Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13817

Add a finite shell command timeout to ShellBasedUnixGroupsMapping

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.6.0
    • 2.9.0, 3.0.0-alpha4
    • security
    • None
    • Reviewed
    • Hide
      A new introduced configuration key "hadoop.security.groups.shell.command.timeout" allows applying a finite wait timeout over the 'id' commands launched by the ShellBasedUnixGroupsMapping plugin. Values specified can be in any valid time duration units: https://hadoop.apache.org/docs/current/api/org/apache/hadoop/conf/Configuration.html#getTimeDuration-java.lang.String-long-java.util.concurrent.TimeUnit-

      Value defaults to 0, indicating infinite wait (preserving existing behaviour).
      Show
      A new introduced configuration key "hadoop.security.groups.shell.command.timeout" allows applying a finite wait timeout over the 'id' commands launched by the ShellBasedUnixGroupsMapping plugin. Values specified can be in any valid time duration units: https://hadoop.apache.org/docs/current/api/org/apache/hadoop/conf/Configuration.html#getTimeDuration-java.lang.String-long-java.util.concurrent.TimeUnit- Value defaults to 0, indicating infinite wait (preserving existing behaviour).

    Description

      The ShellBasedUnixGroupsMapping run various id commands via the ShellCommandExecutor modules without a timeout set (its set to 0, which implies infinite).

      If this command hangs for a long time on the OS end due to an unresponsive groups backend or other reasons, it also blocks the handlers that use it on the NameNode (or other services that use this class). That inadvertently causes odd timeout troubles on the client end where its forced to retry (only to likely run into such hangs again with every attempt until at least one command returns).

      It would be helpful to have a finite command timeout after which we may give up on the command and return the result equivalent of no groups found.

      Attachments

        1. HADOOP-13817.000.patch
          22 kB
          Harsh J
        2. HADOOP-13817-branch-2.000.patch
          22 kB
          Harsh J

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-15523 Shell command timeout given is in seconds whereas it is taken as millisec while scheduling

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #161

          Activity

            People

              qwertymaniac Harsh J
              qwertymaniac Harsh J
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: