hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HDFS-592) Allow client to get a new generation stamp from NameNode
Date Sat, 12 Sep 2009 00:39:57 GMT

    [ https://issues.apache.org/jira/browse/HDFS-592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754445#action_12754445
] 

Kan Zhang commented on HDFS-592:
--------------------------------

Namenode needs to verify that the requesting client is the client that has previously been
authorized to write to the Block. Otherwise, this can become a security hole. This checking
is missing in existing code (it was hard to do since in existing code recovery is done at
datanode). We probably need open a new JIRA for this. For now you may want to let the client
send the clientname it used in the create() call and check that the DFSClient instance is
the leaseholder. However, this may not solve the problem since clientname may be guessed.
For security purposes, the checking should be based on an authenticated username. Also, can
we choose a method name other than getNewGenerationStampAndAccessToken()? In my view, the
namenode is not doing this as a general service to any client that wants an access token.
This is done only in the context of pipeline recovery. How about using something like pipelineRecovery()?

> Allow client to get a new generation stamp from NameNode
> --------------------------------------------------------
>
>                 Key: HDFS-592
>                 URL: https://issues.apache.org/jira/browse/HDFS-592
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: name-node
>    Affects Versions: Append Branch
>            Reporter: Hairong Kuang
>            Assignee: Hairong Kuang
>             Fix For: Append Branch
>
>         Attachments: newGS.patch, newGS1.patch
>
>
> This issue aims to  add an API to ClientProtocol that fetches a new generation stamp
and an access token from NameNode to support append or pipeline recovery.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message