[
https://issues.apache.org/jira/browse/HDFS-12357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16151344#comment-16151344
]
Manoj Govindassamy commented on HDFS-12357:
-------------------------------------------
Thanks for the patch [~chris.douglas]. Having
{{UserFilterINodeAttributeProvider}} seems like a cleaner approach. Is it
possible to examine the {{bypassUser}} config and skip the wrapper
{{UserFilterINodeAttributeProvider}} if the user list is empty. Most of the
times, the bypass user list is going to empty and we can totally skip the
wrapper if so.
{noformat}
205 void setINodeAttributeProvider(
206 INodeAttributeProvider provider, Configuration conf) {
207 attributeProvider = null == provider
208 ? null
209 : new UserFilterINodeAttributeProvider(provider, conf);
207 } 210
{noformat}
[~yzhangal], I don't see the problem with {{getAccessControlEnforcer}}. But as
you pointed out, if we can avoid duplicate of components, it would be great.
> Let NameNode to bypass external attribute provider for special user
> -------------------------------------------------------------------
>
> Key: HDFS-12357
> URL: https://issues.apache.org/jira/browse/HDFS-12357
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Yongjun Zhang
> Assignee: Yongjun Zhang
> Attachments: HDFS-12357.001.patch, HDFS-12357.002.patch,
> HDFS-12357.003.patch, HDFS-12357.004.patch
>
>
> This is a third proposal to solve the problem described in HDFS-12202.
> The problem is, when we do distcp from one cluster to another (or within the
> same cluster), in addition to copying file data, we copy the metadata from
> source to target. If external attribute provider is enabled, the metadata may
> be read from the provider, thus provider data read from source may be saved
> to target HDFS.
> We want to avoid saving metadata from external provider to HDFS, so we want
> to bypass external provider when doing the distcp (or hadoop fs -cp)
> operation.
> Two alternative approaches were proposed earlier, one in HDFS-12202, the
> other in HDFS-12294. The proposal here is the third one.
> The idea is, we introduce a new config, that specifies a special user (or a
> list of users), and let NN bypass external provider when the current user is
> a special user.
> If we run applications as the special user that need data from external
> attribute provider, then it won't work. So the constraint on this approach
> is, the special users here should not run applications that need data from
> external provider.
> Thanks [~asuresh] for proposing this idea and [~chris.douglas], [~daryn],
> [~manojg] for the discussions in the other jiras.
> I'm creating this one to discuss further.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
