This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new bcf39e202c RANGER-5151: fix for error while writing audit logs to HDFS
(#535)
bcf39e202c is described below
commit bcf39e202c331c286019e399afd270307aa79947
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Wed Feb 19 23:17:02 2025 -0800
RANGER-5151: fix for error while writing audit logs to HDFS (#535)
---
.../audit/utils/AbstractRangerAuditWriter.java | 49 ++++++++++++++--------
.../ranger/audit/utils/RangerJSONAuditWriter.java | 20 +++------
2 files changed, 36 insertions(+), 33 deletions(-)
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/utils/AbstractRangerAuditWriter.java
b/agents-audit/src/main/java/org/apache/ranger/audit/utils/AbstractRangerAuditWriter.java
index dca00ee978..b9899d3bdf 100644
---
a/agents-audit/src/main/java/org/apache/ranger/audit/utils/AbstractRangerAuditWriter.java
+++
b/agents-audit/src/main/java/org/apache/ranger/audit/utils/AbstractRangerAuditWriter.java
@@ -269,26 +269,10 @@ public void closeFileIfNeeded() {
closeWriter();
resetWriter();
+ setNextRollOverTime();
currentFileName = null;
reUseLastLogFile = false;
-
- if (!rollOverByDuration) {
- try {
- if (StringUtils.isEmpty(rolloverPeriod)) {
- rolloverPeriod =
rollingTimeUtil.convertRolloverSecondsToRolloverPeriod(fileRolloverSec);
- }
-
- nextRollOverTime =
rollingTimeUtil.computeNextRollingTime(rolloverPeriod);
- } catch (Exception e) {
- logger.warn("Rollover by file.rollover.period failed", e);
- logger.warn("Using the file.rollover.sec for {} audit file
rollover...", fileSystemScheme);
-
- nextRollOverTime = rollOverByDuration();
- }
- } else {
- nextRollOverTime = rollOverByDuration();
- }
}
logger.debug("<== AbstractRangerAuditWriter.closeFileIfNeeded()");
@@ -307,7 +291,7 @@ public PrintWriter createWriter() throws Exception {
boolean appendMode = false;
// if append is supported, reuse last log file
- if (reUseLastLogFile && fileSystem.hasPathCapability(auditPath,
CommonPathCapabilities.FS_APPEND)) {
+ if (reUseLastLogFile && isAppendEnabled()) {
logger.info("Appending to last log file. auditPath = {}",
fullPath);
try {
@@ -394,4 +378,33 @@ public String getFileSystemScheme() {
public void setFileExtension(String fileExtension) {
this.fileExtension = fileExtension;
}
+
+ private void setNextRollOverTime() {
+ if (!rollOverByDuration) {
+ try {
+ if (StringUtils.isEmpty(rolloverPeriod)) {
+ rolloverPeriod =
rollingTimeUtil.convertRolloverSecondsToRolloverPeriod(fileRolloverSec);
+ }
+
+ nextRollOverTime =
rollingTimeUtil.computeNextRollingTime(rolloverPeriod);
+ } catch (Exception e) {
+ logger.warn("Rollover by file.rollover.period failed", e);
+ logger.warn("Using the file.rollover.sec for {} audit file
rollover...", fileSystemScheme);
+
+ nextRollOverTime = rollOverByDuration();
+ }
+ } else {
+ nextRollOverTime = rollOverByDuration();
+ }
+ }
+
+ private boolean isAppendEnabled() {
+ try {
+ return fileSystem.hasPathCapability(auditPath,
CommonPathCapabilities.FS_APPEND);
+ } catch (Throwable t) {
+ logger.warn("Failed to check if audit log file {} can be appended.
Will create a new file.", auditPath, t);
+ }
+
+ return false;
+ }
}
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/utils/RangerJSONAuditWriter.java
b/agents-audit/src/main/java/org/apache/ranger/audit/utils/RangerJSONAuditWriter.java
index eb7a2a78cc..32c69aec02 100644
---
a/agents-audit/src/main/java/org/apache/ranger/audit/utils/RangerJSONAuditWriter.java
+++
b/agents-audit/src/main/java/org/apache/ranger/audit/utils/RangerJSONAuditWriter.java
@@ -27,6 +27,7 @@
import java.io.PrintWriter;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
+import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.Executors;
@@ -46,14 +47,7 @@ public class RangerJSONAuditWriter extends
AbstractRangerAuditWriter {
protected static final String JSON_FILE_EXTENSION = ".log";
/*
- * When enableAuditFilePeriodicRollOver is enabled, Audit File in HDFS
would be closed by the defined period in
- * xasecure.audit.destination.hdfs.file.rollover.sec. By default
xasecure.audit.destination.hdfs.file.rollover.sec = 86400 sec
- * and file will be closed midnight. Custom rollover time can be set by
defining file.rollover.sec to desire time in seconds.
- */
- private boolean enableAuditFilePeriodicRollOver;
-
- /*
- Time frequency of next occurrence of periodic rollover check. By Default
every 60 seconds the check is done.
+ Time frequency of next occurrence of periodic rollover check. By Default
every 60 seconds the check is done if enabled
*/
private long periodicRollOverCheckTimeinSec;
@@ -65,7 +59,7 @@ public void init(Properties props, String propPrefix, String
auditProviderName,
super.init(props, propPrefix, auditProviderName, auditConfigs);
// start AuditFilePeriodicRollOverTask if enabled.
- enableAuditFilePeriodicRollOver = MiscUtil.getBooleanProperty(props,
propPrefix + "." + PROP_HDFS_ROLLOVER_ENABLE_PERIODIC_ROLLOVER, false);
+ boolean enableAuditFilePeriodicRollOver =
MiscUtil.getBooleanProperty(props, propPrefix + "." +
PROP_HDFS_ROLLOVER_ENABLE_PERIODIC_ROLLOVER, false);
if (enableAuditFilePeriodicRollOver) {
periodicRollOverCheckTimeinSec = MiscUtil.getLongProperty(props,
propPrefix + "." + PROP_HDFS_ROLLOVER_PERIODIC_ROLLOVER_CHECK_TIME, 60L);
@@ -187,11 +181,7 @@ public synchronized boolean logAsFile(final File file)
throws Exception {
}
public synchronized PrintWriter getLogFileStream() throws Exception {
- if (!enableAuditFilePeriodicRollOver) {
- // when periodic rollover is enabled closing of file is done by
the file rollover monitoring task and hence don't need to
- // close the file inline with audit logging.
- closeFileIfNeeded();
- }
+ closeFileIfNeeded();
// Either there are no open log file or the previous one has been
rolled over
return createWriter();
@@ -223,7 +213,7 @@ public void run() {
logger.debug("==> AuditFilePeriodicRollOverTask.run()");
try {
- closeFileIfNeeded();
+ logJSON(Collections.emptyList());
} catch (Exception excp) {
logger.error("AuditFilePeriodicRollOverTask Failed.
Aborting..", excp);
}
