From a6a1b94df4f5c4d22845fe99f2f778ba53d60e5c Mon Sep 17 00:00:00 2001 From: guohaozhang Date: Mon, 29 Mar 2021 11:07:39 +0800 Subject: [PATCH] [Feature-#5128]Support turning off sudo permissions (#5129) * [Feature-#5128]Support turning off sudo permissions * [Feature-#5128] without sudo permission do not create tenant user --- .../apache/dolphinscheduler/common/Constants.java | 5 +++++ .../dolphinscheduler/common/utils/CommonUtils.java | 7 +++++++ .../dolphinscheduler/common/utils/OSUtils.java | 10 +++++++--- .../src/main/resources/common.properties | 3 +++ .../worker/processor/TaskExecuteProcessor.java | 3 ++- .../server/worker/task/AbstractCommandExecutor.java | 13 ++++++++----- 6 files changed, 32 insertions(+), 9 deletions(-) diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java index c4b6243c48..0a46a35580 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java @@ -155,6 +155,11 @@ public final class Constants { public static final String DEVELOPMENT_STATE = "development.state"; public static final String DEVELOPMENT_STATE_DEFAULT_VALUE = "true"; + /** + * sudo enable + */ + public static final String SUDO_ENABLE = "sudo.enable"; + /** * string true */ diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/CommonUtils.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/CommonUtils.java index cf307b402f..e68c342ea4 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/CommonUtils.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/CommonUtils.java @@ -68,6 +68,13 @@ public class CommonUtils { return PropertyUtils.getBoolean(Constants.DEVELOPMENT_STATE, true); } + /** + * @return sudo enable + */ + public static boolean isSudoEnable() { + return PropertyUtils.getBoolean(Constants.SUDO_ENABLE, true); + } + /** * if upload resource is HDFS and kerberos startup is true , else false * diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/OSUtils.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/OSUtils.java index 92a06fe568..09b4e06d9f 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/OSUtils.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/OSUtils.java @@ -22,12 +22,12 @@ import org.apache.dolphinscheduler.common.shell.ShellExecutor; import org.apache.commons.configuration.Configuration; -import java.lang.management.OperatingSystemMXBean; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.lang.management.ManagementFactory; +import java.lang.management.OperatingSystemMXBean; import java.lang.management.RuntimeMXBean; import java.math.RoundingMode; import java.text.DecimalFormat; @@ -406,13 +406,17 @@ public class OSUtils { } /** - * get sudo command + * get sudo command + * * @param tenantCode tenantCode * @param command command * @return result of sudo execute command */ public static String getSudoCmd(String tenantCode, String command) { - return StringUtils.isEmpty(tenantCode) ? command : "sudo -u " + tenantCode + " " + command; + if (!CommonUtils.isSudoEnable() || StringUtils.isEmpty(tenantCode)) { + return command; + } + return String.format("sudo -u %s %s", tenantCode, command); } /** diff --git a/dolphinscheduler-common/src/main/resources/common.properties b/dolphinscheduler-common/src/main/resources/common.properties index 833e0491e2..e46dd15756 100644 --- a/dolphinscheduler-common/src/main/resources/common.properties +++ b/dolphinscheduler-common/src/main/resources/common.properties @@ -76,3 +76,6 @@ datasource.encryption.salt=!@#$%^&* # Network IP gets priority, default inner outer #dolphin.scheduler.network.priority.strategy=default + +# use sudo or not, if set true ,executing user is tenant user and deploy user need sudo permissions ; if set false, executing user is the deploy user, don't need sudo permissions. +sudo.enable=true diff --git a/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/processor/TaskExecuteProcessor.java b/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/processor/TaskExecuteProcessor.java index f03d86bb65..00f4956921 100644 --- a/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/processor/TaskExecuteProcessor.java +++ b/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/processor/TaskExecuteProcessor.java @@ -20,6 +20,7 @@ package org.apache.dolphinscheduler.server.worker.processor; import org.apache.dolphinscheduler.common.enums.Event; import org.apache.dolphinscheduler.common.enums.ExecutionStatus; import org.apache.dolphinscheduler.common.enums.TaskType; +import org.apache.dolphinscheduler.common.utils.CommonUtils; import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.common.utils.FileUtils; import org.apache.dolphinscheduler.common.utils.JSONUtils; @@ -147,7 +148,7 @@ public class TaskExecuteProcessor implements NettyRequestProcessor { FileUtils.taskLoggerThreadLocal.set(taskLogger); try { FileUtils.createWorkDirIfAbsent(execLocalPath); - if (workerConfig.getWorkerTenantAutoCreate()) { + if (CommonUtils.isSudoEnable() && workerConfig.getWorkerTenantAutoCreate()) { OSUtils.createUserIfAbsent(taskExecutionContext.getTenantCode()); } } catch (Throwable ex) { diff --git a/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/task/AbstractCommandExecutor.java b/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/task/AbstractCommandExecutor.java index 392d279e8e..88af2d7f2c 100644 --- a/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/task/AbstractCommandExecutor.java +++ b/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/task/AbstractCommandExecutor.java @@ -25,6 +25,7 @@ import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.enums.ExecutionStatus; import org.apache.dolphinscheduler.common.thread.Stopper; import org.apache.dolphinscheduler.common.thread.ThreadUtils; +import org.apache.dolphinscheduler.common.utils.CommonUtils; import org.apache.dolphinscheduler.common.utils.HadoopUtils; import org.apache.dolphinscheduler.common.utils.LoggerUtils; import org.apache.dolphinscheduler.common.utils.OSUtils; @@ -84,7 +85,7 @@ public abstract class AbstractCommandExecutor { * log list */ protected final List logBuffer; - + protected boolean logOutputIsScuccess = false; /** @@ -134,9 +135,11 @@ public abstract class AbstractCommandExecutor { processBuilder.redirectErrorStream(true); // setting up user to run commands - command.add("sudo"); - command.add("-u"); - command.add(taskExecutionContext.getTenantCode()); + if (CommonUtils.isSudoEnable()) { + command.add("sudo"); + command.add("-u"); + command.add(taskExecutionContext.getTenantCode()); + } command.add(commandInterpreter()); command.addAll(commandOptions()); command.add(commandFile); @@ -595,4 +598,4 @@ public abstract class AbstractCommandExecutor { public void setTaskResultString(String taskResultString) { this.taskResultString = taskResultString; } -} \ No newline at end of file +}