Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-3178

An option to terminate connections which have been open for very long time

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: master, security, tserver
    • Labels:
      None

      Description

      A Kudu client can open a connection to kudu-master or kudu-tserver and keep that connection open indefinitely by issuing some method at least once every --rpc_default_keepalive_time_ms interval (e.g., call Ping() method). This means there isn't a limit on how long an client can have access to cluster once it's authenticated, unless kudu-master and kudu-tserver processes are restarted. When fine-grained authorization if enforced, this issue is really benign because such lingering clients are unable to call any methods that require authz token to be provided.

      It would be nice to address this by providing an option to terminate connections which were established long time ago. Both the interval of the maximum connection lifetime and whether to terminate over-the-TTL connections should be controlled by flags.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              aserbin Alexey Serbin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: