[
https://issues.apache.org/jira/browse/HDFS-12357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16151239#comment-16151239
]
Chris Douglas commented on HDFS-12357:
--------------------------------------
bq. 1. the wrapper need to create two provider objects, one is the default
(HDFS), the other is the external provider, and switch between these two.
However, in the existing code, I don't see the default provider object is
always created
Sure, but if no external attribute provider is created, then the wrapper
doesn't need to be created. What is the problem?
bq. 2a. \[...] The easiest way is to check if the user is a special user, then
we don't ask for provider's data at all. If we do this in a wrapper class, we
always have to get some attributes, which maybe from HDFS or not. \[...]
As in the v001 version, this is avoided.
bq. 2b. Here we need to pass either a null or the external attributeProvider
configured to permission checker. if we include this logic to the external
provider, we need have an API in this wrapper class, to return the external
provicer or null
Unless this is invoked in a separate thread, doesn't the same logic apply? If
the provider is configured then it's invoked by {{FSPermissionChecker}}, if
it's a filtered user then it doesn't consult the external attribute provider.
bq. My comments are largely about the integration, which is the key part that
you did not address in the example patch. If you'd like, would you please take
a look?
I'll take a second pass, but I don't intend to take over the patch...
> Let NameNode to bypass external attribute provider for special user
> -------------------------------------------------------------------
>
> Key: HDFS-12357
> URL: https://issues.apache.org/jira/browse/HDFS-12357
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Yongjun Zhang
> Assignee: Yongjun Zhang
> Attachments: HDFS-12357.001.patch, HDFS-12357.002.patch
>
>
> This is a third proposal to solve the problem described in HDFS-12202.
> The problem is, when we do distcp from one cluster to another (or within the
> same cluster), in addition to copying file data, we copy the metadata from
> source to target. If external attribute provider is enabled, the metadata may
> be read from the provider, thus provider data read from source may be saved
> to target HDFS.
> We want to avoid saving metadata from external provider to HDFS, so we want
> to bypass external provider when doing the distcp (or hadoop fs -cp)
> operation.
> Two alternative approaches were proposed earlier, one in HDFS-12202, the
> other in HDFS-12294. The proposal here is the third one.
> The idea is, we introduce a new config, that specifies a special user (or a
> list of users), and let NN bypass external provider when the current user is
> a special user.
> If we run applications as the special user that need data from external
> attribute provider, then it won't work. So the constraint on this approach
> is, the special users here should not run applications that need data from
> external provider.
> Thanks [~asuresh] for proposing this idea and [~chris.douglas], [~daryn],
> [~manojg] for the discussions in the other jiras.
> I'm creating this one to discuss further.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
