[jira] [Work logged] (BEAM-6182) Use of conscrypt SSL results in stuck workflows in Dataflow

ASF GitHub Bot (JIRA) Wed, 05 Dec 2018 11:45:02 -0800


     [ 
https://issues.apache.org/jira/browse/BEAM-6182?focusedWorklogId=172460&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-172460
 ]


ASF GitHub Bot logged work on BEAM-6182:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 05/Dec/18 19:36
            Start Date: 05/Dec/18 19:36
    Worklog Time Spent: 10m 
      Work Description: chamikaramj closed pull request #7210: [BEAM-6182] 
Cherry-pick: Disable conscrypt by default (#7203)
URL: https://github.com/apache/beam/pull/7210
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git 
a/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/DataflowWorkerHarnessHelper.java
 
b/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/DataflowWorkerHarnessHelper.java
index aeeec3318206..13df96c85e88 100644
--- 
a/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/DataflowWorkerHarnessHelper.java
+++ 
b/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/DataflowWorkerHarnessHelper.java
@@ -57,16 +57,20 @@ public static DataflowWorkerHarnessOptions 
initializeGlobalStateAndPipelineOptio
 
     ExperimentContext ec = ExperimentContext.parseFrom(pipelineOptions);
 
-    if (!ec.isEnabled(Experiment.DisableConscryptSecurityProvider)) {
+    String experimentName = 
Experiment.EnableConscryptSecurityProvider.getName();
+    if (ec.isEnabled(Experiment.EnableConscryptSecurityProvider)) {
       /* Enable fast SSL provider. */
       LOG.info(
-          "Dataflow runner uses conscrypt by default for SSL. To disable this 
feature, "
-              + "pass pipeline option 
--experiment=disable_conscrypt_security_provider");
+          "Dataflow runner is using conscrypt SSL. To disable this feature, "
+              + "remove the pipeline option --experiments={}",
+          experimentName);
       Security.insertProviderAt(new OpenSSLProvider(), 1);
     } else {
       LOG.info(
-          "Experiment disable_conscrypt_security_provider specified, disabling 
conscrypt "
-              + "SSL. Note this is the default Java behavior, but may have 
reduced performance.");
+          "Not using conscrypt SSL. Note this is the default Java behavior, 
but may "
+              + "have reduced performance. To use conscrypt SSL pass pipeline 
option "
+              + "--experiments={}",
+          experimentName);
     }
     return pipelineOptions;
   }
diff --git 
a/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/ExperimentContext.java
 
b/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/ExperimentContext.java
index 3ce1e0874c90..3bf1ca8360fb 100644
--- 
a/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/ExperimentContext.java
+++ 
b/runners/google-cloud-dataflow-java/worker/src/main/java/org/apache/beam/runners/dataflow/worker/ExperimentContext.java
@@ -36,7 +36,11 @@
 
   /** Enumeration of all known experiments. */
   public enum Experiment {
-    DisableConscryptSecurityProvider("disable_conscrypt_security_provider"),
+    /**
+     * Use the Conscrypt OpenSSL Java Security Provider. This may improve the 
performance of SSL
+     * operations for some IO connectors.
+     */
+    EnableConscryptSecurityProvider("enable_conscrypt_security_provider"),
     IntertransformIO("intertransform_io"), // Intertransform metrics for 
Shuffle IO (insights)
     SideInputIOMetrics("sideinput_io_metrics"); // Intertransform metrics for 
Side Input IO
 


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 172460)
    Time Spent: 1.5h  (was: 1h 20m)

> Use of conscrypt SSL results in stuck workflows in Dataflow
> -----------------------------------------------------------
>
>                 Key: BEAM-6182
>                 URL: https://issues.apache.org/jira/browse/BEAM-6182
>             Project: Beam
>          Issue Type: Bug
>          Components: runner-dataflow
>            Reporter: Ahmet Altay
>            Assignee: Tyler Akidau
>            Priority: Blocker
>             Fix For: 2.9.0
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> An experimental flag is being added to disable it for now with an option to 
> enable it per-workflow.
> Also related:
> https://issues.apache.org/jira/browse/BEAM-5747 - Upgrade conscrypt to its 
> latest version.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Work logged] (BEAM-6182) Use of conscrypt SSL results in stuck workflows in Dataflow

Reply via email to