[
https://issues.apache.org/jira/browse/YARN-11448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18032893#comment-18032893
]
ASF GitHub Bot commented on YARN-11448:
---------------------------------------
github-actions[bot] commented on PR #5443:
URL: https://github.com/apache/hadoop/pull/5443#issuecomment-3445309740
We're closing this stale PR because it has been open for 100 days with no
activity. This isn't a judgement on the merit of the PR in any way. It's just a
way of keeping the PR queue manageable.
If you feel like this was a mistake, or you would like to continue working
on it, please feel free to re-open it and ask for a committer to remove the
stale tag and review again.
Thanks all for your contribution.
> [Federation] Make Router Delegation token secret manager completely stateless
> -----------------------------------------------------------------------------
>
> Key: YARN-11448
> URL: https://issues.apache.org/jira/browse/YARN-11448
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: router
> Affects Versions: 3.4.0
> Reporter: Krishan Goyal
> Assignee: Krishan Goyal
> Priority: Major
> Labels: pull-request-available
>
> Currently router secret manager requires routers to be stateful & with
> clients using sticky sessions.
> Otherwise, there are several issues mentioned below which lead to the
> delegation token functionality not working across router instances
> Eg:
> # allKeys needs to be consistently updated across all router instances
> # DB update exceptions are swallowed & returned as a success if just in
> memory variables are updated
> # Purging Delegation Token / Master key on expiry assumes all tokens are
> available in memory
> # APIs like get all tokens return only in memory data which is incorrect
> A more scalable & maintainable framework for Router would be to be design it
> as a stateless service. Given database KV lookups are in the order of < 10
> ms, it doesn't add any latency overhead and makes router easier to maintain.
> Plus a stateless router setup, with no assumptions of stickiness makes the
> router framework more generic.
> Additionally, some of the functionality around master key ids, delegation
> token sequence numbers is implemented as globally autoincrement ids which too
> isn't feasible across all datastores. The actual requirement is to generate
> unique keys for master key ids / delegation tokens which is a much more
> simpler & generic solution. Plus certain apis like get sequence no / set
> sequence no aren't applicable for router and we can avoid providing them to
> make things much more simpler.
> This patch addresses these functional concerns while working within the
> interfaces of AbstractDelegationTokenSecretManager.
> As a later patch, we can create better delegation token interfaces to support
> both stateful & stateless secret managers.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
