[incubator-doris] branch master updated: [Broker] Fix broker load fail using SIMPLE auth after KERBEROS auth fail (#5412)

Wed, 24 Feb 2021 17:54:09 -0800 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris.git


The following commit(s) were added to refs/heads/master by this push:
     new fdd13ea  [Broker] Fix broker load fail using SIMPLE auth after 
KERBEROS auth fail (#5412)
fdd13ea is described below

commit fdd13ea79afe921514c9ae519644e2636bce3de5
Author: francis lee <francislee...@outlook.com>
AuthorDate: Thu Feb 25 09:53:50 2021 +0800

    [Broker] Fix broker load fail using SIMPLE auth after KERBEROS auth fail 
(#5412)
    
    Co-authored-by: liwei5 <liw...@vipkid.com.cn>
---
 .../java/org/apache/doris/broker/hdfs/FileSystemManager.java   | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git 
a/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java
 
b/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java
index 206e909..c1c1c4e 100644
--- 
a/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java
+++ 
b/fs_brokers/apache_hdfs_broker/src/main/java/org/apache/doris/broker/hdfs/FileSystemManager.java
@@ -35,6 +35,7 @@ import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.StringUtils;
 import org.apache.log4j.Logger;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
 
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -243,6 +244,10 @@ public class FileSystemManager {
                 logger.info("could not find file system for path " + path + " 
create a new one");
                 // create a new filesystem
                 Configuration conf = new HdfsConfiguration();
+
+                // fallback when kerberos auth fail
+                
conf.set(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
 "true");
+
                 // TODO get this param from properties
                 // conf.set("dfs.replication", "2");
                 String tmpFilePath = null;
@@ -338,6 +343,11 @@ public class FileSystemManager {
                     properties.containsKey(USER_NAME_KEY) && 
!Strings.isNullOrEmpty(username)) {
                     // Use the specified 'username' as the login name
                     UserGroupInformation ugi = 
UserGroupInformation.createRemoteUser(username);
+                    // make sure hadoop client know what auth method would be 
used now,
+                    // don't set as default
+                    
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, 
AUTHENTICATION_SIMPLE);
+                    
ugi.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.SIMPLE);
+
                     dfsFileSystem = ugi.doAs(new 
PrivilegedExceptionAction<FileSystem>() {
                         @Override
                         public FileSystem run() throws Exception {


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to