I was reading a KB article which can help us to protect our HDFS dir, but when I tested it then I am able to delete a protected dir.
Actually I have configured fs.protected.directories in core-site.xml with /lowes/sampleTest dir and tested below.
[root@samplehost ~]$ hadoop fs -rm -R -skipTrash /lowes/sampleTest
rm: Cannot delete non-empty protected directory /lowes/sampleTest
[root@samplehost ~]$ hadoop fs -rm -R /lowes/sampleTest
16/04/27 05:50:15 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 360 minutes, Emptier interval = 0 minutes.
Moved: 'hdfs://HDPINFHA/lowes/sampleTest' to trash at: hdfs://HDPINFHA/user/root/.Trash/Current
So do you have any help on that.
@Kuldeep Kulkarni: I am able to delete trash as well.
[root@samplehost ~]$ hadoop fs -rmr hdfs://HDPINFHA/user/root/.Trash/Current/lowes/sampleTest
rmr: DEPRECATED: Please use 'rm -r' instead.
16/04/29 03:07:06 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 360 minutes, Emptier interval = 0 minutes.
This is a good article by our intern James Medel to protect against accidental deletion:
Sometime back, we introduced the ability to create snapshots to protect important enterprise data sets from user or application errors.
HDFS Snapshots are read-only point-in-time copies of the file system. Snapshots can be taken on a subtree of the file system or the entire file system and are:
In this blog post we’ll walk through how to administer and use HDFS snapshots.
In an example scenario, Web Server logs are being loaded into HDFS on a daily basis for processing and long term storage. The logs are loaded in a few times a day, and the dataset is organized into directories that hold log files per day in HDFS. Since the Web Server logs are stored only in HDFS, it’s imperative that they are protected from deletion.
In order to provide data protection and recovery for the Web Server log data, snapshots are enabled for the parent directory:
hdfs dfsadmin -allowSnapshot /data/weblogs
Snapshots need to be explicitly enabled for directories. This provides system administrators with the level of granular control they need to manage data in HDP.
The following command creates a point in time snapshot of the /data/weblogs/directory and its subtree:
hdfs dfs -createSnapshot /data/weblogs
This will create a snapshot, and give it a default name which matches the timestamp at which the snapshot was created. Users can provide an optional snapshot name instead of the default. With the default name, the created snapshot path will be: /data/weblogs/.snapshot/s20130903-000941.091. Users can schedule a CRON job to create snapshots at regular intervals. Example, when you run CRON job: 30 18 * * * rm /home/someuser/tmp/*, the comand tells your file system to run the content from the tmp folder at 18:30 every day. For instance, to integrate CRON jobs with HDFS snapshots, run the command: 30 18 * * * hdfs dfs -createSnapshot /data/weblogs/* to schedule Snapshots to be created each day at 6:30.
To view the state of the directory at the recently created snapshot:
hdfs dfs -ls /data/weblogs/.snapshot/s20130903-000941.091
drwxr-xr-x - web hadoop 02013-09-0123:59/data/weblogs/.snapshot/s20130903-000941.091/20130901
drwxr-xr-x - web hadoop 02013-09-0200:55/data/weblogs/.snapshot/s20130903-000941.091/20130902
drwxr-xr-x - web hadoop 02013-09-0323:57/data/weblogs/.snapshot/s20130903-000941.091/20130903
As new data is loaded into the web logs dataset, there could be an erroneous deletion of a file or directory. For example, an application could delete the set of logs pertaining to Sept 2nd, 2013 stored in the /data/weblogs/20130902 directory.
Since /data/weblogs has a snapshot, the snapshot will protect from the file blocks being removed from the file system. A deletion will only modify the metadata to remove /data/weblogs/20130902 from the working directory.
To recover from this deletion, data is restored by copying the needed data from the snapshot path:
hdfs dfs -cp /data/weblogs/.snapshot/s20130903-000941.091/20130902/data/weblogs/
This will restore the lost set of files to the working data set:
hdfs dfs -ls /data/weblogs
drwxr-xr-x - web hadoop 02013-09-0123:59/data/weblogs/20130901
drwxr-xr-x - web hadoop 02013-09-0412:10/data/weblogs/20130902
drwxr-xr-x - web hadoop 02013-09-0323:57/data/weblogs/20130903
Since snapshots are read-only, HDFS will also protect against user or application deletion of the snapshot data itself. The following operation will fail:
hdfs dfs -rmdir /data/weblogs/.snapshot/s20130903-000941.091/20130902