Repository: incubator-ranger Updated Branches: refs/heads/master 8aef120e7 -> 97f1d5d05
Ranger-466: PolicyRefresher should timeout when Ranger Admin is non responsive and should use local cache for policy enforcement if present Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/97f1d5d0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/97f1d5d0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/97f1d5d0 Branch: refs/heads/master Commit: 97f1d5d05d5851c81d4ef57960b4c891d7633952 Parents: 8aef120 Author: rmani <rm...@hortonworks.com> Authored: Thu May 14 14:58:58 2015 -0700 Committer: rmani <rm...@hortonworks.com> Committed: Thu May 14 14:58:58 2015 -0700 ---------------------------------------------------------------------- .../ranger/plugin/util/PolicyRefresher.java | 23 +++++++++++++++----- .../ranger/plugin/util/RangerRESTClient.java | 6 +++++ 2 files changed, 24 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97f1d5d0/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java index 36548e4..341a65e 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java @@ -45,9 +45,9 @@ public class PolicyRefresher extends Thread { private final String cacheFile; private final Gson gson; - private long pollingIntervalMs = 30 * 1000; - private long lastKnownVersion = -1; - + private long pollingIntervalMs = 30 * 1000; + private long lastKnownVersion = -1; + private boolean policyCacheLoadedOnce = false; public PolicyRefresher(RangerBasePlugin plugIn, String serviceType, String appId, String serviceName, RangerAdminClient rangerAdmin, long pollingIntervalMs, String cacheDir) { @@ -128,8 +128,6 @@ public class PolicyRefresher extends Thread { public void startRefresher() { - loadFromCache(); - super.start(); } @@ -144,6 +142,8 @@ public class PolicyRefresher extends Thread { } public void run() { + boolean loadFromCacheFlag = false; + if(LOG.isDebugEnabled()) { LOG.debug("==> PolicyRefresher(serviceName=" + serviceName + ").run()"); } @@ -175,8 +175,21 @@ public class PolicyRefresher extends Thread { LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): no update found. lastKnownVersion=" + lastKnownVersion); } } + + loadFromCacheFlag = false; + + policyCacheLoadedOnce = false; + } catch(Exception excp) { + loadFromCacheFlag = true; LOG.error("PolicyRefresher(serviceName=" + serviceName + "): failed to refresh policies. Will continue to use last known version of policies (" + lastKnownVersion + ")", excp); + } finally { + if (loadFromCacheFlag && !policyCacheLoadedOnce) { + //If ConnectionTime or PolicyAdmin down, fetch the Policy from Local Cache and load + LOG.info("PolicyRefresher(serviceName=" + serviceName + "): failed to refresh policy from Policy Manager. Loading Policies from local Cache. lastKnownVersion=" + lastKnownVersion); + loadFromCache(); + policyCacheLoadedOnce = true; + } } try { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97f1d5d0/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java index 1d57935..46fab40 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java @@ -83,6 +83,8 @@ public class RangerRESTClient { public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = "SunX509" ; public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "SSL" ; + public static final int RANGER_POLICYMGR_CLIENT_CONNECTION_TIMEOUT = 120000; + public static final int RANGER_POLICYMGR_CLIENT_READ_TIMEOUT = 30000; private String mUrl = null; private String mSslConfigFileName = null; @@ -199,6 +201,10 @@ public class RangerRESTClient { client.addFilter(new HTTPBasicAuthFilter(mUsername, mPassword)); } + // Set Connection Timeout and ReadTime for the PolicyRefresh + client.setConnectTimeout(RANGER_POLICYMGR_CLIENT_CONNECTION_TIMEOUT); + client.setReadTimeout(RANGER_POLICYMGR_CLIENT_READ_TIMEOUT); + return client; }