This is an automated email from the ASF dual-hosted git repository.
laiyingchun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 69a7b9ea6 [tool] standardize the output of rebalance report tool
69a7b9ea6 is described below
commit 69a7b9ea6cba6f559f023da0c64d24dfdfb52bc6
Author: kedeng <[email protected]>
AuthorDate: Wed Aug 14 14:46:49 2024 +0800
[tool] standardize the output of rebalance report tool
I discovered that in environments with authentication
enabled, if the kinit operation is not performed and
the 'kudu cluster rebalance §ma -report_only' command
is used to query the rebalance progress, an output
similar to
'I20240812 19:23:29.041643 15510 tool_action_cluster.cc:275] no version
information from some servers; not rebalancing single-replica tablets as the
result an empty cluster'
is returned. This output can mislead our users.
In this patch, I have fixed this unauthorized error output
and added corresponding unit tests to verify the new logic.
Change-Id: If844be1f7ccd156582f1ffa7137c8a711c49178d
Reviewed-on: http://gerrit.cloudera.org:8080/21672
Reviewed-by: Yingchun Lai <[email protected]>
Tested-by: Yingchun Lai <[email protected]>
---
src/kudu/integration-tests/security-itest.cc | 21 +++++++++++++++++++++
src/kudu/tools/tool_action_cluster.cc | 13 ++++++++-----
2 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/src/kudu/integration-tests/security-itest.cc
b/src/kudu/integration-tests/security-itest.cc
index 39ae5a793..78452461b 100644
--- a/src/kudu/integration-tests/security-itest.cc
+++ b/src/kudu/integration-tests/security-itest.cc
@@ -67,6 +67,7 @@
#include "kudu/tserver/tserver.pb.h"
#include "kudu/tserver/tserver_service.pb.h"
#include "kudu/tserver/tserver_service.proxy.h"
+#include "kudu/tools/tool_test_util.h"
#include "kudu/util/curl_util.h"
#include "kudu/util/env.h"
#include "kudu/util/faststring.h"
@@ -100,6 +101,7 @@ using kudu::cluster::ExternalMiniClusterOptions;
using kudu::rpc::Messenger;
using kudu::security::CreateTestSSLCertWithChainSignedByRoot;
using kudu::security::CreateTestSSLExpiredCertWithChainSignedByRoot;
+using kudu::tools::RunKuduTool;
using std::get;
using std::string;
using std::tuple;
@@ -457,6 +459,25 @@ TEST_F(SecurityITest, TestNoKerberosCredentials) {
"but client does not have Kerberos credentials
available");
}
+// Test trying to access the rebalance report without Kerberos credentials.
+TEST_F(SecurityITest, TestRebalanceReportUnauthorized) {
+ ASSERT_OK(StartCluster());
+ ASSERT_OK(cluster_->kdc()->Kdestroy());
+
+ const auto& master_addr = cluster_->master(0)->bound_rpc_addr().ToString();
+ string out;
+ string err;
+ Status s = RunKuduTool({
+ "cluster",
+ "rebalance",
+ master_addr,
+ "--report_only",
+ }, &out, &err);
+ ASSERT_TRUE(s.IsRuntimeError());
+ ASSERT_STR_CONTAINS(err,
+ "Not authorized: re-run ksck with administrator privileges");
+}
+
// Regression test for KUDU-2121. Set up a Kerberized cluster with optional
// authentication. An un-Kerberized client should be able to connect with SASL
// PLAIN authentication.
diff --git a/src/kudu/tools/tool_action_cluster.cc
b/src/kudu/tools/tool_action_cluster.cc
index 8e1092a28..b422ddd56 100644
--- a/src/kudu/tools/tool_action_cluster.cc
+++ b/src/kudu/tools/tool_action_cluster.cc
@@ -25,12 +25,12 @@
#include <optional>
#include <string>
#include <tuple>
+#include <type_traits>
#include <vector>
#include <gflags/gflags.h>
#include <glog/logging.h>
-#include "kudu/gutil/basictypes.h"
#include "kudu/gutil/strings/split.h"
#include "kudu/gutil/strings/substitute.h"
#include "kudu/rebalance/cluster_status.h"
@@ -255,10 +255,13 @@ Status EvaluateMoveSingleReplicasFlag(const
vector<string>& master_addresses,
"unable to build KsckCluster");
auto ksck(make_shared<Ksck>(cluster));
- // Ignoring the result of the Ksck::Run() method: it's possible the cluster
- // is not completely healthy but rebalancing can proceed; for example,
- // if a leader election is occurring.
- ignore_result(ksck->Run());
+ // Ignoring the result of the Ksck::Run() method but IsNotAuthorized:
+ // it's possible the cluster is not completely healthy but rebalancing
+ // can proceed; for example, if a leader election is occurring.
+ Status status = ksck->Run();
+ if (status.IsNotAuthorized()) {
+ RETURN_NOT_OK_PREPEND(status, "re-run ksck with administrator privileges");
+ }
const auto& ksck_results = ksck->results();
for (const auto& summaries : { ksck_results.cluster_status.tserver_summaries,
