[
https://issues.apache.org/jira/browse/HADOOP-10755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14068985#comment-14068985
]
Andrew Wang commented on HADOOP-10755:
--------------------------------------
Good idea with the Timer. Few comments, otherwise +1 though:
* Could we make Timer into an interface, and have nested classes DefaultTimer
and FakeTimer? These are all tiny, so can just keep them in the same file.
* We can just make Time InterfaceAudience.Private. I think saying
LimitedPrivate HDFS and MapReduce is the same as Private, so doesn't make much
sense.
* Timer class javadoc, typo "override" to "overridden"
* FakeTimer, would say that it's for test purposes rather than "as dependency
injections" (not grammatical)
* In the new test, let's fill in the {{fail()}} and empty catches with messages
and asserts. Take a look at GenericTestUtils.assertExceptionContains.
* HADOOP_SECURITY_GROUPS_NEGTIVE_CACHE_SECS_DEFAULT has a typo, NEGTIVE
> Support negative caching of user-group mapping
> ----------------------------------------------
>
> Key: HADOOP-10755
> URL: https://issues.apache.org/jira/browse/HADOOP-10755
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.2.0
> Reporter: Andrew Wang
> Assignee: Lei (Eddy) Xu
> Attachments: HADOOP-10755.000.patch, HADOOP-10755.001.patch,
> HADOOP-10755.002.patch, HADOOP-10755.003.patch, HDFS-5369.000.patch
>
>
> We've seen a situation at a couple of our customers where interactions from
> an unknown user leads to a high-rate of group mapping calls. In one case,
> this was happening at a rate of 450 calls per second with the shell-based
> group mapping, enough to severely impact overall namenode performance and
> also leading to large amounts of log spam (prints a stack trace each time).
> Let's consider negative caching of group mapping, as well as quashing the
> rate of this log message.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
