You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2022/12/22 14:05:27 UTC

[GitHub] [hadoop] steveloughran commented on a diff in pull request #5248: HADOOP-18581 : Handle Server KDC re-login when Server and Client run …

steveloughran commented on code in PR #5248:
URL: https://github.com/apache/hadoop/pull/5248#discussion_r1055492356


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java:
##########
@@ -529,6 +529,13 @@ private void setLogin(LoginContext login) {
     user.setLogin(login);
   }
 
+  /** This method is only helpful for HadoopLoginContext*/
+  public boolean isLoginSuccess() {
+    LoginContext login = user.getLogin();
+    return (login instanceof HadoopLoginContext)
+        ? ((HadoopLoginContext) login).isLoginSuccess() : true;

Review Comment:
   nit, put : on a newline



##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java:
##########
@@ -2206,7 +2206,25 @@ private void saslProcess(RpcSaslProto saslMessage)
           AUDITLOG.warn(AUTH_FAILED_FOR + this.toString() + ":"
               + attemptingUser + " (" + e.getLocalizedMessage()
               + ") with true cause: (" + tce.getLocalizedMessage() + ")");
-          throw tce;
+          if (!UserGroupInformation.getLoginUser().isLoginSuccess()) {
+            LOG.info("Initiating re-login from IPC Server");
+            if (UserGroupInformation.isLoginKeytabBased()) {
+              UserGroupInformation.getLoginUser().reloginFromKeytab();
+            } else if (UserGroupInformation.isLoginTicketBased()) {
+              UserGroupInformation.getLoginUser().reloginFromTicketCache();
+            }
+            try {
+              // try processing message again
+              saslResponse = processSaslMessage(saslMessage);
+              AUDITLOG.info("Retry " + AUTH_SUCCESSFUL_FOR + this.toString()
+                  + ":" + attemptingUser + " after failure");
+            } catch (IOException exp) {
+              tce = (IOException) getTrueCause(e);

Review Comment:
   big assumption there about wrapped cause and its class. does it hold



##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java:
##########
@@ -2206,7 +2206,25 @@ private void saslProcess(RpcSaslProto saslMessage)
           AUDITLOG.warn(AUTH_FAILED_FOR + this.toString() + ":"
               + attemptingUser + " (" + e.getLocalizedMessage()
               + ") with true cause: (" + tce.getLocalizedMessage() + ")");
-          throw tce;
+          if (!UserGroupInformation.getLoginUser().isLoginSuccess()) {
+            LOG.info("Initiating re-login from IPC Server");
+            if (UserGroupInformation.isLoginKeytabBased()) {
+              UserGroupInformation.getLoginUser().reloginFromKeytab();
+            } else if (UserGroupInformation.isLoginTicketBased()) {
+              UserGroupInformation.getLoginUser().reloginFromTicketCache();
+            }
+            try {
+              // try processing message again
+              saslResponse = processSaslMessage(saslMessage);
+              AUDITLOG.info("Retry " + AUTH_SUCCESSFUL_FOR + this.toString()

Review Comment:
   use slf4j syntax



##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java:
##########
@@ -2206,7 +2206,25 @@ private void saslProcess(RpcSaslProto saslMessage)
           AUDITLOG.warn(AUTH_FAILED_FOR + this.toString() + ":"
               + attemptingUser + " (" + e.getLocalizedMessage()
               + ") with true cause: (" + tce.getLocalizedMessage() + ")");
-          throw tce;
+          if (!UserGroupInformation.getLoginUser().isLoginSuccess()) {
+            LOG.info("Initiating re-login from IPC Server");
+            if (UserGroupInformation.isLoginKeytabBased()) {
+              UserGroupInformation.getLoginUser().reloginFromKeytab();
+            } else if (UserGroupInformation.isLoginTicketBased()) {
+              UserGroupInformation.getLoginUser().reloginFromTicketCache();
+            }
+            try {
+              // try processing message again
+              saslResponse = processSaslMessage(saslMessage);

Review Comment:
   maybe log at debug that this is about to be retried



##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java:
##########
@@ -2206,7 +2206,25 @@ private void saslProcess(RpcSaslProto saslMessage)
           AUDITLOG.warn(AUTH_FAILED_FOR + this.toString() + ":"
               + attemptingUser + " (" + e.getLocalizedMessage()
               + ") with true cause: (" + tce.getLocalizedMessage() + ")");
-          throw tce;
+          if (!UserGroupInformation.getLoginUser().isLoginSuccess()) {
+            LOG.info("Initiating re-login from IPC Server");

Review Comment:
   this the right log level?



##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java:
##########
@@ -2083,6 +2090,10 @@ private static class HadoopLoginContext extends LoginContext {
       this.conf = conf;
     }
 
+    public boolean isLoginSuccess() {

Review Comment:
   +javadoc



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org