You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "James Turton (Jira)" <ji...@apache.org> on 2023/12/31 13:57:00 UTC
[jira] [Updated] (DRILL-8352) Log noise when attempting to look up Unix user groups for a non-existent user
[ https://issues.apache.org/jira/browse/DRILL-8352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Turton updated DRILL-8352:
--------------------------------
Description:
With Vault authn configured, with the consequence that Drill's users are not known to the local OS, messages such as the following are logged by Drill.
{code:java}
09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping - unable to return groups for user user-1-1
org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException: The user name 'user-1-1' is not found. id: user-1-1: no such user
id: user-1-1: no such user
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
at org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
at org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
at org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
at org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
at org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
at org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
{code}
was:
With Vault authn configured, with the consequence that Drill's users are not known to the local OS, messages such as the following are logged by Drill.
{noformat}
docker-compose-sap-main-drill-1 | 09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping - unable to return groups for user user-1-1
docker-compose-sap-main-drill-1 | org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException: The user name 'user-1-1' is not found. id: user-1-1: no such user
docker-compose-sap-main-drill-1 | id: user-1-1: no such user
docker-compose-sap-main-drill-1 |
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
docker-compose-sap-main-drill-1 | at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
docker-compose-sap-main-drill-1 | at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
docker-compose-sap-main-drill-1 | at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
docker-compose-sap-main-drill-1 | at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
docker-compose-sap-main-drill-1 | at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
docker-compose-sap-main-drill-1 | at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
docker-compose-sap-main-drill-1 | at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
docker-compose-sap-main-drill-1 | at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
docker-compose-sap-main-drill-1 | at org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
docker-compose-sap-main-drill-1 | at org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
docker-compose-sap-main-drill-1 | at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
docker-compose-sap-main-drill-1 | at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
docker-compose-sap-main-drill-1 | at org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
docker-compose-sap-main-drill-1 | at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
docker-compose-sap-main-drill-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
docker-compose-sap-main-drill-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
{noformat}
> Log noise when attempting to look up Unix user groups for a non-existent user
> -----------------------------------------------------------------------------
>
> Key: DRILL-8352
> URL: https://issues.apache.org/jira/browse/DRILL-8352
> Project: Apache Drill
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.20.2
> Reporter: James Turton
> Assignee: James Turton
> Priority: Minor
>
> With Vault authn configured, with the consequence that Drill's users are not known to the local OS, messages such as the following are logged by Drill.
>
> {code:java}
> 09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping - unable to return groups for user user-1-1
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException: The user name 'user-1-1' is not found. id: user-1-1: no such user
> id: user-1-1: no such user
> at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
> at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
> at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
> at org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
> at org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
> at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
> at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
> at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
> at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
> at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
> at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
> at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
> at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
> at org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
> at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
> at org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
> at org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
> at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
> at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
> at org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
> at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)