Doris hdfs load报错detailMessage = java.lang.IllegalArgumentException: Null name not allowed
以下是针对 Doris 使用 Broker Load 导入数据时遇到 Null name not allowed 错误的详细分析与解决方案:
注意:doris1.X 版本的hdfs配置参数跟 2.X 以上的版本不一样了,详见二.4AuthenticationConfig
一、完整日志
2025-03-19 18:31:12,730 WARN (pending-load-task-scheduler-pool-5|23215) [BrokerUtil.parseFile():96] HDFS list path exception, path=hdfs://ns01/1.log
org.apache.doris.common.UserException: errCode = 2, detailMessage = errors while get file status errCode = 2, detailMessage = java.lang.IllegalArgumentException: Null name not allowed
at org.apache.doris.common.util.BrokerUtil.parseFile(BrokerUtil.java:93) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.load.loadv2.BrokerLoadPendingTask.getAllFileStatus(BrokerLoadPendingTask.java:98) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.load.loadv2.BrokerLoadPendingTask.executeTask(BrokerLoadPendingTask.java:60) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.load.loadv2.LoadTask.exec(LoadTask.java:86) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.task.MasterTask.run(MasterTask.java:31) ~[doris-fe.jar:1.2-SNAPSHOT]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[?:1.8.0_352]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_352]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_352]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_352]
at java.lang.Thread.run(Thread.java:750) ~[?:1.8.0_352]
二、源码下钻分析
1. BrokerUtil.parseFile
public static void parseFile(String path, BrokerDesc brokerDesc, List<TBrokerFileStatus> fileStatuses)
throws UserException {
List<RemoteFile> rfiles = new ArrayList<>();
try {
# 👇👇👇👇👇👇👇👇👇👇brokerDesc中获取hadoop配置,调用链:
# ->org.apache.doris.load.loadv2.BrokerLoadPendingTask#getAllFileStatus
# ->org.apache.doris.load.loadv2.BrokerLoadPendingTask#BrokerLoadPendingTask
# ->org.apache.doris.load.loadv2.BrokerLoadJob#unprotectedExecuteJob
# ->org.apache.doris.analysis.LoadStmt#getBrokerDesc
# ->org.apache.doris.analysis.LoadStmt.LoadStmt
# ->org.apache.doris.qe.MultiLoadMgr.MultiLoadDesc#toLoadStmt
# ->org.apache.doris.load.loadv2.LoadManager.createLoadJobFromStmt
# ->stmtExecutor = new StmtExecutor(ctx, new LogicalPlanAdapter(command, ctx.getStatementContext()));
RemoteFileSystem fileSystem = FileSystemFactory.get(
brokerDesc.getName(), brokerDesc.getStorageType(), brokerDesc.getProperties());
# 👇👇👇👇👇👇👇👇👇👇 方法调用 👇👇👇👇👇👇👇👇👇👇
Status st = fileSystem.globList(path, rfiles, false);
if (!st.ok()) {
# 👇👇👇👇👇👇👇👇👇👇 异常抛出点 👇👇👇👇👇👇👇👇👇👇
throw new UserException(st.getErrMsg());
}
} catch (Exception e) {
LOG.warn("{} list path exception, path={}", brokerDesc.getName(), path, e);
throw new UserException(brokerDesc.getName() + " list path exception. path="
+ path + ", err: " + e.getMessage());
}
for (RemoteFile r : rfiles) {
if (r.isFile()) {
TBrokerFileStatus status = new TBrokerFileStatus(r.getName(), !r.isFile(), r.getSize(), r.isFile());
status.setBlockSize(r.getBlockSize());
status.setModificationTime(r.getModificationTime());
fileStatuses.add(status);
}
}
}
2. DFSFileSystem.globList
public Status globList(String remotePath, List<RemoteFile> result, boolean fileNameOnly) {
try {
URI pathUri = URI.create(remotePath);
# 👇👇👇👇👇👇👇👇👇👇 方法调用 👇👇👇👇👇👇👇👇👇👇
FileSystem fileSystem = nativeFileSystem(remotePath);
Path pathPattern = new Path(pathUri.getPath());
FileStatus[] files = authenticator.doAs(() -> fileSystem.globStatus(pathPattern));
if (files == null) {
LOG.info("no files in path " + remotePath);
return Status.OK;
}
for (FileStatus fileStatus : files) {
RemoteFile remoteFile = new RemoteFile(
fileNameOnly ? fileStatus.getPath().getName() : fileStatus.getPath().toString(),
!fileStatus.isDirectory(), fileStatus.isDirectory() ? -1 : fileStatus.getLen(),
fileStatus.getBlockSize(), fileStatus.getModificationTime());
result.add(remoteFile);
}
} catch (FileNotFoundException e) {
LOG.info("file not found: " + e.getMessage());
return new Status(Status.ErrCode.NOT_FOUND, "file not found: " + e.getMessage());
} catch (Exception e) {
LOG.warn("errors while get file status ", e);
# 👇👇👇👇👇👇👇👇👇👇 异常抛出点 👇👇👇👇👇👇👇👇👇👇
return new Status(Status.ErrCode.COMMON_ERROR, "errors while get file status " + e.getMessage());
}
LOG.info("finish list path {}", remotePath);
return Status.OK;
}
3. DFSFileSystem.nativeFileSystem
public FileSystem nativeFileSystem(String remotePath) throws UserException {
if (closed.get()) {
throw new UserException("FileSystem is closed.");
}
if (dfsFileSystem == null) {
synchronized (this) {
if (closed.get()) {
throw new UserException("FileSystem is closed.");
}
if (dfsFileSystem == null) {
Configuration conf = getHdfsConf(ifNotSetFallbackToSimpleAuth());
# 👇👇👇👇👇👇👇👇👇👇 从properties对象中获取hadoop的kerberos等配置,如果取不到或取错某一个,比如keytab、Principal,就会报错 👇👇👇👇👇👇👇👇👇👇
for (Map.Entry<String, String> propEntry : properties.entrySet()) {
conf.set(propEntry.getKey(), propEntry.getValue());
}
AuthenticationConfig authConfig = AuthenticationConfig.getKerberosConfig(conf);
authenticator = HadoopAuthenticator.getHadoopAuthenticator(authConfig);
try {
dfsFileSystem = authenticator.doAs(() -> {
try {
return FileSystem.get(new Path(remotePath).toUri(), conf);
} catch (IOException e) {
# 👇👇👇👇👇👇👇👇👇👇 异常抛出点 👇👇👇👇👇👇👇👇👇👇
throw new RuntimeException(e);
}
});
operations = new HDFSFileOperations(dfsFileSystem);
RemoteFSPhantomManager.registerPhantomReference(this);
} catch (Exception e) {
throw new UserException("Failed to get dfs FileSystem for " + e.getMessage(), e);
}
}
}
}
return dfsFileSystem;
}
4. AuthenticationConfig
public abstract class AuthenticationConfig {
private static final Logger LOG = LogManager.getLogger(AuthenticationConfig.class);
public static String HADOOP_USER_NAME = "hadoop.username";
public static String HADOOP_KERBEROS_PRINCIPAL = "hadoop.kerberos.principal";
public static String HADOOP_KERBEROS_KEYTAB = "hadoop.kerberos.keytab";
public static String HIVE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal";
public static String HIVE_KERBEROS_KEYTAB = "hive.metastore.kerberos.keytab.file";
public static String DORIS_KRB5_DEBUG = "doris.krb5.debug";
}
三、错误原因分析
根据错误信息 java.lang.IllegalArgumentException: Null name not allowed ,核心问题集中在 Kerberos 认证配置和 Hadoop 安全规则映射上。具体原因包括:
1. Kerberos Principal 映射失败
Hadoop 的 hadoop.security.auth_to.local 规则(定义在 core-site.xml 中)无法正确将 Kerberos Principal(如 user01@BIGDATA.COM)映射为本地操作系统用户,导致解析结果为 null 。
-
示例配置缺失:
若缺少此规则,Principal 无法转换为<property> <name>hadoop.security.auth_to.local</name> <value>RULE:[1:$1@$0](.*@BIGDATA.COM)s/@.*//</value> </property>user01用户,触发空值异常。
2. Keytab 文件或 Principal 不匹配
- Keytab 文件
/etc/security/keytabs/user01.keytab中未包含对应的 Principaluser01@BIGDATA.COM,或文件权限不足导致 Broker 进程无法读取 。 - 验证命令:
klist -kt /etc/security/keytabs/user01.keytab # 检查 Keytab 中的 Principal 列表
3. Kerberos 配置文件错误
-
krb5.conf中未定义BIGDATA.COMRealm 的 KDC 服务器地址,或 DNS 解析失败导致无法识别 Realm 。 - 关键配置示例:
[realms] BIGDATA.COM = { kdc = kdc-server.BIGDATA.COM admin_server = admin-server.BIGDATA.COM }
四、解决方案
1. 修正 Hadoop 用户映射规则
在 core-site.xml 中添加或修改 auth_to.local 规则,确保 Kerberos Principal 能映射到有效本地用户:
<property>
<name>hadoop.security.auth_to.local</name>
<value>
RULE:[1:$1@$0](^.*@BIGDATA.COM$)s/@BIGDATA.COM$//
DEFAULT
</value>
</property>
验证方法:
重启 Broker 后,检查 Hadoop 日志中用户解析是否成功,例如:
INFO security.KerberosName: Mapping user01@BIGDATA.COM to user01
2. 检查 Keytab 文件和权限
-
Keytab 内容验证:
klist -kt /etc/security/keytabs/user01.keytab # 确认输出包含 user01@BIGDATA.COM -
文件权限调整:
chmod 400 /etc/security/keytabs/user01.keytab # 仅允许 Broker 进程用户读取
3. 更新 Kerberos 配置
- 在
krb5.conf中明确定义 Realm 和 KDC 服务器地址(参考上文示例)。 - 同步配置文件到所有 Broker、FE、BE 节点,并重启 Doris 服务。
4. 排查 JCE 策略限制
若使用 Oracle JDK 且 Kerberos 启用 AES-256 加密,需安装 JCE 无限强度策略文件 :
- 下载对应 JDK 版本的 JCE 包(如 JDK 8 对应
jce_policy-8.zip)。 - 解压文件到
$JAVA_HOME/jre/lib/security/。 - 重启 Broker 和 BE 进程。
五、验证步骤
-
本地 Kerberos 票据测试:
kinit -kt /etc/security/keytabs/user01.keytab user01@BIGDATA.COM hadoop fs -ls hdfs://ns01/ # 验证 HDFS 访问权限 -
Doris Broker Load 重试:
LOAD LABEL test_db.label1 ( DATA INFILE("hdfs://ns01/ranger/audit/path") INTO TABLE target_table ) WITH BROKER "broker1" ( "kerberos_principal" = "user01@BIGDATA.COM", "kerberos_keytab" = "/etc/security/keytabs/user01.keytab" );
六、关联问题扩展
若仍遇到类似错误,需排查以下方向:
- 时间同步:确保所有节点时间与 KDC 服务器同步(误差不超过 5 分钟)。
-
Hadoop RPC 保护模式:检查
hadoop.rpc.protection配置是否一致(如privacyvsintegrity)。 -
Broker 日志分析:查看
broker.log中完整的 Kerberos 握手过程,定位具体失败阶段。
通过上述步骤,可系统性解决因 Principal 解析失败导致的空值异常。如需进一步协助,请提供完整的 Broker 日志和 Kerberos 调试输出(通过 export KRB5_TRACE=/tmp/krb5.log 生成)。
上一篇: 几秒钟就充满电!科学
下一篇: 暂无数据