From b503de23281273c645921fa1a89ef25cda9a8fe3 Mon Sep 17 00:00:00 2001 From: Xiaoyu Yao Date: Wed, 17 Mar 2021 10:57:11 -0700 Subject: [PATCH] =?UTF-8?q?HADOOP-17578.=20Improve=20UGI=20debug=20log=20t?= =?UTF-8?q?o=20help=20troubleshooting=20TokenCach=E2=80=A6=20(#2762)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../hadoop/security/UserGroupInformation.java | 7 ++++--- .../security/token/DelegationTokenIssuer.java | 17 ++++++++++++++++- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java index f500758803..c3d7a55a10 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java @@ -1925,11 +1925,12 @@ public class UserGroupInformation { @InterfaceAudience.LimitedPrivate({"HDFS", "KMS"}) @InterfaceStability.Unstable public static void logUserInfo(Logger log, String caption, - UserGroupInformation ugi) throws IOException { + UserGroupInformation ugi) { if (log.isDebugEnabled()) { log.debug(caption + " UGI: " + ugi); - for (Token token : ugi.getTokens()) { - log.debug("+token:" + token); + for (Map.Entry> kv : + ugi.getCredentials().getTokenMap().entrySet()) { + log.debug("+token: {} -> {}", kv.getKey(), kv.getValue()); } } } diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/DelegationTokenIssuer.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/DelegationTokenIssuer.java index 70a53b7166..7b0a78bcd3 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/DelegationTokenIssuer.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/DelegationTokenIssuer.java @@ -21,6 +21,8 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.io.Text; import org.apache.hadoop.security.Credentials; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.io.IOException; import java.util.ArrayList; @@ -32,7 +34,7 @@ import java.util.List; @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "Yarn"}) @InterfaceStability.Unstable public interface DelegationTokenIssuer { - + Logger TOKEN_LOG = LoggerFactory.getLogger(DelegationTokenIssuer.class); /** * The service name used as the alias for the token in the credential * token map. addDelegationTokens will use this to determine if @@ -88,15 +90,28 @@ public interface DelegationTokenIssuer { final List> tokens) throws IOException { final String serviceName = issuer.getCanonicalServiceName(); // Collect token of the this issuer and then of its embedded children + if (TOKEN_LOG.isDebugEnabled()) { + TOKEN_LOG.debug("Search token for service {} in credentials", + serviceName); + } if (serviceName != null) { final Text service = new Text(serviceName); Token token = credentials.getToken(service); if (token == null) { + if (TOKEN_LOG.isDebugEnabled()) { + TOKEN_LOG.debug("Token for service {} not found in credentials," + + " try getDelegationToken.", serviceName); + } token = issuer.getDelegationToken(renewer); if (token != null) { tokens.add(token); credentials.addToken(service, token); } + } else { + if (TOKEN_LOG.isDebugEnabled()) { + TOKEN_LOG.debug("Token for service {} found in credentials," + + "skip getDelegationToken.", serviceName); + } } } // Now collect the tokens from the children.