Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature-11652][2022Q4 RoadMap] DS support remote SSH task. #12736

Closed

Conversation

DarkAssassinator
Copy link
Contributor

Purpose of the pull request

Brief change log

1. Add a Task Remote Host Management

  • Add a table named t_ds_task_remote_host in DB
  • Add a Task Remote Host Management page in Security
  • Support use test connet this host (use SSH)
    Image

2. Add a column named remoteHostCode in TaskInstance, TaskDefinition and TaskDefinitionLog entities.
3. Add SSH code for shell task.

  • Use ACP to controll SSH Session. And the pooled object just is session not channel. If DS need channel control in the future, i will add channel pooled object.
  • Limit SFTP upload rate and max file size.
  • Add SFTP monitor process.

Limitations

  • DS SSH do not support CPU/Memory limit on the remote server. Because other non-DS cluster servers may not necessarily deploy this feature.
  • SSH pool just controll session, not channel.
  • Now just support Shell and Python.

Verify this pull request

This pull request is already covered by existing tests

@codecov-commenter
Copy link

codecov-commenter commented Nov 6, 2022

Codecov Report

Merging #12736 (05afebe) into dev (7336afa) will decrease coverage by 0.24%.
The diff coverage is 21.35%.

@@             Coverage Diff              @@
##                dev   #12736      +/-   ##
============================================
- Coverage     39.37%   39.13%   -0.25%     
- Complexity     4271     4305      +34     
============================================
  Files          1067     1079      +12     
  Lines         40118    40661     +543     
  Branches       4603     4666      +63     
============================================
+ Hits          15797    15912     +115     
- Misses        22544    22955     +411     
- Partials       1777     1794      +17     
Impacted Files Coverage Δ
...r/api/constants/ApiFuncIdentificationConstant.java 88.23% <ø> (ø)
...lphinscheduler/common/enums/AuthorizationType.java 0.00% <0.00%> (ø)
...apache/dolphinscheduler/common/utils/NetUtils.java 48.61% <0.00%> (-1.04%) ⬇️
...er/master/builder/TaskExecutionContextBuilder.java 63.79% <0.00%> (-2.28%) ⬇️
...erver/master/runner/StreamTaskExecuteRunnable.java 0.00% <0.00%> (ø)
.../server/master/runner/WorkflowExecuteRunnable.java 8.17% <ø> (ø)
...pache/dolphinscheduler/service/model/TaskNode.java 44.44% <ø> (ø)
...hinscheduler/service/task/TaskInstanceHandler.java 0.00% <0.00%> (ø)
...duler/plugin/task/api/AbstractCommandExecutor.java 0.00% <0.00%> (ø)
...dolphinscheduler/plugin/task/api/ProcessUtils.java 0.00% <0.00%> (ø)
... and 22 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@ResponseStatus(HttpStatus.OK)
@ApiException(VARIFY_TASK_REMOTE_HOST_ERROR)
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public Result verifyTaskRemoteHost(@Parameter(hidden = true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser,

Check notice

Code scanning / CodeQL

Useless parameter

The parameter 'loginUser' is never used.
@ResponseStatus(HttpStatus.OK)
@ApiException(TEST_CONNECT_ERROR)
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public Result testConnect(@Parameter(hidden = true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser,

Check notice

Code scanning / CodeQL

Useless parameter

The parameter 'loginUser' is never used.
Comment on lines +270 to +282
SSHResponse response = execCommand("mkdir -p " + remoteDirPath);
return response.getExitCode() == 0;
}

public void clearPath(String path) {
if (SINGLE_SLASH.equals(path)) {
return;
}
execCommand("rm -rf " + path);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better to use File.delete to perform operations instead of shell commands.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better to use File.delete to perform operations instead of shell commands.

Becuase these codes need to clear the path on the remote SSH server, so use the rm -rf command, not File.delete

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't mark it as resolved if it's not addressed. cc @zhongjiajie @caishunfeng

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't mark it as resolved if it's not addressed. cc @zhongjiajie @caishunfeng

Sorry, sure, and i think that File.delete cannot delete the remote dir and files, so i think that this case has resolved. WDYT.

@SbloodyS SbloodyS added this to the 3.2.0 milestone Nov 7, 2022
@SbloodyS SbloodyS added the feature new feature label Nov 7, 2022
@DarkAssassinator DarkAssassinator force-pushed the dev_yann_feature_add_ssh branch from f1ac7d5 to bf6fbe0 Compare November 7, 2022 11:50
Comment on lines +2017 to +2015
DROP TABLE IF EXISTS `t_ds_task_remote_host`;
CREATE TABLE `t_ds_task_remote_host`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think adding a table for a task type is a good idea, can we ship it to our data source center? I know that we will change its name from datasource center to connection center, which can have various types of connection instead of database only

Copy link
Member

@zhongjiajie zhongjiajie Nov 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a Task Remote Host Management page in Security

If we add it to connection center, we can also migrate it into connection center, which may keep our web UI simple and unify

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a Task Remote Host Management page in Security

If we add it to connection center, we can also migrate it into connection center, which may keep our web UI simple and unify

yes, but the conclusion we discussed bi-week was to temporarily in Security, after Connection center fine, we will migrate it into Connection center

Copy link
Contributor

@caishunfeng caishunfeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

incomplete review

// because JSch .chmod is not stable, so use the 'chmod -R' instead
logger.info("update remote path's permission:{} on session:{} to 755", taskRequest.getExecutePath(),
sessionHost.toString());
String chmodCommand = "chmod -R 755 " + taskRequest.getExecutePath();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why it should chmod 755? I'm not sure whether it will cause some CVE? cc @ruanwenjun

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why it should chmod 755? I'm not sure whether it will cause some CVE? cc @ruanwenjun

because remote server should keep same as DS worker, and just chmod the execute path, if there are any worry, we can change to 600. WDYT

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why it should chmod 755? I'm not sure whether it will cause some CVE? cc @ruanwenjun

because remote server should keep same as DS worker, and just chmod the execute path, if there are any worry, we can change to 600. WDYT

If chmod 600 can work, I think it is better.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why it should chmod 755? I'm not sure whether it will cause some CVE? cc @ruanwenjun

because remote server should keep same as DS worker, and just chmod the execute path, if there are any worry, we can change to 600. WDYT

If chmod 600 can work, I think it is better.

ohh sorry, my mistake, not 600, chmod 700 should be ok

@caishunfeng
Copy link
Contributor

SonarCloud Quality Gate failed.    Quality Gate failed

Bug C 3 Bugs Vulnerability A 0 Vulnerabilities Security Hotspot E 4 Security Hotspots Code Smell A 72 Code Smells

23.6% 23.6% Coverage 0.0% 0.0% Duplication

@DarkAssassinator please check the sonar result and fix it.

@DarkAssassinator
Copy link
Contributor Author

SonarCloud Quality Gate failed.    Quality Gate failed
Bug C 3 Bugs Vulnerability A 0 Vulnerabilities Security Hotspot E 4 Security Hotspots Code Smell A 72 Code Smells
23.6% 23.6% Coverage 0.0% 0.0% Duplication

@DarkAssassinator please check the sonar result and fix it.

Sure, but these 4 Security Hotspots are not really issue, just password word

@caishunfeng caishunfeng added the 3.2.0 for 3.2.0 version label Nov 15, 2022
@github-actions github-actions bot added the e2e e2e test label Nov 15, 2022
@DarkAssassinator
Copy link
Contributor Author

Hi @SbloodyS @caishunfeng, please PTAL again, thx

Copy link
Member

@Radeity Radeity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have one question that in #12552, DS supports to define file parameter. It seems like you don't consider this scenario, output files might be created under remote host's execution directory, however, you only fetch stdout and neglect output files.

@DarkAssassinator
Copy link
Contributor Author

I have one question that in #12552, DS supports to define file parameter. It seems like you don't consider this scenario, output files might be created under remote host's execution directory, however, you only fetch stdout and neglect output files.

this is a new add scenario, i will check it. and please help to review other codes.

@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 4 Security Hotspots
Code Smell A 45 Code Smells

23.5% 23.5% Coverage
0.0% 0.0% Duplication

@github-actions
Copy link

github-actions bot commented Apr 4, 2023

This pull request has been automatically marked as stale because it has not had recent activity for 120 days. It will be closed in 7 days if no further activity occurs.

@github-actions github-actions bot added the Stale label Apr 4, 2023
@SbloodyS SbloodyS removed the Stale label Apr 4, 2023
@github-actions
Copy link

github-actions bot commented Aug 4, 2023

This pull request has been automatically marked as stale because it has not had recent activity for 120 days. It will be closed in 7 days if no further activity occurs.

@github-actions github-actions bot added the Stale label Aug 4, 2023
@kezhenxu94 kezhenxu94 removed their request for review August 6, 2023 07:34
@github-actions
Copy link

This pull request has been closed because it has not had recent activity. You could reopen it if you try to continue your work, and anyone who are interested in it are encouraged to continue work on this pull request.

@github-actions github-actions bot closed this Aug 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.2.0 for 3.2.0 version backend document e2e e2e test feature new feature priority:middle Stale UI ui and front end related
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Feature] DS can support task running on remote host, not just worker server.
7 participants