[jira] [Commented] (HADOOP-13817) Add a finite shell command timeout to ShellBasedUnixGroupsMapping

Tue, 15 Nov 2016 10:37:18 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15667901#comment-15667901
 ] 

ASF GitHub Bot commented on HADOOP-13817:
-----------------------------------------

Github user xiaoyuyao commented on a diff in the pull request:

    https://github.com/apache/hadoop/pull/161#discussion_r88082752
  
    --- Diff: 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
 ---
    @@ -517,15 +517,15 @@
        * <a 
href="{@docRoot}/../hadoop-project-dist/hadoop-common/core-default.xml">
        * core-default.xml</a>
        */
    -  public static final String HADOOP_SECURITY_GROUP_SHELL_COMMAND_TIMEOUT =
    -      "hadoop.security.groups.shell.groups.command.timeout";
    +  public static final String 
HADOOP_SECURITY_GROUP_SHELL_COMMAND_TIMEOUT_SECS =
    +      "hadoop.security.groups.shell.command.timeout.secs";
    --- End diff --
    
    I think we should keep 
"hadoop.security.groups.shell.groups.command.timeout". Sorry I was not clear 
about this when suggesting Configuration#getTimeDuration. It allows admin to 
specify the time values with suffix like 10s, 1m, 2h. So the ."secs" won't be 
needed here.


> Add a finite shell command timeout to ShellBasedUnixGroupsMapping
> -----------------------------------------------------------------
>
>                 Key: HADOOP-13817
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13817
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Harsh J
>            Assignee: Harsh J
>            Priority: Minor
>
> The ShellBasedUnixGroupsMapping run various {{id}} commands via the 
> ShellCommandExecutor modules without a timeout set (its set to 0, which 
> implies infinite).
> If this command hangs for a long time on the OS end due to an unresponsive 
> groups backend or other reasons, it also blocks the handlers that use it on 
> the NameNode (or other services that use this class). That inadvertently 
> causes odd timeout troubles on the client end where its forced to retry (only 
> to likely run into such hangs again with every attempt until at least one 
> command returns).
> It would be helpful to have a finite command timeout after which we may give 
> up on the command and return the result equivalent of no groups found.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to