Avoiding denial of service between clients.

Author: simbadzina

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java

@@ -937,6 +937,9 @@ public static class Call implements Schedulable,
     // the priority level assigned by scheduler, 0 by default
     private long clientStateId;
     private boolean isCallCoordinated;
+    // Serialized RouterFederatedStateProto message to
+    // store last seen states for multiple namespaces.
+    private ByteString federatedNamespaceState;
 
     Call() {
       this(RpcConstants.INVALID_CALL_ID, RpcConstants.INVALID_RETRY_COUNT,
@@ -994,6 +997,14 @@ public ProcessingDetails getProcessingDetails() {
       return processingDetails;
     }
 
+    public void setFederatedNamespaceState(ByteString federatedNamespaceState) {
+      this.federatedNamespaceState = federatedNamespaceState;
+    }
+
+    public ByteString getFederatedNamespaceState() {
+      return this.federatedNamespaceState;
+    }
+
     @Override
     public String toString() {
       return "Call#" + callId + " Retry#" + retryCount;
@@ -2868,6 +2879,9 @@ private void processRpcRequest(RpcRequestHeaderProto header,
             stateId = alignmentContext.receiveRequestState(
                 header, getMaxIdleTime());
             call.setClientStateId(stateId);
+            if (header.hasRouterFederatedState()) {
+              call.setFederatedNamespaceState(header.getRouterFederatedState());
+            }
           }
         } catch (IOException ioe) {
           throw new RpcServerException("Processing RPC request caught ", ioe);

hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/ClientGSIContext.java

@@ -74,7 +74,7 @@ public void updateResponseState(RpcResponseHeaderProto.Builder header) {
    * in responses.
    */
   @Override
-  public void receiveResponseState(RpcResponseHeaderProto header) {
+  public synchronized void receiveResponseState(RpcResponseHeaderProto header) {
     if (header.hasRouterFederatedState()) {
       routerFederatedState = header.getRouterFederatedState();
     } else {
@@ -86,7 +86,7 @@ public void receiveResponseState(RpcResponseHeaderProto header) {
    * Client side implementation for providing state alignment info in requests.
    */
   @Override
-  public void updateRequestState(RpcRequestHeaderProto.Builder header) {
+  public synchronized void updateRequestState(RpcRequestHeaderProto.Builder header) {
     if (lastSeenStateId.get() != NamespaceStateId.DEFAULT) {
       header.setStateId(lastSeenStateId.get());
     }

hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/ConnectionManager.java

@@ -33,7 +33,6 @@
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 
 import org.apache.hadoop.classification.VisibleForTesting;
-import org.apache.hadoop.hdfs.ClientGSIContext;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.Time;
@@ -194,7 +193,8 @@ public void close() {
    * @throws IOException If the connection cannot be obtained.
    */
   public ConnectionContext getConnection(UserGroupInformation ugi,
-      String nnAddress, Class<?> protocol, String nsId) throws IOException {
+      String nnAddress, Class<?> protocol, String nsId,
+      Long clientStateId) throws IOException {
 
     // Check if the manager is shutdown
     if (!this.running) {
@@ -224,10 +224,11 @@ public ConnectionContext getConnection(UserGroupInformation ugi,
           pool = new ConnectionPool(
               this.conf, nnAddress, ugi, this.minSize, this.maxSize,
               this.minActiveRatio, protocol,
-              new ClientGSIContext(this.federatedNamespaceIds.getNamespaceId(nsId)));
+              new PoolAlignmentContext(this.federatedNamespaceIds.getNamespaceId(nsId)));
           this.pools.put(connectionId, pool);
           this.connectionPoolToNamespaceMap.put(connectionId, nsId);
         }
+        pool.getPoolAlignmentContext().advanceClientStateId(clientStateId);
       } finally {
         writeLock.unlock();
       }

hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/ConnectionPool.java

@@ -110,7 +110,7 @@ public class ConnectionPool {
   /** Enable using multiple physical socket or not. **/
   private final boolean enableMultiSocket;
   /** StateID alignment context. */
-  private final AlignmentContext alignmentContext;
+  private final PoolAlignmentContext alignmentContext;
 
   /** Map for the protocols and their protobuf implementations. */
   private final static Map<Class<?>, ProtoImpl> PROTO_MAP = new HashMap<>();
@@ -141,7 +141,7 @@ private static class ProtoImpl {
 
   protected ConnectionPool(Configuration config, String address,
       UserGroupInformation user, int minPoolSize, int maxPoolSize,
-      float minActiveRatio, Class<?> proto, AlignmentContext alignmentContext)
+      float minActiveRatio, Class<?> proto, PoolAlignmentContext alignmentContext)
       throws IOException {
 
     this.conf = config;
@@ -217,6 +217,14 @@ public AtomicInteger getClientIndex() {
     return this.clientIndex;
   }
 
+  /**
+   * Get the alignment context for this pool
+   * @return Alignment context
+   */
+  public PoolAlignmentContext getPoolAlignmentContext() {
+    return this.alignmentContext;
+  }
+
   /**
    * Return the next connection round-robin.
    *

hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/FederatedNamespaceIds.java

@@ -21,8 +21,6 @@
 import java.util.Collections;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.locks.ReentrantLock;
-import org.apache.hadoop.classification.VisibleForTesting;
 import org.apache.hadoop.hdfs.NamespaceStateId;
 import org.apache.hadoop.ipc.protobuf.RpcHeaderProtos;
 import org.apache.hadoop.hdfs.federation.protocol.proto.HdfsServerFederationProtos.RouterFederatedStateProto;
@@ -36,67 +34,30 @@
  * Router clients share and query the entire collection.
  */
 public class FederatedNamespaceIds {
-  private final Map<String, NamespaceStateId> namespaceIdMap = new ConcurrentHashMap<>();
-  private final ReentrantLock lock = new ReentrantLock();
-
-  public void updateStateUsingRequestHeader(RpcHeaderProtos.RpcRequestHeaderProto header) {
-    if (header.hasRouterFederatedState()) {
-      RouterFederatedStateProto federatedState;
-      try {
-        federatedState = RouterFederatedStateProto.parseFrom(header.getRouterFederatedState());
-      } catch (InvalidProtocolBufferException e) {
-        throw new RuntimeException(e);
-      }
-      lock.lock();
-      try {
-        federatedState.getNamespaceStateIdsMap().forEach((nsId, stateId) -> {
-          if (!namespaceIdMap.containsKey(nsId)) {
-            namespaceIdMap.putIfAbsent(nsId, new NamespaceStateId());
-          }
-          namespaceIdMap.get(nsId).update(stateId);
-        });
-      } finally {
-        lock.unlock();
-      }
-
-    }
-  }
+  private final ConcurrentHashMap<String, NamespaceStateId> namespaceIdMap =
+      new ConcurrentHashMap<>();
 
   public void setResponseHeaderState(RpcHeaderProtos.RpcResponseHeaderProto.Builder headerBuilder) {
+    if (namespaceIdMap.isEmpty()) {
+      return;
+    }
     RouterFederatedStateProto.Builder federatedStateBuilder =
         RouterFederatedStateProto.newBuilder();
-    lock.lock();
-    try {
-      namespaceIdMap.forEach((k, v) -> federatedStateBuilder.putNamespaceStateIds(k, v.get()));
-    } finally {
-      lock.unlock();
-    }
+    namespaceIdMap.forEach((k, v) -> federatedStateBuilder.putNamespaceStateIds(k, v.get()));
     headerBuilder.setRouterFederatedState(federatedStateBuilder.build().toByteString());
   }
 
   public NamespaceStateId getNamespaceId(String nsId) {
-    lock.lock();
-    try {
-      namespaceIdMap.putIfAbsent(nsId, new NamespaceStateId());
-    } finally {
-      lock.unlock();
-    }
-    return namespaceIdMap.get(nsId);
+    return namespaceIdMap.computeIfAbsent(nsId, key -> new NamespaceStateId());
   }
 
   public void removeNamespaceId(String nsId) {
-    lock.lock();
-    try {
-      namespaceIdMap.remove(nsId);
-    } finally {
-      lock.unlock();
-    }
+    namespaceIdMap.remove(nsId);
   }
 
   /**
-   * Utility function to view state of routerFederatedState field in RPC headers.
+   * Utility function to parse routerFederatedState field in RPC headers.
    */
-  @VisibleForTesting
   public static Map<String, Long> getRouterFederatedStateMap(ByteString byteString) {
     if (byteString != null) {
       RouterFederatedStateProto federatedState;
@@ -110,4 +71,8 @@ public static Map<String, Long> getRouterFederatedStateMap(ByteString byteString
       return Collections.emptyMap();
     }
   }
+
+  public int size() {
+    return namespaceIdMap.size();
+  }
 }

hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/PoolAlignmentContext.java

@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.server.federation.router;
+
+import java.io.IOException;
+import org.apache.hadoop.hdfs.NamespaceStateId;
+import org.apache.hadoop.ipc.AlignmentContext;
+import org.apache.hadoop.ipc.protobuf.RpcHeaderProtos;
+
+
+public class PoolAlignmentContext implements AlignmentContext {
+  private NamespaceStateId sharedGlobalStateId;
+  private NamespaceStateId poolLocalStateId;
+
+  PoolAlignmentContext(NamespaceStateId namespaceStateId) {
+    sharedGlobalStateId = namespaceStateId;
+    poolLocalStateId = new NamespaceStateId();
+  }
+
+  /**
+   * Client side implementation only receives state alignment info.
+   * It does not provide state alignment info therefore this does nothing.
+   */
+  @Override
+  public void updateResponseState(RpcHeaderProtos.RpcResponseHeaderProto.Builder header) {
+    // Do nothing.
+  }
+
+  /**
+   * Router update globally shared namespaceStateId value using response from
+   * namenodes.
+   */
+  @Override
+  public void receiveResponseState(RpcHeaderProtos.RpcResponseHeaderProto header) {
+    sharedGlobalStateId.update(header.getStateId());
+  }
+
+  /**
+   * Client side implementation for routers to provide state info in requests to
+   * namenodes.
+   */
+  @Override
+  public void updateRequestState(RpcHeaderProtos.RpcRequestHeaderProto.Builder header) {
+    long maxStateId = Long.max(poolLocalStateId.get(), sharedGlobalStateId.get());
+    header.setStateId(maxStateId);
+  }
+
+  /**
+   * Client side implementation only provides state alignment info in requests.
+   * Client does not receive RPC requests therefore this does nothing.
+   */
+  @Override
+  public long receiveRequestState(RpcHeaderProtos.RpcRequestHeaderProto header, long threshold)
+      throws IOException {
+    // Do nothing.
+    return 0;
+  }
+
+  @Override
+  public long getLastSeenStateId() {
+    return sharedGlobalStateId.get();
+  }
+
+  @Override
+  public boolean isCoordinatedCall(String protocolName, String method) {
+    throw new UnsupportedOperationException(
+        "Client should not be checking uncoordinated call");
+  }
+
+  public void advanceClientStateId(Long clientStateId) {
+    poolLocalStateId.update(clientStateId);
+  }
+}

hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RBFConfigKeys.java

@@ -191,6 +191,10 @@ public class RBFConfigKeys extends CommonConfigurationKeysPublic {
       FEDERATION_STORE_PREFIX + "enable";
   public static final boolean DFS_ROUTER_STORE_ENABLE_DEFAULT = true;
 
+  public static final String DFS_ROUTER_OBSERVER_FEDERATED_STATE_PROPAGATION_MAXSIZE =
+      FEDERATION_ROUTER_PREFIX + "observer.federated.state.propagation.maxsize";
+  public static final int DFS_ROUTER_OBSERVER_FEDERATED_STATE_PROPAGATION_MAXSIZE_DEFAULT = 5;
+
   public static final String FEDERATION_STORE_SERIALIZER_CLASS =
       FEDERATION_STORE_PREFIX + "serializer";
   public static final Class<StateStoreSerializerPBImpl>

hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterRpcClient.java

@@ -80,6 +80,7 @@
 import org.apache.hadoop.ipc.StandbyException;
 import org.apache.hadoop.net.ConnectTimeoutException;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.thirdparty.protobuf.ByteString;
 import org.apache.hadoop.util.StringUtils;
 import org.eclipse.jetty.util.ajax.JSON;
 import org.slf4j.Logger;
@@ -369,8 +370,20 @@ private ConnectionContext getConnection(UserGroupInformation ugi, String nsId,
         connUGI = UserGroupInformation.createProxyUser(
             ugi.getUserName(), routerUser);
       }
+
+      Long clientStateID = Long.MIN_VALUE;
+      Call call = Server.getCurCall().get();
+      if (call != null) {
+        ByteString callFederatedNamespaceState = call.getFederatedNamespaceState();
+        if (callFederatedNamespaceState != null) {
+          Map<String, Long> clientFederatedStateIds =
+              FederatedNamespaceIds.getRouterFederatedStateMap(callFederatedNamespaceState);
+          clientStateID = clientFederatedStateIds.getOrDefault(nsId, Long.MIN_VALUE);
+        }
+      }
+
       connection = this.connectionManager.getConnection(
-          connUGI, rpcAddress, proto, nsId);
+          connUGI, rpcAddress, proto, nsId, clientStateID);
       LOG.debug("User {} NN {} is using connection {}",
           ugi.getUserName(), rpcAddress, connection);
     } catch (Exception ex) {

hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterRpcServer.java

@@ -255,18 +255,18 @@ public class RouterRpcServer extends AbstractService implements ClientProtocol,
    * @param conf HDFS Configuration.
    * @param router A router using this RPC server.
    * @param nnResolver The NN resolver instance to determine active NNs in HA.
-   * @param fileResolver File resolver to resolve file paths to subclusters.
+   * @param fResolver File resolver to resolve file paths to subclusters.
    * @throws IOException If the RPC server could not be created.
    */
   public RouterRpcServer(Configuration conf, Router router,
-      ActiveNamenodeResolver nnResolver, FileSubclusterResolver fileResolver)
+      ActiveNamenodeResolver nnResolver, FileSubclusterResolver fResolver)
           throws IOException {
     super(RouterRpcServer.class.getName());
 
     this.conf = conf;
     this.router = router;
     this.namenodeResolver = nnResolver;
-    this.subclusterResolver = fileResolver;
+    this.subclusterResolver = fResolver;
 
     // RPC server settings
     int handlerCount = this.conf.getInt(DFS_ROUTER_HANDLER_COUNT_KEY,
@@ -332,7 +332,7 @@ public RouterRpcServer(Configuration conf, Router router,
         .setnumReaders(readerCount)
         .setQueueSizePerHandler(handlerQueueSize)
         .setVerbose(false)
-        .setAlignmentContext(new RouterStateIdContext(federatedNamespaceIds))
+        .setAlignmentContext(new RouterStateIdContext(conf, federatedNamespaceIds))
         .setSecretManager(this.securityManager.getSecretManager())
         .build();