[
https://issues.apache.org/jira/browse/HADOOP-18245?focusedWorklogId=772573&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-772573
]
ASF GitHub Bot logged work on HADOOP-18245:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 19/May/22 19:03
Start Date: 19/May/22 19:03
Worklog Time Spent: 10m
Work Description: jojochuang commented on code in PR #4329:
URL: https://github.com/apache/hadoop/pull/4329#discussion_r877430599
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider.java:
##########
@@ -182,10 +184,10 @@ private <T> T doOp(ProviderCallable<T> op, int currPos,
} catch (IOException ioe) {
LOG.warn("KMS provider at [{}] threw an IOException: ",
provider.getKMSUrl(), ioe);
- // SSLHandshakeException can occur here because of lost connection
+ // SSLException can occur here because of lost connection
// with the KMS server, creating a ConnectException from it,
// so that the FailoverOnNetworkExceptionRetry policy will retry
- if (ioe instanceof SSLHandshakeException) {
+ if (ioe instanceof SSLException || ioe instanceof SocketException) {
Review Comment:
Based on the openjdk source code SocketException may be thrown too:
https://github.com/keerath/openjdk-8-source/blob/5f6e9d42a9f6b6736100c9c6f43f5f5ea1570cfb/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java#L1488
Issue Time Tracking
-------------------
Worklog Id: (was: 772573)
Time Spent: 0.5h (was: 20m)
> Extend KMS related exceptions that get mapped to ConnectException
> ------------------------------------------------------------------
>
> Key: HADOOP-18245
> URL: https://issues.apache.org/jira/browse/HADOOP-18245
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Reporter: Ritesh H Shukla
> Assignee: Ritesh H Shukla
> Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Based on production workload, we found that it is not enough to map just
> SSLHandshakeException to ConnectException in Loadbalancing KMS Client but
> that needs to be extended to SSLExceptions and SocketExceptions.
> Sample JDK code that can raise these exceptions:
> https://github.com/openjdk/jdk/blob/jdk-18%2B32/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java#L1409-L1428
> Sample Exception backtrace:
> 22/04/13 16:25:53 WARN kms.LoadBalancingKMSClientProvider: KMS provider at
> [https://bdgtr041x10h5.nam.nsroot.net:16001/kms/v1/] threw an IOException:
> javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
> at sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1470)
> at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1298)
> at
> sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1199)
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:587)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDe
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
> at
> sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:480)
> at
> sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:469)
> ... 59 more
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
