Todd Lipcon has posted comments on this change. Change subject: [security] load/store public TSK in the system table ......................................................................
Patch Set 23: (5 comments) Looks like we're triggering another shutdown deadlock like https://issues.apache.org/jira/browse/KUDU-1863. Perhaps we should just switch over the master replication itest to use External MiniCluster instead of the internal one, to avoid having to deal with the shutdown races. http://gerrit.cloudera.org:8080/#/c/5935/23/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: Line 333: explicit TskEntryLoader(int64_t entry_expiration_seconds) do we ever use anything here except for WallTime_Now()? probably better to just set it in the ctor instead of passing it in. PS23, Line 452: } else { : if (l.leader_status().ok()) { hm, why'd this change from else if to else { if { ? PS23, Line 839: if (!s.ok()) { : LOG(ERROR) << "Failed to intialize IPKI certificate info: " : << s.ToString(); : return; I'm a little worried that, if one of these things fails, we'll return from this function but then be stuck in a disfunctional state (we're the leader master but the CA is not initialized, or we don't have the TSKs loaded, etc). I wonder if we can separate the read-only things (which shouldn't ever fail and could be CHECK) vs the write-back things like generating the next TSK (which could fail due to losing leadership, and are probably OK to fail). We could move the write-only things (expiring old keys and generating a new one) outside of holding the transition lock, after setting leader_ready_term_. Line 3293: leader_lock_.AssertAcquiredForReading(); I know you and Adar talked about this a bit on Friday on slack, but this seems kind of ugly to me. I think a leader_lock_.AssertAcquiredForReadOrWrite would probably be better even if less specific. http://gerrit.cloudera.org:8080/#/c/5935/23/src/kudu/master/master.cc File src/kudu/master/master.cc: PS23, Line 121: mananger nit: typo -- To view, visit http://gerrit.cloudera.org:8080/5935 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ie91d4129bda0ca49e81988c28385895a2abcd201 Gerrit-PatchSet: 23 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
