[GitHub] [nifi] simonbence commented on a change in pull request #5059: NIFI-8519 Adding HDFS support for NAR autoload

[GitBox]

simonbence commented on a change in pull request #5059:
URL: https://github.com/apache/nifi/pull/5059#discussion_r632373207



##########
File path: 
nifi-nar-bundles/nifi-hadoop-bundle/nifi-hdfs-processors/src/main/java/org/apache/nifi/nar/hadoop/HDFSNarProvider.java
##########
@@ -0,0 +1,231 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.nar.hadoop;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FSDataInputStream;
+import org.apache.hadoop.fs.FileStatus;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.nifi.hadoop.SecurityUtil;
+import org.apache.nifi.nar.NarProvider;
+import org.apache.nifi.nar.NarProviderInitializationContext;
+import org.apache.nifi.nar.hadoop.util.ExtensionFilter;
+import org.apache.nifi.processors.hadoop.ExtendedConfiguration;
+import org.apache.nifi.processors.hadoop.HdfsResources;
+import org.apache.nifi.security.krb.KerberosKeytabUser;
+import org.apache.nifi.security.krb.KerberosPasswordUser;
+import org.apache.nifi.security.krb.KerberosUser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.SocketFactory;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.URI;
+import java.security.PrivilegedExceptionAction;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+public class HDFSNarProvider implements NarProvider {
+    private static final Logger LOGGER = 
LoggerFactory.getLogger(HDFSNarProvider.class);
+
+    private static final String RESOURCES_PARAMETER = "resources";
+    private static final String SOURCE_DIRECTORY_PARAMETER = 
"source.directory";
+    private static final String KERBEROS_PRINCIPAL_PARAMETER = 
"kerberos.principal";
+    private static final String KERBEROS_KEYTAB_PARAMETER = "kerberos.keytab";
+    private static final String KERBEROS_PASSWORD_PARAMETER = 
"kerberos.password";
+
+    private static final String NAR_EXTENSION = "nar";
+    private static final String DELIMITER = "/";
+    private static final int BUFFER_SIZE_DEFAULT = 4096;
+    private static final Object RESOURCES_LOCK = new Object();
+
+    private volatile List<String> resources = null;
+    private volatile Path sourceDirectory = null;
+
+    private volatile NarProviderInitializationContext context;
+
+    private volatile boolean initialized = false;
+
+    public void initialize(final NarProviderInitializationContext context) {
+        resources = 
Arrays.stream(Objects.requireNonNull(context.getParameters().get(RESOURCES_PARAMETER)).split(",")).map(s
 -> s.trim()).collect(Collectors.toList());
+
+        if (resources.isEmpty()) {
+            throw new IllegalArgumentException("At least one HDFS 
configuration resource is necessary");
+        }
+
+        this.sourceDirectory = new 
Path(Objects.requireNonNull(context.getParameters().get(SOURCE_DIRECTORY_PARAMETER)));
+        this.context = context;
+        this.initialized = true;
+    }
+
+    @Override
+    public Collection<String> listNars() throws IOException {
+        if (!initialized) {
+            LOGGER.error("Provider is not initialized");
+        }
+
+        final HdfsResources hdfsResources = getHdfsResources();
+        final FileStatus[] fileStatuses = 
hdfsResources.getFileSystem().listStatus(sourceDirectory, new 
ExtensionFilter(NAR_EXTENSION));
+
+        final List<String> result = Arrays.stream(fileStatuses)
+            .filter(fileStatus -> fileStatus.isFile())
+            .map(fileStatus -> fileStatus.getPath().getName())
+            .collect(Collectors.toList());
+
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug("The following nars were found: " + String.join(", ", 
result));
+        }
+
+        return result;
+    }
+
+    @Override
+    public InputStream fetchNarContents(final String location) throws 
IOException {
+        if (!initialized) {
+            LOGGER.error("Provider is not initialized");
+        }
+
+
+        final Path path = getNarLocation(location);
+        final HdfsResources hdfsResources = getHdfsResources();
+
+        if (!hdfsResources.getFileSystem().exists(path)) {
+            throw new IOException("Provider cannot find " + location);
+        }
+
+        try {
+            return hdfsResources.getUserGroupInformation()
+                .doAs((PrivilegedExceptionAction<FSDataInputStream>) () -> 
hdfsResources.getFileSystem().open(path, BUFFER_SIZE_DEFAULT));
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+            LOGGER.error("Error during acquiring file", e);
+            throw new RuntimeException();
+        }
+    }
+
+    private Path getNarLocation(final String location) {
+        String result = sourceDirectory.toString();
+
+        if (!result.endsWith(DELIMITER)) {
+            result += DELIMITER;
+        }
+
+        return new Path(result + location);
+    }
+
+    private HdfsResources getHdfsResources() throws IOException {
+        final Configuration config = new ExtendedConfiguration(LOGGER);
+        config.setClassLoader(this.getClass().getClassLoader());
+
+        for (final String resource : resources) {
+            config.addResource(new Path(resource));
+        }
+
+        // first check for timeout on HDFS connection, because FileSystem has 
a hard coded 15 minute timeout
+        checkHdfsUriForTimeout(config);
+
+        // disable caching of Configuration and FileSystem objects, else we 
cannot reconfigure the processor without a complete restart
+        final String disableCacheName = 
String.format("fs.%s.impl.disable.cache", 
FileSystem.getDefaultUri(config).getScheme());
+        config.set(disableCacheName, "true");
+
+        // If kerberos is enabled, create the file system as the kerberos 
principal
+        // -- use RESOURCE_LOCK to guarantee UserGroupInformation is accessed 
by only a single thread at at time
+        FileSystem fs;
+        UserGroupInformation ugi;
+        KerberosUser kerberosUser;
+
+        synchronized (RESOURCES_LOCK) {
+            if (SecurityUtil.isSecurityEnabled(config)) {
+                final String principal = 
context.getParameters().get(KERBEROS_PRINCIPAL_PARAMETER);
+                final String keyTab = 
context.getParameters().get(KERBEROS_KEYTAB_PARAMETER);
+                final String password = 
context.getParameters().get(KERBEROS_PASSWORD_PARAMETER);
+
+                if (keyTab != null) {
+                    kerberosUser = new KerberosKeytabUser(principal, keyTab);
+                } else if (password != null) {
+                    kerberosUser = new KerberosPasswordUser(principal, 
password);
+                } else {
+                    throw new IOException("Unable to authenticate with 
Kerberos, no keytab or password was provided");
+                }
+
+                ugi = SecurityUtil.getUgiForKerberosUser(config, kerberosUser);
+            } else {
+                config.set("ipc.client.fallback-to-simple-auth-allowed", 
"true");
+                config.set("hadoop.security.authentication", "simple");
+                ugi = SecurityUtil.loginSimple(config);
+                kerberosUser = null;
+            }
+
+            fs = getFileSystemAsUser(config, ugi);
+        }
+        LOGGER.debug("resetHDFSResources UGI [{}], KerberosUser [{}]", new 
Object[]{ugi, kerberosUser});
+
+        final Path workingDir = fs.getWorkingDirectory();
+        LOGGER.debug("Initialized a new HDFS File System with working dir: {} 
default block size: {} default replication: {} config: {}",
+                new Object[]{workingDir, fs.getDefaultBlockSize(workingDir), 
fs.getDefaultReplication(workingDir), config.toString()});
+
+        if (!fs.exists(sourceDirectory)) {
+            throw new IllegalArgumentException("Source directory is not 
existing");
+        }
+
+        return new HdfsResources(config, fs, ugi, kerberosUser);
+    }
+
+    private void checkHdfsUriForTimeout(final Configuration config) throws 
IOException {
+        final URI hdfsUri = FileSystem.getDefaultUri(config);
+        final String address = hdfsUri.getAuthority();
+        final int port = hdfsUri.getPort();
+
+        if (address == null || address.isEmpty() || port < 0) {
+            return;
+        }
+
+        final InetSocketAddress namenode = NetUtils.createSocketAddr(address, 
port);
+        final SocketFactory socketFactory = 
NetUtils.getDefaultSocketFactory(config);
+        Socket socket = null;
+
+        try {

Review comment:
       As I see, because of the `"closeQuietly"` call in the `finally` block, 
it will not work. (The code is from `AbstractHadoopProcessor`)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org