[
https://issues.apache.org/jira/browse/KNOX-2408?focusedWorklogId=480373&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-480373
]
ASF GitHub Bot logged work on KNOX-2408:
----------------------------------------
Author: ASF GitHub Bot
Created on: 08/Sep/20 19:01
Start Date: 08/Sep/20 19:01
Worklog Time Spent: 10m
Work Description: smolnar82 commented on a change in pull request #371:
URL: https://github.com/apache/knox/pull/371#discussion_r485133225
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultAliasService.java
##########
@@ -194,6 +195,24 @@ public void removeAliasesForCluster(String clusterName,
Set<String> aliases) thr
return getPasswordFromAliasForCluster(NO_CLUSTER_NAME, alias);
}
+ //Overriding the default behavior as we want to avoid loading the keystore
N-times from the file system
+ @Override
Review comment:
I'm going to re-check and change other methods too if needed.
##########
File path:
gateway-spi/src/main/java/org/apache/knox/gateway/services/security/AliasService.java
##########
@@ -54,6 +54,8 @@ void generateAliasForCluster(String clusterName, String alias)
char[] getPasswordFromAliasForGateway(String alias)
throws AliasServiceException;
+ Map<String, char[]> getPasswordAliasMapForGateway() throws
AliasServiceException;
Review comment:
I'll change it.
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -122,6 +129,44 @@ public void start() throws ServiceLifecycleException {
statePersistenceInterval,
TimeUnit.SECONDS);
}
+
+ // Loading ALL entries from __gateway-credentials.jceks could be VERY
time-consuming (it took a bit more than 19 minutes to load 12k aliases
+ // during my tests).
+ // Therefore, it's safer to do it in a background thread than just make
the service start hang until it's finished
+ final ExecutorService gatewayCredentialsLoader =
Executors.newSingleThreadExecutor(new
BasicThreadFactory.Builder().namingPattern("GatewayCredentialsLoader").build());
+ gatewayCredentialsLoader.execute(this::loadGatewayCredentialsOnStartup);
+ }
+
+ private void loadGatewayCredentialsOnStartup() {
+ try {
+ log.loadingGatewayCredentialsOnStartup();
+ final long start = System.currentTimeMillis();
+ final Map<String, char[]> passwordAliasMap =
aliasService.getPasswordAliasMapForGateway();
+ String alias, tokenId;
+ long expiration, maxLifeTime;
+ int count = 0;
+ for (Map.Entry<String, char[]> passwordAliasMapEntry :
passwordAliasMap.entrySet()) {
+ alias = passwordAliasMapEntry.getKey();
+ if (alias.endsWith(TOKEN_MAX_LIFETIME_POSTFIX)) {
Review comment:
Sure; I'll add documentation.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 480373)
Time Spent: 50m (was: 40m)
> Improve AliasBasedTokenState service performance
> ------------------------------------------------
>
> Key: KNOX-2408
> URL: https://issues.apache.org/jira/browse/KNOX-2408
> Project: Apache Knox
> Issue Type: Task
> Components: Server
> Affects Versions: 1.4.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.5.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> While working on KNOX-2402 there were some performance issues related to
> {{AliasBasedTokenStateService}} which the new tool revealed during the test
> phase:
> {{AliasBasedTokenStateService}}:
> - {{updateExpiration()}} goes directly to alias service rather than updating
> it locally and let the background thread does its job
> - {{getTokens}} goes directly to alias service
> {{DefaultTokenStateService}}:
> - we should start using {{ConcurrentHashMap}} instead of {{HashMap}} for
> {{tokenExpirations}} and {{maxTokenLifetimes}} -> many of the synchronization
> blocks could be get rid of (CHM gives better performance anyway)
> - review {{getTokens()}} usage
> - eviction: needs to consider the case when Gateway was restarted -> nothing
> found in memory -> eviction is extremely slow
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
