Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-17128

RBF: SQLDelegationTokenSecretManager should use version of tokens updated by other routers

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.4.0
    • 3.4.0
    • rbf
    • Reviewed

    Description

      The SQLDelegationTokenSecretManager keeps tokens that it has interacted with in a memory cache. This prevents routers from connecting to the SQL server for each token operation, improving performance.

      We've noticed issues with some tokens being loaded in one router's cache and later renewed on a different one. If clients try to use the token in the outdated router, it will throw an "Auth failed" error when the cached token's expiration has passed.

      This can also affect cancelation scenarios since a token can be removed from one router's cache and still exist in another one.

      A possible solution is already implemented on the ZKDelegationTokenSecretManager, which consists of having an executor refreshing each router's cache on a periodic basis. We should evaluate whether this will work with the volume of tokens expected to be handled by the SQLDelegationTokenSecretManager.

      Attachments

        1. HDFS-17128-branch-3.3.patch
          21 kB
          Hector Sandoval Chaverri

        Activity

          People

            hchaverri Hector Sandoval Chaverri
            hchaverri Hector Sandoval Chaverri
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: