Gary Helmling created HBASE-12578:
-------------------------------------
Summary: Change TokenProvider to a SingletonCoprocessorService
Key: HBASE-12578
URL: https://issues.apache.org/jira/browse/HBASE-12578
Project: HBase
Issue Type: Improvement
Components: security
Reporter: Gary Helmling
The {{TokenProvider}} coprocessor service, which is responsible for issuing
HBase delegation tokens, currently runs a region endpoint. In the security
documentation, we recommend configuring this coprocessor for all table regions,
however, we only ever address delegation token requests to the META region.
When {{TokenProvider}} was first added, region coprocessors were the only way
of adding endpoints. But, since then, we've added support for endpoints for
regionserver and master coprocessors. This makes loading {{TokenProvider}} on
all table regions unnecessarily wasteful.
We can reduce the overhead for {{TokenProvider}} and greatly improve it's
scalability by doing the following:
# Convert {{TokenProvider}} to a {{SingletonCoprocessorService}} that is
configured to run on all regionservers. This will ensure a single instance per
regionserver instead of one per region.
# Direct delegation token requests to a random running regionserver so that we
don't hotspot any single instance with requests.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
