-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HDDS-4787. Trash emptier fails to create checkpoints in a secure setup #1888
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @sadanand48 for working on this.
I think secure acceptance test failure is related:
om_1 | 2021-02-03 05:18:00,113 [OM StateMachine ApplyTransaction Thread - 0] ERROR ratis.OzoneManagerStateMachine: Terminating with exit status 1: Request cmdType: RenameKey
om_1 | clientId: "client-6670A68B0F8D"
om_1 | userInfo {
om_1 | }
om_1 | renameKeyRequest {
om_1 | keyArgs {
om_1 | volumeName: "fstest1-src"
om_1 | bucketName: "link1-o3fs-src"
om_1 | keyName: ".Trash/root/Current/"
om_1 | modificationTime: 1612329480031
om_1 | }
om_1 | toKeyName: ".Trash/root/210203051800/"
om_1 | }
om_1 | failed with exception
om_1 | java.lang.NullPointerException
om_1 | at org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer.isAdmin(OzoneNativeAuthorizer.java:222)
om_1 | at org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer.checkAccess(OzoneNativeAuthorizer.java:92)
om_1 | at org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:1797)
om_1 | at org.apache.hadoop.ozone.om.request.OMClientRequest.checkAcls(OMClientRequest.java:176)
om_1 | at org.apache.hadoop.ozone.om.request.OMClientRequest.checkAcls(OMClientRequest.java:154)
om_1 | at org.apache.hadoop.ozone.om.request.key.OMKeyRequest.checkKeyAcls(OMKeyRequest.java:437)
om_1 | at org.apache.hadoop.ozone.om.request.key.OMKeyRenameRequest.validateAndUpdateCache(OMKeyRenameRequest.java:143)
https://github.com/apache/ozone/runs/1819931384#step:7:549
https://github.com/apache/ozone/suites/1956204276/artifacts/38766607
|
||
if (remoteAddress != null) { | ||
userInfo.setHostName(remoteAddress.getHostName()); | ||
userInfo.setRemoteAddress(remoteAddress.getHostAddress()).build(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
userInfo.setRemoteAddress(remoteAddress.getHostAddress()).build(); | |
userInfo.setRemoteAddress(remoteAddress.getHostAddress()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
ProtobufRpcEngine.Server.getRemoteUser() != null ? | ||
ProtobufRpcEngine.Server.getRemoteUser() : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: can you please store these in local variables instead of multiple calls?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
resolved = resolveBucketLink(requested, new HashSet<>(), | ||
null, null, null); | ||
try { | ||
if (isAclEnabled) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree with @adoroszlai can we use a local variable to hold the result of Server.getRemoteIp().
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @sadanand48 for working on this. Patch LGTM, just some minor comments. Can you add a test to cover this?
Thanks @xiaoyuyao for reviewing this . |
Thanks @adoroszlai for the review and pointing out the error in the secure acceptance check. It's passing now. |
Thanks @sadanand48 for updating the patch. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
apache#1888) (cherry picked from commit fa5a080) Change-Id: I5d9ffe21a9a42f8d957110d2fcc282ec5049a3f5
What changes were proposed in this pull request?
Since in
TrashOzoneFilesystem
the calls are internal and not through RPC, NPE is generated duringcheckacls
(), SinceServer.getRemoteIp
and other such parameters would be null, the security authorizers too generate an NPE. The fix here is ifServer.getRemoteIp()
is null replace it with ip of the node that starts OMWhat is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-4787#
How was this patch tested?
Existing unit tests. also tried on cluster https://github.com/sadanand48/hadoop-ozone/runs/1825648963?check_suite_focus=true