DarkAssassinator commented on code in PR #12736:
URL:
https://github.com/apache/dolphinscheduler/pull/12736#discussion_r1022366647
##########
dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/main/java/org/apache/dolphinscheduler/plugin/task/api/AbstractCommandExecutor.java:
##########
@@ -190,11 +220,105 @@ public TaskResponse run(String execCommand) throws
IOException, InterruptedExcep
return result;
}
+ if (bashTaskExecutionContext.getSessionHost() != null) {
+ runningOnSSH = true;
+ }
+
+ if (runningOnSSH && SystemUtils.IS_OS_WINDOWS) {
+ logger.error("SSH does not support Windows systems");
+
TaskExecutionContextCacheManager.removeByTaskInstanceId(taskInstanceId);
+ return result;
+ }
+
String commandFilePath = buildCommandFilePath();
// create command file if not exists
createCommandFileIfNotExists(execCommand, commandFilePath);
+ result = runCommandFile(commandFilePath);
+
+ return result;
+ }
+
+ private TaskResponse runCommandFile(String commandFilePath) throws
IOException, InterruptedException {
+ return runningOnSSH ? runOnSSH(commandFilePath) :
runOnLocalProcess(commandFilePath);
+ }
+
+ private TaskResponse runOnSSH(String commandFilePath) {
+ TaskResponse result = new TaskResponse();
+ SSHSessionHolder sessionHolder = null;
+ this.sessionHost = bashTaskExecutionContext.getSessionHost();
+ try {
+ sessionHolder = SSHSessionPool.getSessionHolder(sessionHost);
+ sessionHolder.setSftpConfig(SSHSessionPool.getSftpConfig());
+ logger.info("borrow session:{} success", sessionHolder);
+
+ boolean uploadRes =
+ sessionHolder.sftpDir(taskRequest.getExecutePath(),
taskRequest.getExecutePath(), logger);
+ if (!uploadRes) {
+ logger.error("upload task {} execute path to remote session {}
failed", taskRequest.getExecutePath(),
+ sessionHost.toString());
+ result.setExitStatusCode(EXIT_CODE_FAILURE);
+ return result;
+ }
+
+ if (taskRequest.getEnvFile() != null) {
+ boolean uploadEnvRes =
+ sessionHolder.sftpDir(taskRequest.getEnvFile(),
taskRequest.getExecutePath(), logger);
+ if (!uploadEnvRes) {
+ logger.error("upload task {} execute path to remote
session {} failed", taskRequest.getEnvFile(),
+ sessionHost.toString());
+ result.setExitStatusCode(EXIT_CODE_FAILURE);
+ return result;
+ }
+ }
+
+ // because JSch .chmod is not stable, so use the 'chmod -R' instead
+ logger.info("update remote path's permission:{} on session:{} to
755", taskRequest.getExecutePath(),
+ sessionHost.toString());
+ String chmodCommand = "chmod -R 755 " +
taskRequest.getExecutePath();
Review Comment:
> > > Why it should chmod 755? I'm not sure whether it will cause some CVE?
cc @ruanwenjun
> >
> >
> > because remote server should keep same as DS worker, and just chmod the
execute path, if there are any worry, we can change to 600. WDYT
>
> If chmod 600 can work, I think it is better.
ohh sorry, my mistake, not 600, chmod 700 should be ok
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
