hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ayush Saxena (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (HDFS-15154) Allow only hdfs superusers the ability to assign HDFS storage policies
Date Fri, 21 Feb 2020 19:14:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-15154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042114#comment-17042114
] 

Ayush Saxena edited comment on HDFS-15154 at 2/21/20 7:13 PM:
--------------------------------------------------------------

Thanx [~swagle] for the patch. 
 To handle deprecation, you can do something like this :

 
{code:java}
      boolean storagePolicyEnabled =
          conf.getBoolean(DFSConfigKeys.DFS_STORAGE_POLICY_ENABLED_KEY,
              DFSConfigKeys.DFS_STORAGE_POLICY_ENABLED_DEFAULT);
      if (storagePolicyEnabled) {
        this.storagePoliciesEnabled = conf.getEnum(DFS_STORAGE_POLICIES_ENABLED,
            DFS_STORAGE_POLICIES_ENABLED_DEFAULT);
      } else {
        // Some warn log, telling changing conf, since
        // DFS_STORAGE_POLICY_ENABLED_KEY is set to false.
        this.storagePoliciesEnabled =
            DFSConfigKeys.DfsStoragePolicySetting.DISABLED;
      }
{code}
 

Then rather than checking just {{superuser}} you can even check whether storage policy is
enabled or not in FSN itself before taking lock rather than going till {{FsDirectory}}. You
can create a method, and do these checks. Something like this :
{code:java}
  private void checkStoragePolicyPermissions() throws IOException {
    if (storagePoliciesEnabled
        == DFSConfigKeys.DfsStoragePolicySetting.ADMINS) {
      checkSuperuserPrivilege("setStoragePolicy");
    } else if (storagePoliciesEnabled
        == DFSConfigKeys.DfsStoragePolicySetting.DISABLED) {
      throw new IOException(String.format(
          "Failed to setStoragePolicy storage policy since %s is set to %s.",
          DFS_STORAGE_POLICIES_ENABLED,
          DFSConfigKeys.DfsStoragePolicySetting.DISABLED));
    }
  }
{code}

Post this, I guess you can remove the logic from {{FsDirectory}} too. In {{StoragePolicySatisfiyManager}}
{{namesystem}} is there you can get the config value using this variable from {{FsNamesystem}}
Let me know if you are still facing any problem. 


was (Author: ayushtkn):
Thanx [~swagle] for the patch. 
 To handle deprecation, you can do something like this :

 
{code:java}
      if (storagePolicyEnabled) {
        this.storagePoliciesEnabled = conf.getEnum(DFS_STORAGE_POLICIES_ENABLED,
            DFS_STORAGE_POLICIES_ENABLED_DEFAULT);
      } else {
        // Some warn log, telling changing conf, since
        // DFS_STORAGE_POLICY_ENABLED_KEY is set to false.
        this.storagePoliciesEnabled =
            DFSConfigKeys.DfsStoragePolicySetting.DISABLED;
      }
{code}
 

Then rather than checking just {{superuser}} you can even check whether storage policy is
enabled or not in FSN itself before taking lock rather than going till {{FsDirectory}}. You
can create a method, and do these checks. Something like this :
{code:java}
  private void checkStoragePolicyPermissions() throws IOException {
    if (storagePoliciesEnabled
        == DFSConfigKeys.DfsStoragePolicySetting.ADMINS) {
      checkSuperuserPrivilege("setStoragePolicy");
    } else if (storagePoliciesEnabled
        == DFSConfigKeys.DfsStoragePolicySetting.DISABLED) {
      throw new IOException(String.format(
          "Failed to setStoragePolicy storage policy since %s is set to %s.",
          DFS_STORAGE_POLICIES_ENABLED,
          DFSConfigKeys.DfsStoragePolicySetting.DISABLED));
    }
  }
{code}

Post this, I guess you can remove the logic from {{FsDirectory}} too. In {{StoragePolicySatisfiyManager}}
{{namesystem}} is there you can get the config value using this variable from {{FsNamesystem}}
Let me know if you are still facing any problem. 

> Allow only hdfs superusers the ability to assign HDFS storage policies
> ----------------------------------------------------------------------
>
>                 Key: HDFS-15154
>                 URL: https://issues.apache.org/jira/browse/HDFS-15154
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: hdfs
>    Affects Versions: 3.0.0
>            Reporter: Bob Cauthen
>            Assignee: Siddharth Wagle
>            Priority: Major
>         Attachments: HDFS-15154.01.patch, HDFS-15154.02.patch, HDFS-15154.03.patch, HDFS-15154.04.patch
>
>
> Please provide a way to limit only HDFS superusers the ability to assign HDFS Storage
Policies to HDFS directories.
> Currently, and based on Jira HDFS-7093, all storage policies can be disabled cluster
wide by setting the following:
> dfs.storage.policy.enabled to false
> But we need a way to allow only HDFS superusers the ability to assign an HDFS Storage
Policy to an HDFS directory.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message