big-data/hadoop
big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

HADOOP-16691. Unify Logging in UserGroupInformation.

Browse Source 
Unify Logging in UserGroupInformation.
This commit is contained in:
belugabehr 2019-11-14 13:28:26 -05:00 committed by Inigo Goiri
parent c73334a924
commit d0302d3849
1 changed files with 35 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
View File

@ -189,21 +189,15 @@ public class UserGroupInformation {
@Override @Override
public boolean commit() throws LoginException { public boolean commit() throws LoginException {
if (LOG.isDebugEnabled()) {
LOG.debug("hadoop login commit"); LOG.debug("hadoop login commit");
}
// if we already have a user, we are done. // if we already have a user, we are done.
if (!subject.getPrincipals(User.class).isEmpty()) { if (!subject.getPrincipals(User.class).isEmpty()) {
if (LOG.isDebugEnabled()) { LOG.debug("Using existing subject: {}", subject.getPrincipals());
LOG.debug("using existing subject:"+subject.getPrincipals());
}
return true; return true;
} }
Principal user = getCanonicalUser(KerberosPrincipal.class); Principal user = getCanonicalUser(KerberosPrincipal.class);
if (user != null) { if (user != null) {
if (LOG.isDebugEnabled()) { LOG.debug("Using kerberos user: {}", user);
LOG.debug("using kerberos user:"+user);
}
} }
//If we don't have a kerberos user and security is disabled, check //If we don't have a kerberos user and security is disabled, check
//if user is specified in the environment or properties //if user is specified in the environment or properties
@ -217,15 +211,11 @@ public class UserGroupInformation {
// use the OS user // use the OS user
if (user == null) { if (user == null) {
user = getCanonicalUser(OS_PRINCIPAL_CLASS); user = getCanonicalUser(OS_PRINCIPAL_CLASS);
if (LOG.isDebugEnabled()) { LOG.debug("Using local user: {}", user);
LOG.debug("using local user:"+user);
}
} }
// if we found the user, add our principal // if we found the user, add our principal
if (user != null) { if (user != null) {
if (LOG.isDebugEnabled()) { LOG.debug("Using user: \"{}\" with name: {}", user, user.getName());
LOG.debug("Using user: \"" + user + "\" with name " + user.getName());
}
User userEntry = null; User userEntry = null;
try { try {
@ -237,15 +227,12 @@ public class UserGroupInformation {
} catch (Exception e) { } catch (Exception e) {
throw (LoginException)(new LoginException(e.toString()).initCause(e)); throw (LoginException)(new LoginException(e.toString()).initCause(e));
} }
if (LOG.isDebugEnabled()) { LOG.debug("User entry: \"{}\"", userEntry);
LOG.debug("User entry: \"" + userEntry.toString() + "\"" );
}
subject.getPrincipals().add(userEntry); subject.getPrincipals().add(userEntry);
return true; return true;
} }
LOG.error("Can't find user in " + subject); throw new LoginException("Failed to find user in name " + subject);
throw new LoginException("Can't find user name");
} }
@Override @Override
@ -256,17 +243,13 @@ public class UserGroupInformation {
@Override @Override
public boolean login() throws LoginException { public boolean login() throws LoginException {
if (LOG.isDebugEnabled()) { LOG.debug("Hadoop login");
LOG.debug("hadoop login");
}
return true; return true;
} }
@Override @Override
public boolean logout() throws LoginException { public boolean logout() throws LoginException {
if (LOG.isDebugEnabled()) { LOG.debug("Hadoop logout");
LOG.debug("hadoop logout");
}
return true; return true;
} }
} }
@ -808,12 +791,10 @@ public class UserGroupInformation {
LOG.debug("Loaded {} base64 tokens", numTokenBase64); LOG.debug("Loaded {} base64 tokens", numTokenBase64);
} }
} catch (IOException ioe) { } catch (IOException ioe) {
LOG.debug("failure to load login credentials", ioe); LOG.debug("Failure to load login credentials", ioe);
throw ioe; throw ioe;
} }
if (LOG.isDebugEnabled()) { LOG.debug("UGI loginUser: {}", loginUser);
LOG.debug("UGI loginUser:"+loginUser);
}
return loginUser; return loginUser;
} }
@ -994,10 +975,7 @@ public class UserGroupInformation {
do { do {
try { try {
long now = Time.now(); long now = Time.now();
if (LOG.isDebugEnabled()) { LOG.debug("Current time is {}, next refresh is {}", now, nextRefresh);
LOG.debug("Current time is " + now);
LOG.debug("Next refresh is " + nextRefresh);
}
if (now < nextRefresh) { if (now < nextRefresh) {
Thread.sleep(nextRefresh - now); Thread.sleep(nextRefresh - now);
} }
@ -1033,18 +1011,18 @@ public class UserGroupInformation {
try { try {
tgtEndTime = tgt.getEndTime().getTime(); tgtEndTime = tgt.getEndTime().getTime();
} catch (NullPointerException npe) { } catch (NullPointerException npe) {
LOG.error(String.format("NPE thrown while getting " + LOG.error("NPE thrown while getting KerberosTicket endTime. "
"KerberosTicket endTime. Aborting renew thread for %s.", + "Aborting renew thread for {}.", getUserName(), ie);
getUserName()), ie);
return; return;
} }
LOG.warn(String.format("Exception encountered while running the " + LOG.warn(
"renewal command for %s. " + "Exception encountered while running the "
"(TGT end time:%d, renewalFailures: %d, " + + "renewal command for {}. "
"renewalFailuresTotal: %d)", getUserName(), tgtEndTime, + "(TGT end time:{}, renewalFailures: {}, "
metrics.renewalFailures.value(), + "renewalFailuresTotal: {})",
metrics.renewalFailuresTotal.value()), ie); getUserName(), tgtEndTime, metrics.renewalFailures.value(),
metrics.renewalFailuresTotal.value(), ie);
if (rp == null) { if (rp == null) {
// Use a dummy maxRetries to create the policy. The policy will // Use a dummy maxRetries to create the policy. The policy will
// only be used to get next retry time with exponential back-off. // only be used to get next retry time with exponential back-off.
@ -1091,9 +1069,7 @@ public class UserGroupInformation {
@Override @Override
public void relogin() throws IOException { public void relogin() throws IOException {
String output = Shell.execCommand(kinitCmd, "-R"); String output = Shell.execCommand(kinitCmd, "-R");
if (LOG.isDebugEnabled()) {
LOG.debug("Renewed ticket. kinit output: {}", output); LOG.debug("Renewed ticket. kinit output: {}", output);
}
reloginFromTicketCache(); reloginFromTicketCache();
} }
} }
@ -1193,9 +1169,7 @@ public class UserGroupInformation {
} }
try { try {
if (LOG.isDebugEnabled()) { LOG.debug("Initiating logout for {}", getUserName());
LOG.debug("Initiating logout for " + getUserName());
}
// hadoop login context internally locks credentials. // hadoop login context internally locks credentials.
login.logout(); login.logout();
} catch (LoginException le) { } catch (LoginException le) {
@ -1329,9 +1303,7 @@ public class UserGroupInformation {
// register most recent relogin attempt // register most recent relogin attempt
user.setLastLogin(now); user.setLastLogin(now);
try { try {
if (LOG.isDebugEnabled()) { LOG.debug("Initiating logout for {}", getUserName());
LOG.debug("Initiating logout for " + getUserName());
}
//clear up the kerberos state. But the tokens are not cleared! As per //clear up the kerberos state. But the tokens are not cleared! As per
//the Java kerberos login module code, only the kerberos credentials //the Java kerberos login module code, only the kerberos credentials
//are cleared //are cleared
@ -1340,9 +1312,7 @@ public class UserGroupInformation {
//have the new credentials (pass it to the LoginContext constructor) //have the new credentials (pass it to the LoginContext constructor)
login = newLoginContext( login = newLoginContext(
login.getAppName(), login.getSubject(), login.getConfiguration()); login.getAppName(), login.getSubject(), login.getConfiguration());
if (LOG.isDebugEnabled()) { LOG.debug("Initiating re-login for {}", getUserName());
LOG.debug("Initiating re-login for " + getUserName());
}
login.login(); login.login();
// this should be unnecessary. originally added due to improper locking // this should be unnecessary. originally added due to improper locking
// of the subject during relogin. // of the subject during relogin.
@ -1748,11 +1718,7 @@ public class UserGroupInformation {
try { try {
return groups.getGroups(getShortUserName()); return groups.getGroups(getShortUserName());
} catch (IOException ie) { } catch (IOException ie) {
if (LOG.isDebugEnabled()) { LOG.debug("Failed to get groups for user {}", getShortUserName(), ie);
LOG.debug("Failed to get groups for user " + getShortUserName()
+ " by " + ie);
LOG.trace("TRACE", ie);
}
return Collections.emptyList(); return Collections.emptyList();
} }
} }
@ -1867,7 +1833,10 @@ public class UserGroupInformation {
@InterfaceAudience.Public @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public <T> T doAs(PrivilegedAction<T> action) { public <T> T doAs(PrivilegedAction<T> action) {
logPrivilegedAction(subject, action); if (LOG.isDebugEnabled()) {
LOG.debug("PrivilegedAction [as: {}][action: {}]", this, action,
new Exception());
}
return Subject.doAs(subject, action); return Subject.doAs(subject, action);
} }
@ -1887,13 +1856,14 @@ public class UserGroupInformation {
public <T> T doAs(PrivilegedExceptionAction<T> action public <T> T doAs(PrivilegedExceptionAction<T> action
) throws IOException, InterruptedException { ) throws IOException, InterruptedException {
try { try {
logPrivilegedAction(subject, action); if (LOG.isDebugEnabled()) {
LOG.debug("PrivilegedAction [as: {}][action: {}]", this, action,
new Exception());
}
return Subject.doAs(subject, action); return Subject.doAs(subject, action);
} catch (PrivilegedActionException pae) { } catch (PrivilegedActionException pae) {
Throwable cause = pae.getCause(); Throwable cause = pae.getCause();
if (LOG.isDebugEnabled()) { LOG.debug("PrivilegedActionException as: {}", this, cause);
LOG.debug("PrivilegedActionException as:" + this + " cause:" + cause);
}
if (cause == null) { if (cause == null) {
throw new RuntimeException("PrivilegedActionException with no " + throw new RuntimeException("PrivilegedActionException with no " +
"underlying cause. UGI [" + this + "]" +": " + pae, pae); "underlying cause. UGI [" + this + "]" +": " + pae, pae);
@ -1911,14 +1881,6 @@ public class UserGroupInformation {
} }
} }
private void logPrivilegedAction(Subject subject, Object action) {
if (LOG.isDebugEnabled()) {
// would be nice if action included a descriptive toString()
String where = new Throwable().getStackTrace()[2].toString();
LOG.debug("PrivilegedAction as:"+this+" from:"+where);
}
}
/** /**
* Log current UGI and token information into specified log. * Log current UGI and token information into specified log.
* @param ugi - UGI * @param ugi - UGI