zclllyybb commented on issue #64393: URL: https://github.com/apache/doris/issues/64393#issuecomment-4676850911
Breakwater-GitHub-Analysis-Slot: slot_f855cb78fc4c Initial analysis: I checked the Doris 4.0.5 Paimon scan path. This does not look like a general catalog credential failure, because the same catalog works through the JNI scanner and some tables also work with the native path. The relevant difference is the reader path: - With `force_jni_scanner=false`, Doris can convert a Paimon `DataSplit` to raw ORC/Parquet files and read them through the native file scanner. In that path, FE normalizes each raw file path through `LocationPath` and passes backend S3 properties such as endpoint, region, credentials/token, and `use_path_style` to BE. BE then reads the object through Doris' native S3 client. - If the split has a Paimon deletion file/deletion vector, the native Paimon reader opens that deletion file separately through the same BE file reader before applying row filters. - With the JNI scanner, Doris passes Hadoop-style properties to `PaimonJniScanner`, and Paimon Java reads the serialized Paimon split itself. That path does not exercise the same BE native S3 object-access path. So the issue is actionable as a likely Paimon native-reader compatibility problem for this S3-compatible storage path, or a real object-permission difference on the specific raw/deletion files used by `ods_pxf_db_cm_contract_pay_info_fd`. The current issue is not enough to distinguish those two cases. Useful next checks: 1. Please attach the BE log around the failure, including the full Doris error line with `code=FORBIDDEN`, request id, and the object path/key that failed. It is especially important to know whether the failed object is a data file or a Paimon deletion-vector/deletion file. 2. Please run `EXPLAIN VERBOSE` for the failing table with `set force_jni_scanner=false` and include the `paimonNativeReadSplits`, `PaimonSplitStats`, `dataFileNum`, `deleteFileNum`, and `deleteSplitNum` lines. The same output for one working table in the same catalog would make the difference clear. 3. Please provide the catalog properties with secrets masked, but keep endpoint, region, URI/warehouse, storage scheme (`s3://`, `s3a://`, etc.), `use_path_style` / `s3.path-style-access`, session-token usage, and any `paimon.*` or `fs.s3a.*` settings visible. 4. Please provide a minimal failing query, the exact build hash for `doris-4.0.5`, and whether this table has deletes/updates/deletion vectors while the working tables are append-only. Temporary workaround: keep using `set force_jni_scanner=true` for the affected table until the native path can be confirmed and fixed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
