-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create users on Linux system using tenant_id to solve user confusion caused by k8s environment service restart or physical machine environment service migration #16000
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use English in title and link this PR to your issue. @wjmmjr
-1 to this PR, you need to create DSIP first, I am not clear why this will cause |
When deploying worker services using k8s, the user information in the container will be cleared after restarting the worker service, and the newly created users will not correspond to the users in the metadata table. Migrating services to new physical machines may also cause this issue. You can use native code for testing |
The main change in this pr is set the uid, please describe why the uid will affect this. We didn't meet this problem before. |
DS tenants map linux user names, not uids, which I understand won't have any conflicts. |
+1, the uid is transparent to ds. |
When deploying the dolphinscheduler worker service in a k8s environment and mounting PVC, all files in the PVC have corresponding users. When the dolphinscheduler worker service restarts, the users in the container are cleared, and the users are recreated in order of connecting to the dolphinscheduler worker. At this time, the username and userid are not consistent with the situation before restarting. Due to the username and userid matching in the PVC file, the user corresponding to the PVC file is incorrect after restarting the container |
The code I modified is tenant id, which corresponds to the UID of Linux |
AS wenjun said
You can specify mounting permissions for the pvc file to ensure that the permissions for the content mounted to different containers are consistent. |
Purpose of the pull request
This pull request aims to address the issue of user confusion caused by k8s environment service restart or physical machine environment service migration
Brief change log
Add tenantId to ProcessInstance.java and TaskExecutionContext.java
Add method "createUser(int userId, String userName)" and "createUserIfAbsent(int userId, String userName)" and "createLinuxUser(int userId, String userName, String userGroup)" to OSUtils.java
Modify method createTenant of TenantServiceImpl.java
Modify method handleCommand of ProcessServiceImpl.java,add code "processInstance.setTenantId"
Modify method buildProcessInstanceRelatedInfo of TaskExecutionContextBuilder.java,add code "taskExecutionContext.setTenantId"
Modify method getOrCreateTenant of TaskExecutionContextUtils.java, add user by tenantId
Verify this pull request
This pull request is code cleanup without any test coverage.