DarkAssassinator commented on code in PR #12736:
URL:
https://github.com/apache/dolphinscheduler/pull/12736#discussion_r1021546423
##########
dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/main/java/org/apache/dolphinscheduler/plugin/task/api/AbstractCommandExecutor.java:
##########
@@ -190,11 +220,105 @@ public TaskResponse run(String execCommand) throws
IOException, InterruptedExcep
return result;
}
+ if (bashTaskExecutionContext.getSessionHost() != null) {
+ runningOnSSH = true;
+ }
+
+ if (runningOnSSH && SystemUtils.IS_OS_WINDOWS) {
+ logger.error("SSH does not support Windows systems");
+
TaskExecutionContextCacheManager.removeByTaskInstanceId(taskInstanceId);
+ return result;
+ }
+
String commandFilePath = buildCommandFilePath();
// create command file if not exists
createCommandFileIfNotExists(execCommand, commandFilePath);
+ result = runCommandFile(commandFilePath);
+
+ return result;
+ }
+
+ private TaskResponse runCommandFile(String commandFilePath) throws
IOException, InterruptedException {
+ return runningOnSSH ? runOnSSH(commandFilePath) :
runOnLocalProcess(commandFilePath);
+ }
+
+ private TaskResponse runOnSSH(String commandFilePath) {
+ TaskResponse result = new TaskResponse();
+ SSHSessionHolder sessionHolder = null;
+ this.sessionHost = bashTaskExecutionContext.getSessionHost();
+ try {
+ sessionHolder = SSHSessionPool.getSessionHolder(sessionHost);
+ sessionHolder.setSftpConfig(SSHSessionPool.getSftpConfig());
+ logger.info("borrow session:{} success", sessionHolder);
+
+ boolean uploadRes =
+ sessionHolder.sftpDir(taskRequest.getExecutePath(),
taskRequest.getExecutePath(), logger);
+ if (!uploadRes) {
+ logger.error("upload task {} execute path to remote session {}
failed", taskRequest.getExecutePath(),
+ sessionHost.toString());
+ result.setExitStatusCode(EXIT_CODE_FAILURE);
+ return result;
+ }
+
+ if (taskRequest.getEnvFile() != null) {
+ boolean uploadEnvRes =
+ sessionHolder.sftpDir(taskRequest.getEnvFile(),
taskRequest.getExecutePath(), logger);
+ if (!uploadEnvRes) {
+ logger.error("upload task {} execute path to remote
session {} failed", taskRequest.getEnvFile(),
+ sessionHost.toString());
+ result.setExitStatusCode(EXIT_CODE_FAILURE);
+ return result;
+ }
+ }
+
+ // because JSch .chmod is not stable, so use the 'chmod -R' instead
+ logger.info("update remote path's permission:{} on session:{} to
755", taskRequest.getExecutePath(),
+ sessionHost.toString());
+ String chmodCommand = "chmod -R 755 " +
taskRequest.getExecutePath();
Review Comment:
> Why it should chmod 755? I'm not sure whether it will cause some CVE? cc
@ruanwenjun
because remote server should keep same as DS worker, and just chmod the
execute path, if there are any worry, we can change to 600. WDYT
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
