From 78b6013e1edec591cf0d66d748f46268d8aa43e3 Mon Sep 17 00:00:00 2001 From: curie71 <39853223+curie71@users.noreply.github.com> Date: Wed, 8 Mar 2023 23:56:40 +0800 Subject: [PATCH] HDFS-16944 Add audit log for RouterAdminServer to save privileged operation log seperately. We found that in other components (like namenode in hdfs or resourcemanager in yarn), debug log and audit log are record seperately, except RouterAdminServer. --- .../federation/router/RouterAdminServer.java | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java index db1922ad80811..b6735804e14bd 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java @@ -112,6 +112,8 @@ public class RouterAdminServer extends AbstractService private static final Logger LOG = LoggerFactory.getLogger(RouterAdminServer.class); + private static final Logger AUDITLOG = + LoggerFactory.getLogger(RouterAdminServer.class.getName() + ".audit"); private Configuration conf; @@ -514,11 +516,11 @@ public EnterSafeModeResponse enterSafeMode(EnterSafeModeRequest request) safeModeService.setManualSafeMode(true); success = verifySafeMode(true); if (success) { - LOG.info("STATE* Safe mode is ON.\n" + "It was turned on manually. " + AUDITLOG.info("STATE* Safe mode is ON.\n" + "It was turned on manually. " + "Use \"hdfs dfsrouteradmin -safemode leave\" to turn" + " safe mode off."); } else { - LOG.error("Unable to enter safemode."); + AUDITLOG.error("Unable to enter safemode."); } } return EnterSafeModeResponse.newInstance(success); @@ -535,9 +537,9 @@ public LeaveSafeModeResponse leaveSafeMode(LeaveSafeModeRequest request) safeModeService.setManualSafeMode(false); success = verifySafeMode(false); if (success) { - LOG.info("STATE* Safe mode is OFF.\n" + "It was turned off manually."); + AUDITLOG.info("STATE* Safe mode is OFF.\n" + "It was turned off manually."); } else { - LOG.error("Unable to leave safemode."); + AUDITLOG.error("Unable to leave safemode."); } } return LeaveSafeModeResponse.newInstance(success); @@ -676,12 +678,12 @@ public DisableNameserviceResponse disableNameservice( if (namespaceExists(nsId)) { success = getDisabledNameserviceStore().disableNameservice(nsId); if (success) { - LOG.info("Nameservice {} disabled successfully.", nsId); + AUDITLOG.info("Nameservice {} disabled successfully.", nsId); } else { - LOG.error("Unable to disable Nameservice {}", nsId); + AUDITLOG.error("Unable to disable Nameservice {}", nsId); } } else { - LOG.error("Cannot disable {}, it does not exists", nsId); + AUDITLOG.error("Cannot disable {}, it does not exists", nsId); } return DisableNameserviceResponse.newInstance(success); } @@ -711,12 +713,12 @@ public EnableNameserviceResponse enableNameservice( if (disabled.contains(nsId)) { success = store.enableNameservice(nsId); if (success) { - LOG.info("Nameservice {} enabled successfully.", nsId); + AUDITLOG.info("Nameservice {} enabled successfully.", nsId); } else { - LOG.error("Unable to enable Nameservice {}", nsId); + AUDITLOG.error("Unable to enable Nameservice {}", nsId); } } else { - LOG.error("Cannot enable {}, it was not disabled", nsId); + AUDITLOG.error("Cannot enable {}, it was not disabled", nsId); } return EnableNameserviceResponse.newInstance(success); }