Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-11702

Remove indefinite caching of key provider uri in DFSClient

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.9.0, 3.0.0-alpha4, 2.8.2
    • hdfs-client
    • None
    • Reviewed

    Description

      There is an indefinite caching of key provider uri in dfsclient.
      Relevant piece of code.

      DFSClient.java
        /**
         * The key provider uri is searched in the following order.
         * 1. If there is a mapping in Credential's secrets map for namenode uri.
         * 2. From namenode getServerDefaults rpc.
         * 3. Finally fallback to local conf.
         * @return keyProviderUri if found from either of above 3 cases,
         * null otherwise
         * @throws IOException
         */
        URI getKeyProviderUri() throws IOException {
          if (keyProviderUri != null) {
            return keyProviderUri;
          }
          // Lookup the secret in credentials object for namenodeuri.
          Credentials credentials = ugi.getCredentials();
         ...
         ...
      

      Once the key provider uri is set, it won't refresh the value even if the key provider uri on namenode is changed.
      For long running clients like on oozie servers, this means we have to bounce all the oozie servers to get the change reflected.
      After this change, the client will cache the value for an hour after which it will issue getServerDefaults call and will refresh the key provider uri.

      Attachments

        1. HDFS-11702.patch
          5 kB
          Rushabh Shah

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            shahrs87 Rushabh Shah
            shahrs87 Rushabh Shah
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment