Return-Path: Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: (qmail 1333 invoked from network); 12 Sep 2009 00:40:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Sep 2009 00:40:19 -0000 Received: (qmail 24676 invoked by uid 500); 12 Sep 2009 00:40:19 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 24646 invoked by uid 500); 12 Sep 2009 00:40:19 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 24636 invoked by uid 99); 12 Sep 2009 00:40:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Sep 2009 00:40:19 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Sep 2009 00:40:17 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 762FC234C004 for ; Fri, 11 Sep 2009 17:39:57 -0700 (PDT) Message-ID: <789729828.1252715997472.JavaMail.jira@brutus> Date: Fri, 11 Sep 2009 17:39:57 -0700 (PDT) From: "Kan Zhang (JIRA)" To: hdfs-issues@hadoop.apache.org Subject: [jira] Commented: (HDFS-592) Allow client to get a new generation stamp from NameNode In-Reply-To: <1271617226.1251999597457.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HDFS-592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754445#action_12754445 ] Kan Zhang commented on HDFS-592: -------------------------------- Namenode needs to verify that the requesting client is the client that has previously been authorized to write to the Block. Otherwise, this can become a security hole. This checking is missing in existing code (it was hard to do since in existing code recovery is done at datanode). We probably need open a new JIRA for this. For now you may want to let the client send the clientname it used in the create() call and check that the DFSClient instance is the leaseholder. However, this may not solve the problem since clientname may be guessed. For security purposes, the checking should be based on an authenticated username. Also, can we choose a method name other than getNewGenerationStampAndAccessToken()? In my view, the namenode is not doing this as a general service to any client that wants an access token. This is done only in the context of pipeline recovery. How about using something like pipelineRecovery()? > Allow client to get a new generation stamp from NameNode > -------------------------------------------------------- > > Key: HDFS-592 > URL: https://issues.apache.org/jira/browse/HDFS-592 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: name-node > Affects Versions: Append Branch > Reporter: Hairong Kuang > Assignee: Hairong Kuang > Fix For: Append Branch > > Attachments: newGS.patch, newGS1.patch > > > This issue aims to add an API to ClientProtocol that fetches a new generation stamp and an access token from NameNode to support append or pipeline recovery. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.