Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-3242

Investigate performance of GetTableSchema when authz tokens enabled

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.11.1, 1.13.0, 1.14.0
    • None
    • None
    • None

    Description

      As shown by benchmarks (see ConcurrentGetTableSchemaTest.Rpc and ConcurrentGetTableSchemaTest.DirectMethodCall test scenarios), processing GetTableSchema() RPC takes much more CPU resources when generating authz tokens. The latter is controlled by the --master_support_authz_tokens flag, which is set to true by default.

      Measuring the maximum achievable rate of requests that kudu-master is able to process at a particular node, the difference is in range from 5 to 15 times depending on hardware (CPU features, etc.)

      Given that the generation of authz tokens is turned on even if authz tokens are not used/needed (i.e. no fine-grained authz support via Sentry/Ranger is enabled), this might bring unexpected surprises when upgrading from an earlier version to 1.11 or later.

      As a stop-gap we can disable the generation of authz tokens by default, and it should be explicitly enabled with enabling fine-grained authz support.

      It's necessary to investigate the issue and find a way to address it in the scope of scalability of Kudu clusters.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. KUDU-3115 Improve scalability of Kudu masters

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              aserbin Alexey Serbin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: