You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by mo...@apache.org on 2021/08/05 06:33:25 UTC
[incubator-doris] branch master updated: [Broker] Fix ugi confusion
bug (#6325)
This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris.git
The following commit(s) were added to refs/heads/master by this push:
new 2f3cd05 [Broker] Fix ugi confusion bug (#6325)
2f3cd05 is described below
commit 2f3cd0573afcddcb678ff4db1e2f1759c5e6ae01
Author: tinkerrrr <62...@users.noreply.github.com>
AuthorDate: Thu Aug 5 14:33:18 2021 +0800
[Broker] Fix ugi confusion bug (#6325)
Use UserGroupInformation.loginUserFromKeytabAndReturnUGI instead of UserGroupInformation.loginUserFromKeytab in multiple principal scenario.
---
.../apache/doris/broker/hdfs/FileSystemManager.java | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java b/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java
index 576f3da..229ff03 100644
--- a/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java
+++ b/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java
@@ -242,6 +242,8 @@ public class FileSystemManager {
}
if (fileSystem.getDFSFileSystem() == null) {
logger.info("could not find file system for path " + path + " create a new one");
+ UserGroupInformation ugi = null;
+
// create a new filesystem
Configuration conf = new HdfsConfiguration();
@@ -279,7 +281,7 @@ public class FileSystemManager {
"keytab is required for kerberos authentication");
}
UserGroupInformation.setConfiguration(conf);
- UserGroupInformation.loginUserFromKeytab(principal, keytab);
+ ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab);
if (properties.containsKey(KERBEROS_KEYTAB_CONTENT)) {
try {
File file = new File(tmpFilePath);
@@ -343,21 +345,15 @@ public class FileSystemManager {
if (authentication.equals(AUTHENTICATION_SIMPLE) &&
properties.containsKey(USER_NAME_KEY) && !Strings.isNullOrEmpty(username)) {
// Use the specified 'username' as the login name
- UserGroupInformation ugi = UserGroupInformation.createRemoteUser(username);
+ ugi = UserGroupInformation.createRemoteUser(username);
// make sure hadoop client know what auth method would be used now,
// don't set as default
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, AUTHENTICATION_SIMPLE);
ugi.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.SIMPLE);
-
- dfsFileSystem = ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
- @Override
- public FileSystem run() throws Exception {
- return FileSystem.get(pathUri.getUri(), conf);
- }
- });
- } else {
- dfsFileSystem = FileSystem.get(pathUri.getUri(), conf);
}
+ dfsFileSystem = ugi != null ?
+ ugi.doAs((PrivilegedExceptionAction<FileSystem>) () -> FileSystem.get(pathUri.getUri(), conf)) :
+ FileSystem.get(pathUri.getUri(), conf);
fileSystem.setFileSystem(dfsFileSystem);
}
return fileSystem;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org