Elukey has uploaded a new change for review.
https://gerrit.wikimedia.org/r/301083
Change subject: Add the permissions_validity_in_ms among the configurable
parameters
......................................................................
Add the permissions_validity_in_ms among the configurable parameters
The AQS cluster has been experiencing some timeout errors due to:
Caused by: java.lang.RuntimeException:
org.apache.cassandra.exceptions.ReadTimeoutException:
Operation timed out - received only 1 responses.
at org.apache.cassandra.auth.Auth.selectUser(Auth.java)
Reading through bug reports it seems that the CassandraAuthorizer
(that afaik we use for auth) establishes non trivial checks for
each read/write ops. This could be a problem in already heavy loaded
clusters like AQS.
This patch should allow a puppet user to configure the
permissions_validity_in_ms parameter via Hiera.
Bug: T140869
Change-Id: I670bb46c4bff122c1ad86f3f506683033b63cfe4
---
M modules/cassandra/manifests/init.pp
M modules/cassandra/templates/cassandra.yaml-2.1.erb
M modules/cassandra/templates/cassandra.yaml-2.2.erb
3 files changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/83/301083/1
diff --git a/modules/cassandra/manifests/init.pp
b/modules/cassandra/manifests/init.pp
index b411f90..80b1870 100644
--- a/modules/cassandra/manifests/init.pp
+++ b/modules/cassandra/manifests/init.pp
@@ -51,6 +51,12 @@
# Else, the value provided will be used.
# Default: true
#
+# [*permissions_validity_in_ms*]
+# Validity period for permissions cache (fetching permissions can be an
+# expensive operation depending on the authorizer, CassandraAuthorizer is
+# one example). Will be disabled automatically for AllowAllAuthorizer.
+# Defaults to 2000, set to 0 to disable.
+#
# [*data_directory_base*]
# The base directory for cassandra data if we use default instance. In case
# of multi-instances this directory is generated based on the instance name.
@@ -244,6 +250,7 @@
$num_tokens = 256,
$authenticator = true,
$authorizor = true,
+ $permissions_validity_in_ms = 2000,
$data_directory_base = '/var/lib/cassandra',
$data_file_directories = ['/var/lib/cassandra/data'],
$commitlog_directory = '/var/lib/cassandra/commitlog',
diff --git a/modules/cassandra/templates/cassandra.yaml-2.1.erb
b/modules/cassandra/templates/cassandra.yaml-2.1.erb
index d746f72..ed91903 100644
--- a/modules/cassandra/templates/cassandra.yaml-2.1.erb
+++ b/modules/cassandra/templates/cassandra.yaml-2.1.erb
@@ -81,7 +81,7 @@
# expensive operation depending on the authorizer, CassandraAuthorizer is
# one example). Defaults to 2000, set to 0 to disable.
# Will be disabled automatically for AllowAllAuthorizer.
-permissions_validity_in_ms: 2000
+permissions_validity_in_ms: <%= @permissions_validity_in_ms %>
# The partitioner is responsible for distributing groups of rows (by
# partition key) across nodes in the cluster. You should leave this
diff --git a/modules/cassandra/templates/cassandra.yaml-2.2.erb
b/modules/cassandra/templates/cassandra.yaml-2.2.erb
index 2bba875..3a3d4af 100644
--- a/modules/cassandra/templates/cassandra.yaml-2.2.erb
+++ b/modules/cassandra/templates/cassandra.yaml-2.2.erb
@@ -109,7 +109,7 @@
# expensive operation depending on the authorizer, CassandraAuthorizer is
# one example). Defaults to 2000, set to 0 to disable.
# Will be disabled automatically for AllowAllAuthorizer.
-permissions_validity_in_ms: 2000
+permissions_validity_in_ms: <%= @permissions_validity_in_ms %>
# Refresh interval for permissions cache (if enabled).
# After this interval, cache entries become eligible for refresh. Upon next
--
To view, visit https://gerrit.wikimedia.org/r/301083
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I670bb46c4bff122c1ad86f3f506683033b63cfe4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Elukey <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
