Browse Source

[Feature-#5128]Support turning off sudo permissions (#5129)

* [Feature-#5128]Support turning off sudo permissions

* [Feature-#5128] without sudo permission do not create tenant user
pull/3/MERGE
guohaozhang 4 years ago committed by GitHub
parent
commit
a6a1b94df4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 5
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java
  2. 7
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/CommonUtils.java
  3. 10
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/OSUtils.java
  4. 3
      dolphinscheduler-common/src/main/resources/common.properties
  5. 3
      dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/processor/TaskExecuteProcessor.java
  6. 13
      dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/task/AbstractCommandExecutor.java

5
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java

@ -155,6 +155,11 @@ public final class Constants {
public static final String DEVELOPMENT_STATE = "development.state"; public static final String DEVELOPMENT_STATE = "development.state";
public static final String DEVELOPMENT_STATE_DEFAULT_VALUE = "true"; public static final String DEVELOPMENT_STATE_DEFAULT_VALUE = "true";
/**
* sudo enable
*/
public static final String SUDO_ENABLE = "sudo.enable";
/** /**
* string true * string true
*/ */

7
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/CommonUtils.java

@ -68,6 +68,13 @@ public class CommonUtils {
return PropertyUtils.getBoolean(Constants.DEVELOPMENT_STATE, true); return PropertyUtils.getBoolean(Constants.DEVELOPMENT_STATE, true);
} }
/**
* @return sudo enable
*/
public static boolean isSudoEnable() {
return PropertyUtils.getBoolean(Constants.SUDO_ENABLE, true);
}
/** /**
* if upload resource is HDFS and kerberos startup is true , else false * if upload resource is HDFS and kerberos startup is true , else false
* *

10
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/OSUtils.java

@ -22,12 +22,12 @@ import org.apache.dolphinscheduler.common.shell.ShellExecutor;
import org.apache.commons.configuration.Configuration; import org.apache.commons.configuration.Configuration;
import java.lang.management.OperatingSystemMXBean;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStreamReader; import java.io.InputStreamReader;
import java.lang.management.ManagementFactory; import java.lang.management.ManagementFactory;
import java.lang.management.OperatingSystemMXBean;
import java.lang.management.RuntimeMXBean; import java.lang.management.RuntimeMXBean;
import java.math.RoundingMode; import java.math.RoundingMode;
import java.text.DecimalFormat; import java.text.DecimalFormat;
@ -406,13 +406,17 @@ public class OSUtils {
} }
/** /**
* get sudo command * get sudo command
*
* @param tenantCode tenantCode * @param tenantCode tenantCode
* @param command command * @param command command
* @return result of sudo execute command * @return result of sudo execute command
*/ */
public static String getSudoCmd(String tenantCode, String command) { public static String getSudoCmd(String tenantCode, String command) {
return StringUtils.isEmpty(tenantCode) ? command : "sudo -u " + tenantCode + " " + command; if (!CommonUtils.isSudoEnable() || StringUtils.isEmpty(tenantCode)) {
return command;
}
return String.format("sudo -u %s %s", tenantCode, command);
} }
/** /**

3
dolphinscheduler-common/src/main/resources/common.properties

@ -76,3 +76,6 @@ datasource.encryption.salt=!@#$%^&*
# Network IP gets priority, default inner outer # Network IP gets priority, default inner outer
#dolphin.scheduler.network.priority.strategy=default #dolphin.scheduler.network.priority.strategy=default
# use sudo or not, if set true ,executing user is tenant user and deploy user need sudo permissions ; if set false, executing user is the deploy user, don't need sudo permissions.
sudo.enable=true

3
dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/processor/TaskExecuteProcessor.java

@ -20,6 +20,7 @@ package org.apache.dolphinscheduler.server.worker.processor;
import org.apache.dolphinscheduler.common.enums.Event; import org.apache.dolphinscheduler.common.enums.Event;
import org.apache.dolphinscheduler.common.enums.ExecutionStatus; import org.apache.dolphinscheduler.common.enums.ExecutionStatus;
import org.apache.dolphinscheduler.common.enums.TaskType; import org.apache.dolphinscheduler.common.enums.TaskType;
import org.apache.dolphinscheduler.common.utils.CommonUtils;
import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.common.utils.DateUtils;
import org.apache.dolphinscheduler.common.utils.FileUtils; import org.apache.dolphinscheduler.common.utils.FileUtils;
import org.apache.dolphinscheduler.common.utils.JSONUtils; import org.apache.dolphinscheduler.common.utils.JSONUtils;
@ -147,7 +148,7 @@ public class TaskExecuteProcessor implements NettyRequestProcessor {
FileUtils.taskLoggerThreadLocal.set(taskLogger); FileUtils.taskLoggerThreadLocal.set(taskLogger);
try { try {
FileUtils.createWorkDirIfAbsent(execLocalPath); FileUtils.createWorkDirIfAbsent(execLocalPath);
if (workerConfig.getWorkerTenantAutoCreate()) { if (CommonUtils.isSudoEnable() && workerConfig.getWorkerTenantAutoCreate()) {
OSUtils.createUserIfAbsent(taskExecutionContext.getTenantCode()); OSUtils.createUserIfAbsent(taskExecutionContext.getTenantCode());
} }
} catch (Throwable ex) { } catch (Throwable ex) {

13
dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/task/AbstractCommandExecutor.java

@ -25,6 +25,7 @@ import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.ExecutionStatus; import org.apache.dolphinscheduler.common.enums.ExecutionStatus;
import org.apache.dolphinscheduler.common.thread.Stopper; import org.apache.dolphinscheduler.common.thread.Stopper;
import org.apache.dolphinscheduler.common.thread.ThreadUtils; import org.apache.dolphinscheduler.common.thread.ThreadUtils;
import org.apache.dolphinscheduler.common.utils.CommonUtils;
import org.apache.dolphinscheduler.common.utils.HadoopUtils; import org.apache.dolphinscheduler.common.utils.HadoopUtils;
import org.apache.dolphinscheduler.common.utils.LoggerUtils; import org.apache.dolphinscheduler.common.utils.LoggerUtils;
import org.apache.dolphinscheduler.common.utils.OSUtils; import org.apache.dolphinscheduler.common.utils.OSUtils;
@ -84,7 +85,7 @@ public abstract class AbstractCommandExecutor {
* log list * log list
*/ */
protected final List<String> logBuffer; protected final List<String> logBuffer;
protected boolean logOutputIsScuccess = false; protected boolean logOutputIsScuccess = false;
/** /**
@ -134,9 +135,11 @@ public abstract class AbstractCommandExecutor {
processBuilder.redirectErrorStream(true); processBuilder.redirectErrorStream(true);
// setting up user to run commands // setting up user to run commands
command.add("sudo"); if (CommonUtils.isSudoEnable()) {
command.add("-u"); command.add("sudo");
command.add(taskExecutionContext.getTenantCode()); command.add("-u");
command.add(taskExecutionContext.getTenantCode());
}
command.add(commandInterpreter()); command.add(commandInterpreter());
command.addAll(commandOptions()); command.addAll(commandOptions());
command.add(commandFile); command.add(commandFile);
@ -595,4 +598,4 @@ public abstract class AbstractCommandExecutor {
public void setTaskResultString(String taskResultString) { public void setTaskResultString(String taskResultString) {
this.taskResultString = taskResultString; this.taskResultString = taskResultString;
} }
} }

Loading…
Cancel
Save