You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pd...@apache.org on 2021/01/05 13:24:13 UTC

[zeppelin] branch branch-0.9 updated: [ZEPPELIN-5180] - Improve Kerberos debug messages

This is an automated email from the ASF dual-hosted git repository.

pdallig pushed a commit to branch branch-0.9
in repository https://gitbox.apache.org/repos/asf/zeppelin.git


The following commit(s) were added to refs/heads/branch-0.9 by this push:
     new 96992e6  [ZEPPELIN-5180] - Improve Kerberos debug messages
96992e6 is described below

commit 96992e6c65dbf0a5fd836cd45a3f680761835f9c
Author: Vipin Rathor <v....@gmail.com>
AuthorDate: Mon Jan 4 11:43:36 2021 -0800

    [ZEPPELIN-5180] - Improve Kerberos debug messages
    
    ### What is this PR for?
    While troubleshooting Kerberos ticket issue, lack of Kerberos log messages makes it difficult to understand what is really happening. This PR aims to address that. It adds debug level log4j messages around ticket renewal thread (in runKerberosLogin()) and in createSecureConfiguration().
    
    ### What type of PR is it?
    [Improvement]
    
    ### Todos
    * none
    
    ### What is the Jira issue?
    * https://issues.apache.org/jira/browse/ZEPPELIN-5180
    
    ### How should this be tested?
    * Enable debug level in log4j for Interpreter to see the debug messages
    
    ### Screenshots (if appropriate)
    * None
    
    ### Questions:
    * Does the licenses files need update?
    No
    * Is there breaking changes for older versions?
    No
    * Does this needs documentation?
    No
    
    Author: Vipin Rathor <v....@gmail.com>
    
    Closes #4007 from VipinRathor/ZEPPELIN-5180 and squashes the following commits:
    
    2534ba2fe [Vipin Rathor] ZEPPELIN-5180 Incorporating more review comments
    2cbc8771a [Vipin Rathor] ZEPPELIN-5180 Incorporating review comments.
    f63ad0527 [Vipin Rathor] ZEPPELIN-5180 - Improve Kerberos debug messages
    
    (cherry picked from commit 76ff2347771ca756c1bfc46f136a1ccfeea1b5f0)
    Signed-off-by: Philipp Dallig <ph...@gmail.com>
---
 .../java/org/apache/zeppelin/jdbc/JDBCInterpreter.java   |  7 +++++++
 .../apache/zeppelin/interpreter/KerberosInterpreter.java | 16 +++++++++-------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java
index 2b29ece..be14d08 100644
--- a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java
+++ b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java
@@ -184,15 +184,19 @@ public class JDBCInterpreter extends KerberosInterpreter {
   protected boolean runKerberosLogin() {
     try {
       if (UserGroupInformation.isLoginKeytabBased()) {
+        LOGGER.debug("Trying relogin from keytab");
         UserGroupInformation.getLoginUser().reloginFromKeytab();
         return true;
       } else if (UserGroupInformation.isLoginTicketBased()) {
+        LOGGER.debug("Trying relogin from ticket cache");
         UserGroupInformation.getLoginUser().reloginFromTicketCache();
         return true;
       }
     } catch (Exception e) {
       LOGGER.error("Unable to run kinit for zeppelin", e);
     }
+    LOGGER.debug("Neither Keytab nor ticket based login. " +
+      "runKerberosLogin() returning false");
     return false;
   }
 
@@ -512,8 +516,11 @@ public class JDBCInterpreter extends KerberosInterpreter {
         connection = getConnectionFromPool(connectionUrl, user, dbPrefix, properties);
         break;
       case "KERBEROS":
+        LOGGER.debug("Calling createSecureConfiguration(); this will do " +
+          "loginUserFromKeytab() if required");
         JDBCSecurityImpl.createSecureConfiguration(getProperties(),
                 UserGroupInformation.AuthenticationMethod.KERBEROS);
+        LOGGER.debug("createSecureConfiguration() returned");
         boolean isProxyEnabled = Boolean.parseBoolean(
                 getProperty("zeppelin.jdbc.auth.kerberos.proxy.enable", "true"));
         if (basePropertiesMap.get(dbPrefix).containsKey("proxy.user.property")
diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java
index 9c2353b..49d3d95 100644
--- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java
+++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/KerberosInterpreter.java
@@ -48,7 +48,7 @@ public abstract class KerberosInterpreter extends AbstractInterpreter {
 
   private Integer kinitFailCount = 0;
   private ScheduledExecutorService scheduledExecutorService;
-  private static Logger logger = LoggerFactory.getLogger(KerberosInterpreter.class);
+  private static final Logger LOGGER = LoggerFactory.getLogger(KerberosInterpreter.class);
 
   public KerberosInterpreter(Properties property) {
     super(property);
@@ -82,7 +82,7 @@ public abstract class KerberosInterpreter extends AbstractInterpreter {
     try {
       refreshInterval = getTimeAsMs(refreshIntervalString);
     } catch (IllegalArgumentException e) {
-      logger.error("Cannot get time in MS for the given string, " + refreshIntervalString
+      LOGGER.error("Cannot get time in MS for the given string, " + refreshIntervalString
           + " defaulting to 1d ", e);
       refreshInterval = getTimeAsMs("1d");
     }
@@ -97,7 +97,7 @@ public abstract class KerberosInterpreter extends AbstractInterpreter {
       try {
         kinitFailThreshold = new Integer(System.getenv("KINIT_FAIL_THRESHOLD"));
       } catch (Exception e) {
-        logger.error("Cannot get integer value from the given string, " + System
+        LOGGER.error("Cannot get integer value from the given string, " + System
             .getenv("KINIT_FAIL_THRESHOLD") + " defaulting to " + kinitFailThreshold, e);
       }
     }
@@ -106,7 +106,7 @@ public abstract class KerberosInterpreter extends AbstractInterpreter {
 
   private Long getTimeAsMs(String time) {
     if (time == null) {
-      logger.error("Cannot convert to time value.", time);
+      LOGGER.error("Cannot convert null to a time value. Defaulting to 1d");
       time = "1d";
     }
 
@@ -133,17 +133,19 @@ public abstract class KerberosInterpreter extends AbstractInterpreter {
       public Object call() throws Exception {
 
         if (runKerberosLogin()) {
-          logger.info("Ran runKerberosLogin command successfully.");
+          LOGGER.info("Ran runKerberosLogin command successfully.");
           kinitFailCount = 0;
           // schedule another kinit run with a fixed delay.
+          LOGGER.info("Scheduling Kerberos ticket refresh thread with interval {} ms",
+            getKerberosRefreshInterval());
           scheduledExecutorService
               .schedule(this, getKerberosRefreshInterval(), TimeUnit.MILLISECONDS);
         } else {
           kinitFailCount++;
-          logger.info("runKerberosLogin failed for " + kinitFailCount + " time(s).");
+          LOGGER.info("runKerberosLogin failed for {} time(s).", kinitFailCount);
           // schedule another retry at once or close the interpreter if too many times kinit fails
           if (kinitFailCount >= kinitFailThreshold()) {
-            logger.error("runKerberosLogin failed for  max attempts, calling close interpreter.");
+            LOGGER.error("runKerberosLogin failed for  max attempts, calling close interpreter.");
             close();
           } else {
             scheduledExecutorService.submit(this);