Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-5394

Set socket timeouts while opening TSaslTransport

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Impala 2.8.0
    • Fix Version/s: Impala 2.11.0
    • Component/s: Distributed Exec
    • Labels:
      None
    • Environment:
      Kerberos

      Description

      Similar to IMPALA-3875, on a kerberized system, when the HS2 server does the initial SASL negotiation after the open, if the client never sends any data, the read() will hang and hangs the entire server port.

      In detail:

      - TThreadPoolServer calls getTransport() on a client from the Server
            thread (the thread that does the accepts).
            - TSaslServerTransport->getTransport() calls TSaslTransport->open()
            - TSaslServerTransport->open() tries to negotiate SASL which calls
              read/write
              - If read/write blocks, the TThreadPoolServer cannot accept
                connections
          - This can be demonstrated by running against a kerberos enabled cluster:
                  nc <impala host> <hs2 port> &
            then trying to connect to the hs2 port via beeline. The beeline
            connection will hang until the nc process is killed.
          - Can fix by setting the underlying TSocket recvTimeout and sendTimeout
            before the TSaslServerTransport->open() and reset them to 0 after
            open() completes.
          - Consider adding sasl_connect_tcp_timeout_seconds command line option (defaults to 10, 0 to disable)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jfs John Sherman
                Reporter:
                djcameron Doug Cameron
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: