[jira] [Commented] (HDFS-17128) RBF: SQLDelegationTokenSecretManager should use version of tokens updated by other routers

Sat, 19 Aug 2023 19:14:05 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-17128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17756430#comment-17756430
 ] 

ASF GitHub Bot commented on HDFS-17128:
---------------------------------------

slfan1989 commented on PR #5963:
URL: https://github.com/apache/hadoop/pull/5963#issuecomment-1685156419

   > > 
   > 
   > @slfan1989 the checkstyle issue is the pre-existing one on 
AbstractDelegationTokenSecretManager that we decided to ignore on the trunk PR: 
[#5897 
(comment)](https://github.com/apache/hadoop/pull/5897#issuecomment-1666552826)
   
   @hchaverri Thanks for your contribution! merge into branch3.3. @simbadzina 
Thanks for helping to review the code!




> RBF: SQLDelegationTokenSecretManager should use version of tokens updated by 
> other routers
> ------------------------------------------------------------------------------------------
>
>                 Key: HDFS-17128
>                 URL: https://issues.apache.org/jira/browse/HDFS-17128
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: rbf
>            Reporter: Hector Sandoval Chaverri
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HDFS-17128-branch-3.3.patch
>
>
> The SQLDelegationTokenSecretManager keeps tokens that it has interacted with 
> in a memory cache. This prevents routers from connecting to the SQL server 
> for each token operation, improving performance.
> We've noticed issues with some tokens being loaded in one router's cache and 
> later renewed on a different one. If clients try to use the token in the 
> outdated router, it will throw an "Auth failed" error when the cached token's 
> expiration has passed.
> This can also affect cancelation scenarios since a token can be removed from 
> one router's cache and still exist in another one.
> A possible solution is already implemented on the 
> ZKDelegationTokenSecretManager, which consists of having an executor 
> refreshing each router's cache on a periodic basis. We should evaluate 
> whether this will work with the volume of tokens expected to be handled by 
> the SQLDelegationTokenSecretManager.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to