[ https://issues.apache.org/jira/browse/HDFS-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colin Patrick McCabe updated HDFS-3608: --------------------------------------- Attachment: HDFS-3608.004.patch fuse_timer.c: * add fuse_timer.c, which can invoke callbacks after timeouts * add test_fuse_timer unit test to test fuse_timer.c fuse_connect.c: * We now reference-count libhdfs connection objects using struct hdfsConn * expire old FS instances after a certain amount of time has elapsed (a few minutes) * expire old FS isntances whenever the kerberos ticket cache mtime changes * store uri and port statically rather than requiring them to be passed in separately each time we make a connection * add fuseConnectTest, which will create a sample FileSystem object, in order to verify that the provided configuration is valid. This method was previously implemented inline in the main() method. This will probably not work for Kerberos-authenticated clusters, since that would require root to be kinit'ed. So add a TODO and stub out the code when Kerberos is enabled. most fuse operations: * fh now contains a fuseConn object rather than simply an hdfsFS object * fuse operations must rememeber to call hdfsConnRelease, since we're now reference-counting FS objects fuse_impls_open.c: * fix some error handling code fuse_init.c: * be more verbose about printing dfs options on startup jni_helper.c: * invoke FileSystem::loadFileSystems immediately after startup to avoid classloader problems later tree.h: * add BSD-licensed red-black tree implementation > fuse_dfs: detect changes in UID ticket cache > -------------------------------------------- > > Key: HDFS-3608 > URL: https://issues.apache.org/jira/browse/HDFS-3608 > Project: Hadoop HDFS > Issue Type: Bug > Affects Versions: 2.1.0-alpha > Reporter: Colin Patrick McCabe > Assignee: Colin Patrick McCabe > Priority: Minor > Attachments: HDFS-3608.004.patch > > > Currently in fuse_dfs, if one kinits as some principal "foo" and then does > some operation on fuse_dfs, then kdestroy and kinit as some principal "bar", > subsequent operations done via fuse_dfs will still use cached credentials for > "foo". The reason for this is that fuse_dfs caches Filesystem instances using > the UID of the user running the command as the key into the cache. This is a > very uncommon scenario, since it's pretty uncommon for a single user to want > to use credentials for several different principals on the same box. > However, we can use inotify to detect changes in the Kerberos ticket cache > file and force the next operation to create a new FileSystem instance in that > case. This will also require a reference counting mechanism in fuse_dfs so > that we can free the FileSystem classes when they refer to previous Kerberos > ticket caches. > Another mechanism is to run a stat periodically on the ticket cache file. > This is a good fallback mechanism if inotify does not work on the file (for > example, because it's on an NFS mount.) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira