[
https://issues.apache.org/jira/browse/HDFS-11885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16030623#comment-16030623
]
Xiao Chen commented on HDFS-11885:
----------------------------------
Thanks [~andrew.wang] for reporting the issue and providing a patch. I think
this is a good fix.
[~shahrs87]'s comments addresses a similar but different problem, but also
sounds like a good improvement. Rushabh, would you mind filing a jira and
attach your patch? Thanks.
Back to this jira. It seems the proactive warming up was added by HDFS-7209,
but now that we have EDEKloader thread, it makes sense to do it there. And most
importantly, async.
Some small comments and 1 question. (Also thanks for the refactoring, looks
pretty good!)
Comments:
- I feel the javadocs on those {{@VisibleForTesting}} methods are a bit
redundant.
- This is existing code, {{EDEKCacheLoader.java}} line 112's param name should
be "keyNames", not "edeks"
- precommit will likely catch this: FSN's {{edekCacheLoader}} should be private.
- I think the new test case's name should be warmup *Dont* block create zone.
- Sleeping for nine 9s' are pretty much stalled, but I think {{Long.MAX_VALUE}}
reads better.
Question:
Wanted to get this all sorted out: It seems after this fix there are only 2
places that could end up with blocking call to KMS:
- startFile which eventually {{generateEncryptedKey}}. With Rushabh's patch
this will become retriable exception IIUC.
- createZone which eventually {{ensureKeyIsInitialized}}. Will this also be
covered? It seems to me {{KeyProvider#getMetadata}} is always a synchronized
call, and there's no client-side cache now. If our goal is createEZ should
never block, shouldn't we fix this too?
> createEncryptionZone should not block on initializing EDEK cache
> ----------------------------------------------------------------
>
> Key: HDFS-11885
> URL: https://issues.apache.org/jira/browse/HDFS-11885
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption
> Affects Versions: 2.6.5
> Reporter: Andrew Wang
> Assignee: Andrew Wang
> Priority: Critical
> Attachments: HDFS-11885.001.patch
>
>
> When creating an encryption zone, we call {{ensureKeyIsInitialized}}, which
> calls {{provider.warmUpEncryptedKeys(keyName)}}. This is a blocking call,
> which attempts to fill the key cache up to the low watermark.
> If the KMS is down or slow, this can take a very long time, and cause the
> createZone RPC to fail with a timeout.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
