[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16401124#comment-16401124 ] Lei (Eddy) Xu commented on HDFS-12895: -- Hi, [~linyiqun] Similar to HDFS-12895, should we revert this change from 3.0.1 release? > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin >Priority: Major > Labels: RBF, incompatible > Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1 > > Attachments: HDFS-12895-branch-2.001.patch, HDFS-12895.001.patch, > HDFS-12895.002.patch, HDFS-12895.003.patch, HDFS-12895.004.patch, > HDFS-12895.005.patch, HDFS-12895.006.patch, HDFS-12895.007.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16310328#comment-16310328 ] Íñigo Goiri commented on HDFS-12895: bq. If the users don't have rights to access real filesystem path, it will be rejected. Do we still need to make this check in mount table level? That's true. This would be more like preventing forwarding requests at a federated level. It would still be mount table level (federation) and not file system itself. Not 100% sure is completely valuable though. I'll give it a thought to see if we have any good use case for this. It makes more sense in terms of semantics than use. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF, incompatible > Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1 > > Attachments: HDFS-12895-branch-2.001.patch, HDFS-12895.001.patch, > HDFS-12895.002.patch, HDFS-12895.003.patch, HDFS-12895.004.patch, > HDFS-12895.005.patch, HDFS-12895.006.patch, HDFS-12895.007.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16307416#comment-16307416 ] Yiqun Lin commented on HDFS-12895: -- [~elgoiri], If the users don't have rights to access real filesystem path, it will be rejected. Do we still need to make this check in mount table level? > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF, incompatible > Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1 > > Attachments: HDFS-12895-branch-2.001.patch, HDFS-12895.001.patch, > HDFS-12895.002.patch, HDFS-12895.003.patch, HDFS-12895.004.patch, > HDFS-12895.005.patch, HDFS-12895.006.patch, HDFS-12895.007.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16306648#comment-16306648 ] Íñigo Goiri commented on HDFS-12895: I was thinking that we could actually use the EXECUTE permissions. When a client tries to access a path, we could check the x ACL of the mount point and throw an exception. This would allow RBF blocking some users from accessing some mount points. I see a couple issues like: * Is the semantics clear or a little convoluted? * What happens with sub mount points? Is this worth opening a JIRA? > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF, incompatible > Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1 > > Attachments: HDFS-12895-branch-2.001.patch, HDFS-12895.001.patch, > HDFS-12895.002.patch, HDFS-12895.003.patch, HDFS-12895.004.patch, > HDFS-12895.005.patch, HDFS-12895.006.patch, HDFS-12895.007.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292799#comment-16292799 ] Íñigo Goiri commented on HDFS-12895: Thanks [~linyiqun] for working on this. We will start using it right away. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF, incompatible > Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1 > > Attachments: HDFS-12895-branch-2.001.patch, HDFS-12895.001.patch, > HDFS-12895.002.patch, HDFS-12895.003.patch, HDFS-12895.004.patch, > HDFS-12895.005.patch, HDFS-12895.006.patch, HDFS-12895.007.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292100#comment-16292100 ] Hudson commented on HDFS-12895: --- SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13383 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/13383/]) HDFS-12895. RBF: Add ACL support for mount table. Contributed by Yiqun (yqlin: rev ee028bfdf1c88a27cd925bed93ebb599a164dd2e) * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/proto/FederationProtocol.proto * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/MountTable.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/router/federationhealth.html * (edit) hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSRouterFederation.md * (edit) hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSCommands.md * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/impl/MountTableStoreImpl.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/federation/RouterAdmin.java * (add) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterPermissionChecker.java * (add) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterAdminCLI.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/impl/pb/MountTablePBImpl.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/metrics/TestFederationMetrics.java > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF, incompatible > Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1 > > Attachments: HDFS-12895-branch-2.001.patch, HDFS-12895.001.patch, > HDFS-12895.002.patch, HDFS-12895.003.patch, HDFS-12895.004.patch, > HDFS-12895.005.patch, HDFS-12895.006.patch, HDFS-12895.007.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292065#comment-16292065 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 38m 4s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 2 new or modified test files. {color} | || || || || {color:brown} branch-2 Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 9m 47s{color} | {color:green} branch-2 passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 48s{color} | {color:green} branch-2 passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 28s{color} | {color:green} branch-2 passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 56s{color} | {color:green} branch-2 passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 11s{color} | {color:green} branch-2 passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 5s{color} | {color:green} branch-2 passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 50s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 44s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 44s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 44s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 23s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 52s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 13s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 4s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}106m 51s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:red}-1{color} | {color:red} asflicense {color} | {color:red} 1m 15s{color} | {color:red} The patch generated 115 ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}169m 19s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Unreaped Processes | hadoop-hdfs:25 | | Failed junit tests | hadoop.hdfs.web.TestWebHdfsTimeouts | | | hadoop.hdfs.TestParallelShortCircuitReadUnCached | | | hadoop.hdfs.TestDataStream | | Timed out junit tests | org.apache.hadoop.hdfs.TestHdfsAdmin | | | org.apache.hadoop.hdfs.TestMaintenanceState | | | org.apache.hadoop.hdfs.TestFileAppend | | | org.apache.hadoop.hdfs.TestSafeMode | | | org.apache.hadoop.hdfs.TestRollingUpgradeDowngrade | | | org.apache.hadoop.hdfs.web.TestWebHdfsWithRestCsrfPreventionFilter | | | org.apache.hadoop.hdfs.TestLease | | | org.apache.hadoop.hdfs.TestHDFSServerPorts | | | org.apache.hadoop.hdfs.TestDFSUpgrade | | | org.apache.hadoop.hdfs.web.TestWebHDFS | | | org.apache.hadoop.hdfs.web.TestWebHDFSXAttr | | | org.apache.hadoop.hdfs.TestRenameWhileOpen | | | org.apache.hadoop.metrics2.sink.TestRollingFileSystemSinkWithHdfs | | | org.apache.hadoop.hdfs.TestFSOutputSummer | | | org.apache.hadoop.hdfs.TestExternalBlockReader | | | org.apache.hadoop.hdfs.TestHFlush | | | org.apache.hadoop.hdfs.web.TestWebHDFSForHA | | | org.apache.hadoop.hdfs.TestEncryptedTransfer | | | org.apache.hadoop.hdfs.TestTrashWithEncryptionZones | | | org.apache.hadoop.hdfs.TestDFSShell | | | org.apache.hadoop.hdfs.TestReplaceDatanodeFailureReplication | | | org.apache.hadoop.hdfs.TestDataTransferProtocol | | | org.apache.hadoop.hdfs.TestDFSRename | | | org.apache.hadoop.hdfs.web.TestWebHDFSAcl | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292058#comment-16292058 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 15s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 2 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 17m 58s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 4s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 42s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 13s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 11m 37s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 51s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 51s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 59s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 37s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 57s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 10m 53s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 58s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}129m 45s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 28s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}182m 31s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.server.namenode.ha.TestRetryCacheWithHA | | | hadoop.hdfs.server.namenode.ha.TestStandbyCheckpoints | | | hadoop.hdfs.server.datanode.TestDataNodeVolumeFailureReporting | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:5b98639 | | JIRA Issue | HDFS-12895 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12902202/HDFS-12895.007.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle cc | | uname | Linux 5ba5ac796316 3.13.0-135-generic #184-Ubuntu SMP Wed Oct 18 11:55:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 95d4ec7 | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_151 | | findbugs | v3.1.0-RC1 | | findbugs | https://builds.apache.org/job/PreCommit-HDFS-Build/22413/artifact/out/branch-findbugs-hadoop-hdfs-project_hadoop-hdfs-warnings.html | | unit |
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291382#comment-16291382 ] Íñigo Goiri commented on HDFS-12895: The only change for {{branch-2}} is the use of {{getGroupNames()}} in the UGI instead of {{getGroups()}}. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch, > HDFS-12895.006.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291281#comment-16291281 ] Íñigo Goiri commented on HDFS-12895: Thanks [~yiqun] for the fixes in [^HDFS-12895.006.patch]. I'm OK with assuming that the users won't be able to modify their own entries (after all, we don't know if they were the ones creating them), at least now with the 755 by default, they can see the ACL to identify the issue and the superuser can fix that. Only a minor nit, for consistency with the other methods, I would use the {{hasMode()}} structure for {{MountTablePBImpl#getMode()}}. Something like: {code} @Override public FsPermission getMode() { MountTableRecordProtoOrBuilder proto = this.translator.getProtoOrBuilder(); short mode = RouterPermissionChecker.MOUNT_TABLE_PERMISSION_DEFAULT; if (proto.hasMode()) { mode = proto.getMode(); } return new FsPermission(mode); } {code} This is not exactly the same behavior you had with the 0 case but it should be more flexible as it actually allows setting the mode to 000 (not sure who would do that but...). I tested this in our clusters and the failed unit tests are not related. +1 > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch, > HDFS-12895.006.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16290588#comment-16290588 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 18s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 2 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 16m 38s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 53s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 38s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 58s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 11m 30s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 50s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 50s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 58s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 35s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 10m 57s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 47s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}110m 21s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 21s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}161m 2s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.server.namenode.TestReconstructStripedBlocks | | | hadoop.hdfs.server.namenode.TestDecommissioningStatus | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:5b98639 | | JIRA Issue | HDFS-12895 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12902008/HDFS-12895.006.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle cc | | uname | Linux eadf8073f69c 3.13.0-135-generic #184-Ubuntu SMP Wed Oct 18 11:55:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / f86c81d | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_151 | | findbugs | v3.1.0-RC1 | | findbugs | https://builds.apache.org/job/PreCommit-HDFS-Build/22400/artifact/out/branch-findbugs-hadoop-hdfs-project_hadoop-hdfs-warnings.html | | unit |
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16290401#comment-16290401 ] Yiqun Lin commented on HDFS-12895: -- bq. Not sure about user and group; show a default one? [~elgoiri], you raised a good point that we should be compatible with old no-permissions mount table entry. We can make these old entries with super user, supergroup, 755 mode as the default permissions. So this will lead a incompatible change that non-supersuer won't modify its old mount table entries. He should login as superuser first and update its mount table permission infos. Then he can manage his mount tables correctly. Other comments are addressed in update patch. Attach the updated patch. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16289898#comment-16289898 ] Lukas Majercak commented on HDFS-12895: --- Hi [~linyiqun]. Could we make all the members of {{ACLEntity}} final? > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16289556#comment-16289556 ] Íñigo Goiri commented on HDFS-12895: Thanks [~linyiqun] for taking care of the comments. A couple more based on [^HDFS-12895.005.patch]: * It seems we are defaulting to nulls when nothing there. The entries created early still show without permissions. We probably want to check for empty {{getMode()}} at {{MountTableImpl}}. Not sure about user and group; show a default one? Super user? This is what I currently get for old entries: {code} Mount Table Entries: SourceDestinations Owner Group Mode / ns0->/null null - /ns0 ns0->/null null - /ns1 ns1->/null null - /ns2 ns2->/null null - /ns3 ns3->/null null - {code} * {{removeMountTableEntry()}} could initialize {{deleteEntry}} right away without the null: {{final MountTable deleteEntry = getDriver().get(getRecordClass(), query);}} * For consistency, {{removeMountTableEntry()}} could do the same order of {{if}} as {{addMountTableEntry()}} and {{updateMountTableEntry()}} and avoid the {{pc}} init if no entry. In addition, the check status could use this if structure: {code} boolean status = false; if (deleteEntry != null) { RouterPermissionChecker pc = RouterAdminServer.getPermissionChecker(); if (pc != null) { pc.checkPermission(deleteEntry, FsAction.WRITE); } status = getDriver().remove(deleteEntry); } {code} Other than this, this is ready to go. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16289355#comment-16289355 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 16s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 2 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 16m 22s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 53s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 38s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 58s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 11m 21s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 50s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 49s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 56s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 35s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 10m 53s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 56s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 48s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}117m 48s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 22s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}168m 0s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:5b98639 | | JIRA Issue | HDFS-12895 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12901886/HDFS-12895.005.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle cc | | uname | Linux 1e24a8422047 3.13.0-135-generic #184-Ubuntu SMP Wed Oct 18 11:55:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 880cd75 | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_151 | | findbugs | v3.1.0-RC1 | | findbugs | https://builds.apache.org/job/PreCommit-HDFS-Build/22380/artifact/out/branch-findbugs-hadoop-hdfs-project_hadoop-hdfs-warnings.html | | unit | https://builds.apache.org/job/PreCommit-HDFS-Build/22380/artifact/out/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt | | Test Results |
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16289163#comment-16289163 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 15s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 2 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 16m 22s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 2s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 39s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 58s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 11m 30s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 56s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 51s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 0s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 0m 35s{color} | {color:orange} hadoop-hdfs-project/hadoop-hdfs: The patch generated 4 new + 21 unchanged - 0 fixed = 25 total (was 21) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 58s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 12m 2s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 23s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} javadoc {color} | {color:red} 0m 58s{color} | {color:red} hadoop-hdfs-project_hadoop-hdfs generated 1 new + 1 unchanged - 0 fixed = 2 total (was 1) {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}149m 51s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 22s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}202m 42s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.server.blockmanagement.TestBlockTokenWithDFS | | | hadoop.hdfs.TestDatanodeDeath | | | hadoop.hdfs.TestDFSStripedOutputStreamWithFailure140 | | | hadoop.hdfs.server.namenode.TestFsck | | | hadoop.hdfs.TestListFilesInFileContext | | | hadoop.hdfs.server.namenode.TestNameNodeMXBean | | | hadoop.hdfs.server.datanode.TestDataNodeVolumeFailure | | | hadoop.hdfs.server.namenode.TestReencryptionWithKMS | | | hadoop.hdfs.TestReadStripedFileWithDecodingCorruptData | | | hadoop.hdfs.server.namenode.TestAddStripedBlocks | | | hadoop.hdfs.server.balancer.TestBalancerWithMultipleNameNodes | | | hadoop.hdfs.server.datanode.TestDataNodeVolumeFailureReporting | | | hadoop.hdfs.TestDFSClientRetries | | | hadoop.hdfs.server.balancer.TestBalancerRPCDelay | | | hadoop.hdfs.server.datanode.TestDirectoryScanner | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:5b98639 | |
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16288873#comment-16288873 ] Yiqun Lin commented on HDFS-12895: -- Thanks for the reviews, [~elgoiri] and [~huanbang1993], all the comments make sense to me except following one: {quote} RouterAdmin#printUsage should open/close the brackets. {quote} The change of usage should be okay, this printed in my local {noformat} Federation Admin Tools: [-add[-readonly] -owner -group -mode ] [-rm ] [-ls ] {noformat} Attach the updated patch. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16288594#comment-16288594 ] Íñigo Goiri commented on HDFS-12895: [~huanbang1993], the commented code is in our internal PR not in this patch. The javadoc comment apply though. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16288550#comment-16288550 ] Anbang Hu commented on HDFS-12895: -- Thanks Yiqun's patch. Per Inigo's request, a few comments are listed: * Comments in RouterAdminServer.java has unnecessary "that" {code:java} /** * Permission related info that used for constructing new router permission * checker instance. */ private static String routerOwner; private static String superGroup; private static boolean isPermissionEnabled; ... /** * Get a new permission checker that used for making mount table access * control. This method will be invoked during each RPC call in router * admin server. * * @return * @throws AccessControlException */ public static RouterPermissionChecker getPermissionChecker() throws AccessControlException { if (!isPermissionEnabled) { return null; } {code} * There is a piece of commented code in MountTableStoreImpl.RemoveMountTableEntryResponse > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16288226#comment-16288226 ] Íñigo Goiri commented on HDFS-12895: [~linyiqun], thanks for [^HDFS-12895.003.patch]; I tested in our cluster and I have a few comments: * The javadoc in {{RouterPermissionChecker}} has a typo: ferdertion * {{MountTableStoreImpl#updateMountTableEntry()}} is repeating {{request.getEntry()}} * Could {{MountTableStoreImpl#removeMountTableEntry()}} still use the {{Query}} to do the get? * {{MountTableStoreImpl#getMountTableEntries()}} could use a different if structure: {code} } else if (pc != null) { // do the READ permission check try { pc.checkPermission(record, FsAction.READ); } catch(AccessControlException ignored) { // Remove this mount table entry if it cannot // be accessed by current user. it.remove(); } } {code} * In {{MountTable#toString()}}, we should use {{append}} instead of {{+}}. * {{RouterAdmin#printUsage}} should open/close the brackets. * In {{RouterAdmin}}, the new breaks across {{if}} are a little too much (this is more a personal taste thing, ignore if so). * The headers for the output in {{RouterAdmin}} have inconsitent capitalization (e.g., "Destinations", "owner"). * The entries that where created before show all the fields as null. Should we do some better default? In addition, they don't show for other users when they are default, if null, we should assume 755 or so. * When listing the entries, they show without a particular order; they should be sorted by source I'd say. * We should add these permissions to the Web UI. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16287166#comment-16287166 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 10s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 3 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 17m 3s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 54s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 39s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 59s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 11m 19s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 50s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 49s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 56s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 48s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 48s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 48s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 33s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 10m 46s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 59s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} javadoc {color} | {color:red} 0m 48s{color} | {color:red} hadoop-hdfs-project_hadoop-hdfs generated 1 new + 1 unchanged - 0 fixed = 2 total (was 1) {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red} 82m 10s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 23s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}132m 46s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.server.datanode.TestDataNodeVolumeFailureReporting | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:5b98639 | | JIRA Issue | HDFS-12895 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12901602/HDFS-12895.003.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle cc | | uname | Linux a19e03f3016a 3.13.0-135-generic #184-Ubuntu SMP Wed Oct 18 11:55:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 55fc2d6 | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_151 | | findbugs | v3.1.0-RC1 | | findbugs | https://builds.apache.org/job/PreCommit-HDFS-Build/22361/artifact/out/branch-findbugs-hadoop-hdfs-project_hadoop-hdfs-warnings.html | | javadoc |
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16287039#comment-16287039 ] Yiqun Lin commented on HDFS-12895: -- Thanks for the review, [~elgoiri]. I agree on your suggestions. Attach the updated patch. Please have a look. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, > HDFS-12895.003.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16286304#comment-16286304 ] Íñigo Goiri commented on HDFS-12895: For the {{RouterPermissionChecker}}, it might be a good idea to make it extend {{FsPermissionChecker}} to track the users, groups, etc. We are not saving much but it might be worth just to avoid having a pretty much repeated constructor (ignoring {{attributeProvider}} which could just be a null). This might require changing the visibility of a couple things in {{FsPermissionChecker}} though. I leave the decision to you, fine either way. We should have a short constant for the 00755. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16285950#comment-16285950 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 41s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 3 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 15m 3s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 54s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 35s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 55s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 10m 6s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 42s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 48s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 52s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 0m 31s{color} | {color:orange} hadoop-hdfs-project/hadoop-hdfs: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 52s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 9m 25s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 51s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs generated 3 new + 1 unchanged - 0 fixed = 4 total (was 1) {color} | | {color:red}-1{color} | {color:red} javadoc {color} | {color:red} 0m 45s{color} | {color:red} hadoop-hdfs-project_hadoop-hdfs generated 1 new + 1 unchanged - 0 fixed = 2 total (was 1) {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}124m 31s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 24s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}170m 31s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | FindBugs | module:hadoop-hdfs-project/hadoop-hdfs | | | Write to static field org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer.isPermissionEnabled from instance method new org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer(Configuration, Router) At RouterAdminServer.java:from instance method new org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer(Configuration, Router) At RouterAdminServer.java:[line 117] | | | Write to static field org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer.routerOwner from instance method new org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer(Configuration, Router) At RouterAdminServer.java:from instance method new org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer(Configuration, Router) At RouterAdminServer.java:[line 114] | | | Write to static field
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16285818#comment-16285818 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 20s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 3 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 18m 51s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 7s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 44s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 17s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 13m 18s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 2m 12s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 57s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 12s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 5s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 1m 5s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 1m 5s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 0m 41s{color} | {color:orange} hadoop-hdfs-project/hadoop-hdfs: The patch generated 2 new + 0 unchanged - 0 fixed = 2 total (was 0) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 13s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 13m 10s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 2m 33s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs generated 1 new + 1 unchanged - 0 fixed = 2 total (was 1) {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 58s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}123m 3s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 23s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}182m 47s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | FindBugs | module:hadoop-hdfs-project/hadoop-hdfs | | | Write to static field org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer.permissionChecker from instance method org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer.setPermissionChecker(RouterPermissionChecker) At RouterAdminServer.java:from instance method org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer.setPermissionChecker(RouterPermissionChecker) At RouterAdminServer.java:[line 228] | | Failed junit tests | hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency | | | hadoop.hdfs.TestPersistBlocks | | | hadoop.hdfs.server.namenode.TestNameNodeMXBean | | | hadoop.hdfs.qjournal.server.TestJournalNodeSync | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:5b98639 | | JIRA Issue | HDFS-12895 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12901464/HDFS-12895.002.patch | |
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16285770#comment-16285770 ] Yiqun Lin commented on HDFS-12895: -- Re-attach the v2 patch. Fixing the bug of permission checker. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16285651#comment-16285651 ] Yiqun Lin commented on HDFS-12895: -- Thanks for the review, [~elgoiri]. bq. I'm not sure if we should add checkPermission(MountTable mountTable, FsAction access) to... I agree that would be better to create a new permission checker specified for Router and that will makes code clean. Had made this change in the latest patch. bq. Clean parenthesis in boolean st... Fixed. bq. Should we have chmod and chown? Current add command can update ACL info of mount table. So I didn't add these new commands. But if you think these two commands will be more better understanding for users to set ACL of mount table, we can filling new JIRA to implement this. Attach the new patch.. * Fix checkstyle issues. * Fix related unit tests. * Address review comments. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16285345#comment-16285345 ] Íñigo Goiri commented on HDFS-12895: Should we have chmod and chown? > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16285340#comment-16285340 ] Íñigo Goiri commented on HDFS-12895: Thanks [~linyiqun], it looks good. In addition to fixing the style checks, a couple minor comments: * I'm not sure if we should add {{checkPermission(MountTable mountTable, FsAction access)}} to the regular {{FSPermissionChecker}} or create a new one for the router which would use the methods from {{FSPermissionChecker}}. * Clean parenthesis in {{boolean status = (deleteEntry != null) && (getDriver().remove(deleteEntry));}}. I'll apply it to our cluster to test it a little. > RBF: Add ACL support for mount table > > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task >Affects Versions: 3.0.0-alpha3 >Reporter: Yiqun Lin >Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch > > > Adding ACL support for the Mount Table management. Following is the initial > design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use > {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add > [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are > specified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add > command again. This command not only adding for new mount talle but also > updating mount table once it finds given mount table is existed. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
[ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16285217#comment-16285217 ] genericqa commented on HDFS-12895: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 16s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 18m 8s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 55s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 42s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 10s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 12m 18s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 2m 3s{color} | {color:red} hadoop-hdfs-project/hadoop-hdfs in trunk has 1 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 50s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 57s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 59s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} cc {color} | {color:green} 0m 59s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 59s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 0m 36s{color} | {color:orange} hadoop-hdfs-project/hadoop-hdfs: The patch generated 15 new + 21 unchanged - 0 fixed = 36 total (was 21) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 3s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 10m 51s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 16s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}128m 54s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 26s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}182m 57s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.TestDFSStripedOutputStreamWithFailure150 | | | hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency | | | hadoop.hdfs.TestReadStripedFileWithMissingBlocks | | | hadoop.hdfs.TestPersistBlocks | | | hadoop.hdfs.server.federation.store.driver.TestStateStoreZK | | | hadoop.hdfs.server.federation.store.driver.TestStateStoreFile | | | hadoop.hdfs.server.datanode.TestDataNodeVolumeFailureReporting | | | hadoop.hdfs.server.federation.store.TestStateStoreMountTable | | | hadoop.metrics2.sink.TestRollingFileSystemSinkWithHdfs | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:5b98639 | | JIRA Issue | HDFS-12895 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12901393/HDFS-12895.001.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle cc | | uname | Linux 7331e7c68398 3.13.0-135-generic #184-Ubuntu SMP Wed Oct 18 11:55:51 UTC 2017