[jira] [Commented] (HADOOP-9747) Reduce unnecessary UGI synchronization

Thu, 07 Dec 2017 13:34:50 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16282532#comment-16282532
 ] 

Daryn Sharp commented on HADOOP-9747:
-------------------------------------

Working on this today.  A few quick points:

bq. System.setProperty(KRB5CCNAME) is not being set, previously this is being 
set in the case of IBM_JAVA
Intentional.  If a specific ticket cache is defined, it must be used.  It's 
wrong set a property for one of the locations to look and then specify default 
cache which means it might find a ticket cache _somewhere other than 
specifically defined_.  Not to mention a system property has the same 
thread-safety issues as the statics I removed.

bq. getLoginUser is no longer Synchronized. 
That's definitely the intent.  I think it's fine, will re-verify correctness.

bq. Can we get away by saying that it’s user’s responsibility to renew external 
subjects?
That external subject behavior is/was completely broken and just an attempt to 
workaround a subject containing a keytab that wasn't in sync with the (now 
removed) class static.  I think I'm going to no-op relogin from keytab anyway 
since java caches and re-reads keytab contents as necessary.  We've dropped new 
keytabs with updated kvnos and java picked them up but I'll reverify.

bq. In unprotectedLoginUserFromSubject we should change the local variable name 
instead of overloading loginUser, only for better readability.

Sure.  Was only trying to minimize patch size.

> Reduce unnecessary UGI synchronization
> --------------------------------------
>
>                 Key: HADOOP-9747
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9747
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0-alpha1
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Critical
>         Attachments: HADOOP-9747-trunk.01.patch, 
> HADOOP-9747.2.branch-2.patch, HADOOP-9747.2.trunk.patch, 
> HADOOP-9747.branch-2.patch, HADOOP-9747.trunk.patch
>
>
> Jstacks of heavily loaded NNs show up to dozens of threads blocking in the 
> UGI.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to