————— 2022-6-2 ————— Mr. Lightning 19:48 After Qualitis is installed, the data source to be verified can't come out, and I can't find the document saying how it came from. Does anyone know about this?
Mr. Lightning 20:00 Does @CCweixiao_intsig_leojie work? Heisenberg 20:01 Let's have a meal first, I'll get it later, it should be the problem of the host name here [laughs through tears] peacewong@WDS 20:25 You can take a screenshot Heisenberg 20:26 Because we have DNS online, all we recognize are the DNS domain name of the machine, so there has been no problem, but now there will be some problems if the hosts file of the local machine is not configured 😄 Heisenberg 20:27 Alright now, two big guys 😄 peacewong@WDS 20:27 Why are there two different? Mr. Lightning 20:28 Full hostname now? Heisenberg 20:28 Right. Now the registered address is all host name. It's normal. Configure the IP and hostname mapping. Mr. Lightning 20:29 [powerful] Heisenberg 20:29 How is your Qualitis? Brother Ping is helping you Mr. Lightning 20:29 I'll go back and watch it later. I'm having dinner. Mr. Lightning 20:29 Modify the linkis-ps-publicservice.properties configuration file to linkis.metadata.hive.permission.with-login-user-enabled=false and try Mr. Lightning 20:30 The classmates in the group said to change this Heisenberg 20:33 @徐杰哥,excuse me, I added a default structure to the structure of DWSClientConfig in LinkisDataSourceRemoteClient before, mainly to support the calls between internal microservices. If you haven't implemented it yet, I'll make a PR. Heisenberg 20:33 Image 1 (can be viewed in the attachment) Heisenberg 20:34 @peacewong@WDS Ping brother also help to review, this form should be no problem Heisenberg 20:37 Brother Ping, I have another question. If the API is called between internal microservices, is the authentication method a token mechanism? Not affected by gateway authentication method? For example, my gateway uses SSO user authentication. When microservice A calls the client interface of microservice B, is it ok to use token as the authentication method? .setAuthenticationStrategy(authenticationStrategy) .setAuthTokenKey(tokenKey) .setAuthTokenValue(tokenValue) Qualify a tokenKey tokenValue? peacewong@WDS 20:39 no problem peacewong@WDS 20:39 Without going through the gateway? Heisenberg 20:40 should go through Heisenberg 20:40 You see here, token authentication is used Heisenberg 20:40 Image 2 (can be viewed in the attachment) peacewong@WDS 20:42 OK peacewong@WDS 20:42 token is ok Heisenberg 20:45 Hmm, gateway enables SSO authentication mode, the user's http request must bring the SSO authentication token, and then the client API is actually the http interface of the request, and the gateway address is filled in, so it is supposed to be SSO authentication, but it can support additional token authentication, The instance directly connected to the RPC Server does not go through the gateway, so the request should be without permission control. peacewong@WDS 20:45 Yes, sso does not affect the token's Heisenberg 20:45 I'm a little confused about this one 😄. I'll think about it again Heisenberg 20:46 Hmm, now I understand peacewong@WDS 20:46 Static policies are affected, and sso login is also used ————— 2022-6-2 ————— 闪电先生 19:48 Qualitis安装完以后 那个要校验的数据源出不来,也没有找到文档说怎么来的,哪位大佬知道这一块吗? 闪电先生 20:00 @CCweixiao_intsig_leojie 有用吗? 海森堡 20:01 先吃了个饭 等会弄下 应该就是这里主机名的问题[破涕为笑] peacewong@WDS 20:25 可以截图看看 海森堡 20:26 我们线上因为有DNS 所以识别的全都是机器的DNS域名,所以一直没啥问题,只不过现在本地机 hosts文件如果不配置的 会有些问题 😄 海森堡 20:27 现在好了 两位大佬 😄 peacewong@WDS 20:27 为啥有不同的呢两个呢 闪电先生 20:28 现在全hostname? 海森堡 20:28 对的 现在注册地址什么的全是host name 正常啦,配置下IP和hostname映射 闪电先生 20:29 [强] 海森堡 20:29 你Qualitis 的好啦?平哥在帮你看 闪电先生 20:29 我等下回去看 在吃饭 闪电先生 20:29 修改linkis-ps-publicservice.properties配置文件里为linkis.metadata.hive.permission.with-login-user-enabled=false试试 闪电先生 20:30 群里面的同学说改这个 海森堡 20:33 @徐杰 杰哥,打扰下,之前LinkisDataSourceRemoteClient 中DWSClientConfig的构造我加了一个默认构造,主要为了支持内部微服务间调用的,你那边如果还没实现的话,我来提PR吧[破涕为笑] 海森堡 20:33 图片1(可在附件中查看) 海森堡 20:34 @peacewong@WDS 平哥 也帮忙review 下,这样的形式应该没问题吧 海森堡 20:37 平哥 ,我还有一个问题,内部微服务之间调用 API的话,认证方式是token机制嘛?不受gateway 认证方式的影响?比如,我gateway 使用的是SSO 用户认证,在微服务A调用微服务B的client接口是,认证方式是token 就可以嘛? .setAuthenticationStrategy(authenticationStrategy) .setAuthTokenKey(tokenKey) .setAuthTokenValue(tokenValue) 限定一个tokenKey tokenValue? peacewong@WDS 20:39 没问题的 peacewong@WDS 20:39 不经过gateway? 海森堡 20:40 应该经过的 海森堡 20:40 你看这里,用的是token认证 海森堡 20:40 图片2(可在附件中查看) peacewong@WDS 20:42 可以的 peacewong@WDS 20:42 token没问题的 海森堡 20:45 嗯嗯 gateway 开启SSO认证方式,用户的http请求都得带上SSO 鉴权token,然后client API,其实也是请求的http接口,填的gateway地址,所以按说也是SSO 鉴权,但却可以支持额外的token鉴权, 而RPC Server 直接对接的instance,不经过gateway,所以请求应该都是没有权限控制的吧 peacewong@WDS 20:45 是的,sso不影响token的 海森堡 20:45 这块我都有点迷糊啦 😄。我再琢磨琢磨这块内容 海森堡 20:46 嗯嗯 现在理解啦 peacewong@WDS 20:46 静态策略是受影响的,也是走sso登录 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@linkis.apache.org For additional commands, e-mail: dev-h...@linkis.apache.org
