hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-9395) Make HDFS audit logging consistant
Date Fri, 26 Feb 2016 15:42:18 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15169208#comment-15169208

Kihwal Lee commented on HDFS-9395:

The two tests failed due to OOM and timeout.  It must be the environment. They all pass with
the patch when I ran.
 T E S T S
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=768m; support was removed in
Running org.apache.hadoop.hdfs.server.namenode.snapshot.TestRenameWithSnapshots
Tests run: 36, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 217.27 sec - in org.apache.hadoop.hdfs.server.namenode.snapshot.TestRenameWithSnapshots
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=768m; support was removed in
Running org.apache.hadoop.tools.TestJMXGet
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 26.792 sec - in org.apache.hadoop.tools.TestJMXGet

Results :

Tests run: 38, Failures: 0, Errors: 0, Skipped: 0

+1 for the branch-2.7 patch. It looks like a correct port.

> Make HDFS audit logging consistant
> ----------------------------------
>                 Key: HDFS-9395
>                 URL: https://issues.apache.org/jira/browse/HDFS-9395
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Kihwal Lee
>            Assignee: Kuhu Shukla
>             Fix For: 2.8.0
>         Attachments: HDFS-9395-branch-2.7.001.patch, HDFS-9395-branch-2.7.002.patch,
HDFS-9395.001.patch, HDFS-9395.002.patch, HDFS-9395.003.patch, HDFS-9395.004.patch, HDFS-9395.005.patch,
HDFS-9395.006.patch, HDFS-9395.007.patch
> So, the big question here is what should go in the audit log? All failures, or just "permission
denied" failures? Or, to put it a different way, if someone attempts to do something and it
fails because a file doesn't exist, is that worth an audit log entry?
> We are currently inconsistent on this point. For example, concat, getContentSummary,
addCacheDirective, and setErasureEncodingPolicy create an audit log entry for all failures,
but setOwner, delete, and setAclEntries attempt to only create an entry for AccessControlException-based
failures. There are a few operations, like allowSnapshot, disallowSnapshot, and startRollingUpgrade
that never create audit log failure entries at all. They simply log nothing for any failure,
and log success for a successful operation.
> So to summarize, different HDFS operations currently fall into 3 categories:
> 1. audit-log all failures
> 2. audit-log only AccessControlException failures
> 3. never audit-log failures
> Which category is right?  And how can we fix the inconsistency

This message was sent by Atlassian JIRA

View raw message