[
https://issues.apache.org/jira/browse/HDFS-11702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15987959#comment-15987959
]
Rushabh S Shah commented on HDFS-11702:
---------------------------------------
Thanks [~hanishakoneru] for looking into this jira.
bq. the patch doesn't apply cleanly for me.
Which branch are you applying on ?
This patch is for trunk. I haven't tested on 2.8 or 2.7.
Given that jenkins build didn't complain about applying/compiling, that makes
me think maybe something wrong in your environment ?
bq. Every time DFSClient#getKeyProviderUri is called, keyProviderUri is set to
null and recalulated. There is no caching being done.
If you notice, then there are mainly 2 places to get keyprovider uri other than
local conf.
1. byte[] keyProviderUriBytes =
credentials.getSecretKey(getKeyProviderMapKey());
First if dfs client is in a task and if EZ was enabled during job submission
then the keyprovider from which kms token was fetched is added to credentials
object.
2. FsServerDefaults serverDefaults = getServerDefaults();
If you notice the {{getServerDefaults}} carefully, then the caching is done
there. The cache is good for an hour after which it will again call
Namenode#getServerDefaults.
Relevant piece of code
{code:title=DFSClient.java|borderStyle=solid}
public FsServerDefaults getServerDefaults() throws IOException {
checkOpen();
long now = Time.monotonicNow();
if ((serverDefaults == null) ||
(now - serverDefaultsLastUpdate > SERVER_DEFAULTS_VALIDITY_PERIOD)) {
serverDefaults = namenode.getServerDefaults();
serverDefaultsLastUpdate = now;
}
assert serverDefaults != null;
return serverDefaults;
}
{code}
Let me know if you I missed something.
> Remove indefinite caching of key provider uri in DFSClient
> ----------------------------------------------------------
>
> Key: HDFS-11702
> URL: https://issues.apache.org/jira/browse/HDFS-11702
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: hdfs-client
> Reporter: Rushabh S Shah
> Assignee: Rushabh S Shah
> Attachments: HDFS-11702.patch
>
>
> There is an indefinite caching of key provider uri in dfsclient.
> Relevant piece of code.
> {code:title=DFSClient.java|borderStyle=solid}
> /**
> * The key provider uri is searched in the following order.
> * 1. If there is a mapping in Credential's secrets map for namenode uri.
> * 2. From namenode getServerDefaults rpc.
> * 3. Finally fallback to local conf.
> * @return keyProviderUri if found from either of above 3 cases,
> * null otherwise
> * @throws IOException
> */
> URI getKeyProviderUri() throws IOException {
> if (keyProviderUri != null) {
> return keyProviderUri;
> }
> // Lookup the secret in credentials object for namenodeuri.
> Credentials credentials = ugi.getCredentials();
> ...
> ...
> {code}
> Once the key provider uri is set, it won't refresh the value even if the key
> provider uri on namenode is changed.
> For long running clients like on oozie servers, this means we have to bounce
> all the oozie servers to get the change reflected.
> After this change, the client will cache the value for an hour after which it
> will issue getServerDefaults call and will refresh the key provider uri.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
