[
https://issues.apache.org/jira/browse/HDFS-17128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17748360#comment-17748360
]
ASF GitHub Bot commented on HDFS-17128:
---------------------------------------
hchaverri opened a new pull request, #5897:
URL: https://github.com/apache/hadoop/pull/5897
…che so tokens are updated frequently
<!--
Thanks for sending a pull request!
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
2. Make sure your PR title starts with JIRA issue id, e.g.,
'HADOOP-17799. Your PR title ...'.
-->
### Description of PR
The SQLDelegationTokenSecretManager is used by RBF to store a higher volume
of tokens than supported by Zookeeper. Currently, the default in-memory Map is
used to store tokens on each router and its contents are not refreshed
periodically. These changes will allow routers to update the status of tokens
in memory after a short period of time, such that renewals or cancellations
handled by any router are reflected on all of them.
### How was this patch tested?
Added unit tests for renewal and cancellations, validating that changes are
propagated to other SecretManagers.
### For code changes:
- [Y] Does the title or this PR starts with the corresponding JIRA issue id
(e.g. 'HADOOP-17799. Your PR title ...')?
- [Y] Object storage: have the integration tests been executed and the
endpoint declared according to the connector-specific documentation?
- [Y] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [Y] If applicable, have you updated the `LICENSE`, `LICENSE-binary`,
`NOTICE-binary` files?
> RBF: SQLDelegationTokenSecretManager should use version of tokens updated by
> other routers
> ------------------------------------------------------------------------------------------
>
> Key: HDFS-17128
> URL: https://issues.apache.org/jira/browse/HDFS-17128
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: rbf
> Reporter: Hector Sandoval Chaverri
> Priority: Major
>
> The SQLDelegationTokenSecretManager keeps tokens that it has interacted with
> in a memory cache. This prevents routers from connecting to the SQL server
> for each token operation, improving performance.
> We've noticed issues with some tokens being loaded in one router's cache and
> later renewed on a different one. If clients try to use the token in the
> outdated router, it will throw an "Auth failed" error when the cached token's
> expiration has passed.
> This can also affect cancelation scenarios since a token can be removed from
> one router's cache and still exist in another one.
> A possible solution is already implemented on the
> ZKDelegationTokenSecretManager, which consists of having an executor
> refreshing each router's cache on a periodic basis. We should evaluate
> whether this will work with the volume of tokens expected to be handled by
> the SQLDelegationTokenSecretManager.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
