----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74398/#review225442 -----------------------------------------------------------
embeddedwebserver/scripts/ranger-admin-services.sh Line 57 (original), 57 (patched) <https://reviews.apache.org/r/74398/#comment314045> java.security.egd seems unrelated to the DNS issue addressed in this patch. Is this necessary here? Also, is this issue specific to OCI? Is there additional overhead in not caching positive name resoluions? - Madhan Neethiraj On April 15, 2023, 2:57 p.m., Ramachandran Krishnan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74398/ > ----------------------------------------------------------- > > (Updated April 15, 2023, 2:57 p.m.) > > > Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, > Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy. > > > Bugs: RANGER-4190 > https://issues.apache.org/jira/browse/RANGER-4190 > > > Repository: ranger > > > Description > ------- > > It seems the Ranger instance is not able to connect Oracle ATP. This issue > could be the loss of network connectivity to the load balancer which will > connect to oracle ATP. > java.sql.SQLRecoverableException: I/O Exception: Connection reset > > Internal Exception: java.sql.SQLRecoverableException: No more data to read > from socket > Error Code: 17410 > This issue could happen due to the loss of connectivity to the oracle ATP > network load balancer. > ADB network properties - > https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/connect-prepare-jdbc-thin.html#GUID-0A619DFE-5F5F-4302-BF43-B08AEDA05A6C > > https://docs.oracle.com/en/database/oracle/oracle-database/12.2/rilin/load-balancing-of-connections-to-oracle-rac-databases.html#GUID-06B4373D-1217-44E4-BD86-DE353DA657F6 > part of the Ranger start we need to add the below JVM parameters to disable > the network cache by lowering its TTL to > 0;-Djava.security.egd=file:///dev/urandom -Dnetworkaddress.cache.ttl=0 > -Dnetworkaddress.cache.negative.ttl=0 > > > > By default, the OpenJDK 8 InetAddress will cache failed DNS queries, referred > to as "negative caching", for 10 seconds. It's recommended to disable both > the positive and negative cache by setting them to 0 seconds, and rely on the > DNS caching implemented inside OCI's DNS systems. > > > java.security.Security.setProperty("networkaddress.cache.ttl", 0); > java.security.Security.setProperty("networkaddress.cache.negative.ttl", 0); > // (Optional) Force Java to use a specific DNS provider > // By default it will use whatever lookup is defined in the system => > files,nis,dns > // as in /etc/nsswitch.conf on linux > System.setProperty("sun.net.spi.nameservice.provider.1", "dns,sun"); > Or as an argument when invoking Java: > > Example: > java -Dnetworkaddress.cache.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 > app.jar > > > Diffs > ----- > > embeddedwebserver/scripts/ranger-admin-services.sh a76f0986c > > > Diff: https://reviews.apache.org/r/74398/diff/1/ > > > Testing > ------- > > > Thanks, > > Ramachandran Krishnan > >
