[HDFS-17128] RBF: SQLDelegationTokenSecretManager should use version of tokens updated by other routers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.4.0
Component/s: rbf
Labels:
- pull-request-available

Target Version/s:

3.4.0
Hadoop Flags:

Reviewed

Description

The SQLDelegationTokenSecretManager keeps tokens that it has interacted with in a memory cache. This prevents routers from connecting to the SQL server for each token operation, improving performance.

We've noticed issues with some tokens being loaded in one router's cache and later renewed on a different one. If clients try to use the token in the outdated router, it will throw an "Auth failed" error when the cached token's expiration has passed.

This can also affect cancelation scenarios since a token can be removed from one router's cache and still exist in another one.

A possible solution is already implemented on the ZKDelegationTokenSecretManager, which consists of having an executor refreshing each router's cache on a periodic basis. We should evaluate whether this will work with the volume of tokens expected to be handled by the SQLDelegationTokenSecretManager.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-17128-branch-3.3.patch
14/Aug/23 16:35
21 kB
Hector Sandoval Chaverri

Issue Links

links to

GitHub Pull Request #5897

GitHub Pull Request #5963

Activity

People

Assignee:: Hector Sandoval Chaverri

Reporter:: Hector Sandoval Chaverri

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 26/Jul/23 18:10

Updated:: 27/Jan/24 01:11

Resolved:: 13/Jan/24 08:12