KeDeng has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/21673 )
Change subject: [ranger] enhance the robustness of key retrieval ...................................................................... [ranger] enhance the robustness of key retrieval In real-world scenarios where encryption keys are generated using Ranger, we might encounter the following error when starting the cluster: 'master_main.cc:42] Remote error: RunMasterServer() failed: Could not create new FS layout: unable to create instance metadata: failed to generate server key: HTTP 403'. This error can be resolved by simply restarting without making any changes. Upon investigation, it was found that the keys requested from Ranger have an effective period of 30 seconds after adding a new user, as referenced in [1]. To enhance the robustness of the Kudu code, I have added a retry mechanism for key retrieval in this patch to mitigate the impact of Ranger user activation periods on the startup process. Since only retry logic was added, no new unit tests were introduced. However, I still verified the success rate of the new patch in a real-world installation, and it reached 100%, which is a significant improvement compared to the previous 50%. [1]https://github.com/apache/ranger/blob/4e365456f6533ee5515c5070c92e355198922c81/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java#L92 Change-Id: I1fd3263ad6ba6d8e444036bb7d2158986098cb4b Reviewed-on: http://gerrit.cloudera.org:8080/21673 Reviewed-by: Alexey Serbin <[email protected]> Tested-by: KeDeng <[email protected]> --- M src/kudu/ranger-kms/ranger_kms_client.cc 1 file changed, 47 insertions(+), 1 deletion(-) Approvals: Alexey Serbin: Looks good to me, approved KeDeng: Verified -- To view, visit http://gerrit.cloudera.org:8080/21673 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I1fd3263ad6ba6d8e444036bb7d2158986098cb4b Gerrit-Change-Number: 21673 Gerrit-PatchSet: 10 Gerrit-Owner: KeDeng <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: KeDeng <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Yingchun Lai <[email protected]> Gerrit-Reviewer: Zoltan Chovan <[email protected]>
