This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.1 by this push:
new 0c3bc1bcd07 [fix](auth)fix be enable http auth, some request link
never return. (#44959) (#45063)
0c3bc1bcd07 is described below
commit 0c3bc1bcd07a2877ab581d9e981e6f9b2cf3c551
Author: daidai <[email protected]>
AuthorDate: Fri Dec 6 09:39:13 2024 +0800
[fix](auth)fix be enable http auth, some request link never return.
(#44959) (#45063)
bp #44959
if you `enable_all_http_auth = true` in be.conf, then restart be, and
keep using `curl -u "xxxx:xxxx" http://127.0.0.1:8040/api/health` while
be is starting. You may encounter a situation where the link does not
return.
Reason:
When be is still starting, there is no information about fe master. When
you make an api request to be http port, be needs to request
authentication information from fe, which will cause it to request a
machine with empty ip and port 0. This rpc call will definitely fail
(this is not equivalent to a password error). After receiving this
failure, be does not `send_reply` to the api requester, so this api
request cannot be returned.
---
be/src/http/http_handler_with_auth.cpp | 10 ++++++++++
be/test/http/http_client_test.cpp | 1 -
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/be/src/http/http_handler_with_auth.cpp
b/be/src/http/http_handler_with_auth.cpp
index 6a4b28beb27..0fd9a6b4b05 100644
--- a/be/src/http/http_handler_with_auth.cpp
+++ b/be/src/http/http_handler_with_auth.cpp
@@ -35,6 +35,7 @@ HttpHandlerWithAuth::HttpHandlerWithAuth(ExecEnv* exec_env,
TPrivilegeHier::type
: _exec_env(exec_env), _hier(hier), _type(type) {}
int HttpHandlerWithAuth::on_header(HttpRequest* req) {
+ //if u return value isn't 0,u should `send_reply`,Avoid requesting links
that never return.
TCheckAuthRequest auth_request;
TCheckAuthResult auth_result;
AuthInfo auth_info;
@@ -64,6 +65,11 @@ int HttpHandlerWithAuth::on_header(HttpRequest* req) {
#ifndef BE_TEST
TNetworkAddress master_addr = _exec_env->master_info()->network_address;
+ if (master_addr.hostname.empty() || master_addr.port == 0) {
+ LOG(WARNING) << "Not found master fe, Can't auth API request: " <<
req->debug_string();
+ HttpChannel::send_error(req, HttpStatus::SERVICE_UNAVAILABLE);
+ return -1;
+ }
{
auto status = ThriftRpcHelper::rpc<FrontendServiceClient>(
master_addr.hostname, master_addr.port,
@@ -71,6 +77,10 @@ int HttpHandlerWithAuth::on_header(HttpRequest* req) {
client->checkAuth(auth_result, auth_request);
});
if (!status) {
+ LOG(WARNING) << "CheckAuth Rpc Fail.Fe Ip:" << master_addr.hostname
+ << ", Fe port:" << master_addr.port << ".Status:" <<
status.to_string()
+ << ".Request: " << req->debug_string();
+ HttpChannel::send_error(req, HttpStatus::SERVICE_UNAVAILABLE);
return -1;
}
}
diff --git a/be/test/http/http_client_test.cpp
b/be/test/http/http_client_test.cpp
index 00b3288d2e9..9e04a7e725d 100644
--- a/be/test/http/http_client_test.cpp
+++ b/be/test/http/http_client_test.cpp
@@ -340,5 +340,4 @@ TEST_F(HttpClientTest, escape_url) {
std::string output_G = hostname +
"/download_file?key=0x2E&key=%252E#section";
ASSERT_TRUE(check_result(input_G, output_G));
}
-
} // namespace doris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
