hadoop-mapreduce-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vino...@apache.org
Subject svn commit: r938797 - in /hadoop/mapreduce/trunk: CHANGES.txt src/java/org/apache/hadoop/mapred/TaskLogServlet.java src/test/mapred/org/apache/hadoop/mapred/TestWebUIAuthorization.java
Date Wed, 28 Apr 2010 06:33:27 GMT
Author: vinodkv
Date: Wed Apr 28 06:33:26 2010
New Revision: 938797

URL: http://svn.apache.org/viewvc?rev=938797&view=rev
Log:
MAPREDUCE-1657. After task logs directory is deleted, tasklog servlet displays wrong error
message about job ACLs. Contributed by Ravi Gummadi.

Modified:
    hadoop/mapreduce/trunk/CHANGES.txt
    hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskLogServlet.java
    hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestWebUIAuthorization.java

Modified: hadoop/mapreduce/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/CHANGES.txt?rev=938797&r1=938796&r2=938797&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/CHANGES.txt (original)
+++ hadoop/mapreduce/trunk/CHANGES.txt Wed Apr 28 06:33:26 2010
@@ -605,6 +605,9 @@ Trunk (unreleased changes)
     MAPREDUCE-1609. TaskTracker.localizeJob should not set permissions on 
     job log directory recursively. (Amareshwari Sriramadasu via vinodkv)
 
+    MAPREDUCE-1657. After task logs directory is deleted, tasklog servlet 
+    displays wrong error message about job ACLs. (Ravi Gummadi via vinodkv)
+
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskLogServlet.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskLogServlet.java?rev=938797&r1=938796&r2=938797&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskLogServlet.java (original)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskLogServlet.java Wed Apr 28
06:33:26 2010
@@ -31,7 +31,6 @@ import javax.servlet.http.HttpServletRes
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.mapreduce.JobACL;
-import org.apache.hadoop.mapreduce.JobContext;
 import org.apache.hadoop.security.AccessControlException;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authorize.AccessControlList;
@@ -129,7 +128,8 @@ public class TaskLogServlet extends Http
         constructJobACLs(conf).get(JobACL.VIEW_JOB);
 
     String jobOwner = conf.get(JobContext.USER_NAME);
-    UserGroupInformation callerUGI = UserGroupInformation.createRemoteUser(user);
+    UserGroupInformation callerUGI =
+        UserGroupInformation.createRemoteUser(user);
 
     tracker.getJobACLsManager().checkAccess(jobId, callerUGI, JobACL.VIEW_JOB,
         jobOwner, jobViewACL);
@@ -138,11 +138,21 @@ public class TaskLogServlet extends Http
   /**
    * Builds a Configuration object by reading the xml file.
    * This doesn't load the default resources.
+   *
+   * Returns null if job-acls.xml is not there in userlogs/$jobid/attempt-dir on
+   * local file system. This can happen when we restart the cluster with job
+   * level authorization enabled(but was disabled on earlier cluster) and
+   * viewing task logs of old jobs(i.e. jobs finished on earlier unsecure
+   * cluster).
    */
   static Configuration getConfFromJobACLsFile(String attemptIdStr) {
-    Configuration conf = new Configuration(false);
-    conf.addResource(new Path(TaskLog.getAttemptDir(attemptIdStr).toString(),
-        TaskRunner.jobACLsFile));
+    Path jobAclsFilePath = new Path(
+        TaskLog.getAttemptDir(attemptIdStr).toString(), TaskRunner.jobACLsFile);
+    Configuration conf = null;
+    if (new File(jobAclsFilePath.toUri().getPath()).exists()) {
+      conf = new Configuration(false);
+      conf.addResource(jobAclsFilePath);
+    }
     return conf;
   }
 
@@ -167,24 +177,34 @@ public class TaskLogServlet extends Http
     }
 
     TaskAttemptID attemptId = TaskAttemptID.forName(attemptIdStr);
+    if (!TaskLog.getAttemptDir(attemptIdStr).exists()) {
+      response.sendError(HttpServletResponse.SC_GONE,
+          "Task log directory for task " + attemptId +
+          " does not exist. May be cleaned up by Task Tracker, if older logs.");
+      return;
+    }
 
     // get user name who is accessing
     String user = request.getRemoteUser();
     if (user != null) {
-      // get jobACLConf from ACLs file
-      JobConf jobACLConf = new JobConf(getConfFromJobACLsFile(attemptIdStr));
       ServletContext context = getServletContext();
       TaskTracker taskTracker = (TaskTracker) context.getAttribute(
           "task.tracker");
-      JobID jobId = attemptId.getJobID();
-
-      try {
-        checkAccessForTaskLogs(jobACLConf, user, jobId, taskTracker);
-      } catch (AccessControlException e) {
-        String errMsg = "User " + user + " failed to view tasklogs of job " +
-            jobId + "!\n\n" + e.getMessage();
-        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, errMsg);
-        return;
+      // get jobACLConf from ACLs file
+      Configuration jobACLConf = getConfFromJobACLsFile(attemptIdStr);
+      // Ignore authorization if job-acls.xml is not found
+      if (jobACLConf != null) {
+        JobID jobId = attemptId.getJobID();
+
+        try {
+          checkAccessForTaskLogs(new JobConf(jobACLConf), user, jobId,
+              taskTracker);
+        } catch (AccessControlException e) {
+          String errMsg = "User " + user + " failed to view tasklogs of job " +
+              jobId + "!\n\n" + e.getMessage();
+          response.sendError(HttpServletResponse.SC_UNAUTHORIZED, errMsg);
+          return;
+        }
       }
     }
 

Modified: hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestWebUIAuthorization.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestWebUIAuthorization.java?rev=938797&r1=938796&r2=938797&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestWebUIAuthorization.java
(original)
+++ hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestWebUIAuthorization.java
Wed Apr 28 06:33:26 2010
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.mapred;
 
+import java.io.File;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.net.URL;
@@ -26,6 +27,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.apache.hadoop.fs.CommonConfigurationKeys;
+import org.apache.hadoop.fs.FileUtil;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.http.TestHttpServer.DummyFilterInitializer;
 import org.apache.hadoop.mapreduce.JobContext;
@@ -327,15 +329,38 @@ public class TestWebUIAuthorization exte
 
         // validate access to tasklogs - STDOUT and STDERR. SYSLOGs are not
         // generated for the 1 map sleep job in the test case.
-        validateViewJob(TaskLogServlet.getTaskLogUrl("localhost",
+        String stdoutURL = TaskLogServlet.getTaskLogUrl("localhost",
             Integer.toString(attemptsMap.get(attempt).getHttpPort()),
-            attempt.toString())
-            + "&filter=" + TaskLog.LogName.STDOUT, "GET");
+            attempt.toString()) + "&filter=" + TaskLog.LogName.STDOUT;
+        validateViewJob(stdoutURL, "GET");
 
-        validateViewJob(TaskLogServlet.getTaskLogUrl("localhost",
+        String stderrURL = TaskLogServlet.getTaskLogUrl("localhost",
             Integer.toString(attemptsMap.get(attempt).getHttpPort()),
-            attempt.toString())
-            + "&filter=" + TaskLog.LogName.STDERR, "GET");        
+            attempt.toString()) + "&filter=" + TaskLog.LogName.STDERR;
+        validateViewJob(stderrURL, "GET");
+
+        // delete job-acls.xml file from the task log dir of attempt and verify
+        // if unauthorized users can view task logs of attempt.
+        Path jobACLsFilePath = new Path(
+            TaskLog.getAttemptDir(attempt.toString()).toString(),
+            TaskRunner.jobACLsFile);
+        new File(jobACLsFilePath.toUri().getPath()).delete();
+        assertEquals("Incorrect return code for " + unauthorizedUser,
+            HttpURLConnection.HTTP_OK, getHttpStatusCode(stdoutURL,
+            unauthorizedUser, "GET"));
+        assertEquals("Incorrect return code for " + unauthorizedUser,
+            HttpURLConnection.HTTP_OK, getHttpStatusCode(stderrURL,
+            unauthorizedUser, "GET"));
+
+        // delete the whole task log dir of attempt and verify that we get
+        // correct response code (i.e. HTTP_GONE) when task logs are accessed.
+        FileUtil.fullyDelete(TaskLog.getAttemptDir(attempt.toString()));
+        assertEquals("Incorrect return code for " + jobSubmitter,
+            HttpURLConnection.HTTP_GONE, getHttpStatusCode(stdoutURL,
+            jobSubmitter, "GET"));
+        assertEquals("Incorrect return code for " + jobSubmitter,
+            HttpURLConnection.HTTP_GONE, getHttpStatusCode(stderrURL,
+            jobSubmitter, "GET"));
       }
     }
 



Mime
View raw message