[
https://issues.apache.org/jira/browse/HADOOP-9747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp updated HADOOP-9747:
--------------------------------
Attachment: HADOOP-9747.trunk.patch
This patch incorporates all the open subtasks. Branch-2 patch forthcoming
after conflicts resolved.
Major highlights:
# Frivolous synchronization in common code paths is eliminated.
# Login/logout/relogin synchronizes on the subject's private credentials to
ensure atomic update relative to each other and SASL authentication.
# Supports concurrent UGI instantiation - ctor does not access priv creds that
require locking and mutate during relogin.
# A login context wrapper "remembers" the login configuration so the class
statics for principal and keytab can be eliminated.
# Is keytab/ticket is based on the login config, not the current state of the
priv creds.
#* prevents race during relogin where new instances might think the ugi is not
a keytab when logout has occurred and relogin underway.
#* ugis created for keytab users after a relogin failure now remember they are
keytab based.
# Creating ugi from a subject will learn the principal and possibly keytab
#* no more "external" ugi hack
#* subject based-ugis will relogin, ie. after ipc errors
Basic design is:
* HadoopLoginContext wraps a "real" LoginContext and remembers the
javax-derived HadoopConfiguration which is normally not accessible.
* HadoopConfiguration is based on LoginParams which track parameters for login
and relogin.
* LoginParams for pre-existing subjects are learned prior to login and reused
for subsequent relogins.
* LoginParams for new subjects are updated post-login.
> Reduce unnecessary UGI synchronization
> --------------------------------------
>
> Key: HADOOP-9747
> URL: https://issues.apache.org/jira/browse/HADOOP-9747
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0-alpha1
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Critical
> Attachments: HADOOP-9747.trunk.patch
>
>
> Jstacks of heavily loaded NNs show up to dozens of threads blocking in the
> UGI.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
