simbadzina commented on code in PR #5897:
URL: https://github.com/apache/hadoop/pull/5897#discussion_r1277987367
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/SQLDelegationTokenSecretManager.java:
##########
@@ -46,6 +50,9 @@ public abstract class
SQLDelegationTokenSecretManager<TokenIdent
private static final String SQL_DTSM_TOKEN_SEQNUM_BATCH_SIZE =
SQL_DTSM_CONF_PREFIX
+ "token.seqnum.batch.size";
public static final int DEFAULT_SEQ_NUM_BATCH_SIZE = 10;
+ public static final String SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION_MS =
SQL_DTSM_CONF_PREFIX
+ + "token.loading.cache.expiration.ms";
+ public static final int SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION_DEFAULT_MS =
10000;
Review Comment:
Can you comment on how `SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION_DEFAULT_MS`
interacts with `DelegationTokenManager.REMOVAL_SCAN_INTERVAL_DEFAULT`.
When the only concern is not removing renewed token, then then loading cache
expiry doesn't have to be as aggressive. 10 seconds, vs. expired tokens being
checked every hour.
For token cancellations though, I can see the need for a more aggressive
expiry though 10 seconds may lead to too much load on the databases.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
