_SECURE_DN_PID_DIR
+ fi
+
+ if [ -n "$HADOOP_SECURE_DN_LOG_DIR" ]; then
+ HADOOP_LOG_DIR=$HADOOP_SECURE_DN_LOG_DIR
+ fi
+
+ HADOOP_IDENT_STRING=$HADOOP_SECURE_DN_USER
+ starting_secure_dn="true"
+ else
+ echo "It looks like you're trying to start a secure DN, but \$JSVC_HOME"\
+ "isn't set. Falling back to starting insecure DN."
fi
-
- HADOOP_IDENT_STRING=$HADOOP_SECURE_DN_USER
- starting_secure_dn="true"
fi
if [ "$COMMAND" = "namenode" ] ; then
@@ -125,12 +130,12 @@ if [ "$starting_secure_dn" = "true" ]; t
if [ "$HADOOP_PID_DIR" = "" ]; then
HADOOP_SECURE_DN_PID="/tmp/hadoop_secure_dn.pid"
else
- HADOOP_SECURE_DN_PID="$HADOOP_PID_DIR/hadoop_secure_dn.pid"
+ HADOOP_SECURE_DN_PID="$HADOOP_PID_DIR/hadoop_secure_dn.pid"
fi
JSVC=$JSVC_HOME/jsvc
if [ ! -f $JSVC ]; then
- echo "JSVC_HOME is not set correctly so jsvc can not be found. Jsvc is
required to run secure datanodes. "
+ echo "JSVC_HOME is not set correctly so jsvc cannot be found. Jsvc is
required to run secure datanodes. "
echo "Please download and install jsvc from
http://archive.apache.org/dist/commons/daemon/binaries/ "\
"and set JSVC_HOME to the directory containing the jsvc binary."
exit
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java?rev=1337017&r1=1337016&r2=1337017&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
(original)
+++
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/SecureDataNodeStarter.java
Fri May 11 03:15:54 2012
@@ -29,6 +29,7 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.apache.hadoop.http.HttpServer;
+import org.apache.hadoop.security.UserGroupInformation;
import org.mortbay.jetty.nio.SelectChannelConnector;
/**
@@ -60,10 +61,7 @@ public class SecureDataNodeStarter imple
@Override
public void init(DaemonContext context) throws Exception {
System.err.println("Initializing secure datanode resources");
- // We should only start up a secure datanode in a Kerberos-secured cluster
- Configuration conf = new Configuration(); // Skip UGI method to not log in
- if(!conf.get(HADOOP_SECURITY_AUTHENTICATION).equals("kerberos"))
- throw new RuntimeException("Cannot start secure datanode in unsecure
cluster");
+ Configuration conf = new Configuration();
// Stash command-line arguments for regular datanode
args = context.getArguments();
@@ -98,7 +96,8 @@ public class SecureDataNodeStarter imple
System.err.println("Successfully obtained privileged resources (streaming
port = "
+ ss + " ) (http listener port = " + listener.getConnection() +")");
- if (ss.getLocalPort() >= 1023 || listener.getPort() >= 1023) {
+ if ((ss.getLocalPort() >= 1023 || listener.getPort() >= 1023) &&
+ UserGroupInformation.isSecurityEnabled()) {
throw new RuntimeException("Cannot start secure datanode with
unprivileged ports");
}
System.err.println("Opened streaming server at " + streamingAddr);
