[jira] [Commented] (HADOOP-13817) Add a finite shell command timeout to ShellBasedUnixGroupsMapping

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-13817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15672262#comment-15672262
 ] 

ASF GitHub Bot commented on HADOOP-13817:
-----------------------------------------

Github user QwertyManiac commented on a diff in the pull request:

    https://github.com/apache/hadoop/pull/161#discussion_r88366026
  
    --- Diff: 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
 ---
    @@ -517,15 +517,15 @@
        * <a 
href="{@docRoot}/../hadoop-project-dist/hadoop-common/core-default.xml">
        * core-default.xml</a>
        */
    -  public static final String HADOOP_SECURITY_GROUP_SHELL_COMMAND_TIMEOUT =
    -      "hadoop.security.groups.shell.groups.command.timeout";
    +  public static final String 
HADOOP_SECURITY_GROUP_SHELL_COMMAND_TIMEOUT_SECS =
    +      "hadoop.security.groups.shell.command.timeout.secs";
    --- End diff --
    
    I'd just felt it would be clearer to have '.secs' in it indicating the 
minimum unit type despite the parser. I've removed that in the latest commit 
and added some examples into its doc-text in the xml.


> Add a finite shell command timeout to ShellBasedUnixGroupsMapping
> -----------------------------------------------------------------
>
>                 Key: HADOOP-13817
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13817
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Harsh J
>            Assignee: Harsh J
>            Priority: Minor
>
> The ShellBasedUnixGroupsMapping run various {{id}} commands via the 
> ShellCommandExecutor modules without a timeout set (its set to 0, which 
> implies infinite).
> If this command hangs for a long time on the OS end due to an unresponsive 
> groups backend or other reasons, it also blocks the handlers that use it on 
> the NameNode (or other services that use this class). That inadvertently 
> causes odd timeout troubles on the client end where its forced to retry (only 
> to likely run into such hangs again with every attempt until at least one 
> command returns).
> It would be helpful to have a finite command timeout after which we may give 
> up on the command and return the result equivalent of no groups found.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org