[
https://issues.apache.org/jira/browse/HDFS-13248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16441568#comment-16441568
]
Daryn Sharp commented on HDFS-13248:
------------------------------------
Do realize this will cause security vulnerabilities if not carefully
implemented. You cannot pass the origin in the caller context (as Arpit said,
it's opaque) or through optional NN RPC arguments. You cannot trust the
client, and attempting to verify the client in every single rpc method will be
too expensive.
The best bet is probably adding a remoteAddr to the IpcConnectionContext. At
the IPC level, if the remoteAddr is defined and the peer is in a "trusted" host
list, set that as the Connection's remote address. The expense of verifying
will only happen once per connection. Now ACLs, proxy user authz, audit
logging, etc will/should all seamless work. We do something similar with
webhdfs routed through the call queue.
> RBF: Namenode need to choose block location for the client
> ----------------------------------------------------------
>
> Key: HDFS-13248
> URL: https://issues.apache.org/jira/browse/HDFS-13248
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Weiwei Wu
> Assignee: Íñigo Goiri
> Priority: Major
> Attachments: HDFS-13248.000.patch, HDFS-13248.001.patch,
> clientMachine-call-path.jpeg, debug-info-1.jpeg, debug-info-2.jpeg
>
>
> When execute a put operation via router, the NameNode will choose block
> location for the router, not for the real client. This will affect the file's
> locality.
> I think on both NameNode and Router, we should add a new addBlock method, or
> add a parameter for the current addBlock method, to pass the real client
> information.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
