Solr
  1. Solr
  2. SOLR-8470

Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.3.2, 5.4.1, 5.5, 6.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently the PKIAuthenticationPlugin has hardcoded the ttl to 5000ms. There are users who have experienced timeouts. Make this configurable

      1. SOLR-8470.patch
        0.8 kB
        Noble Paul

        Activity

        Hide
        Anshum Gupta added a comment -

        Considering this isn't really a bug or even a new feature, I am debating weather we should add this to 5.3.2. I'm kind of inclined towards putting this in 5.3.2 unless someone has a problem with it as it would help users who're hitting the timeouts.

        Show
        Anshum Gupta added a comment - Considering this isn't really a bug or even a new feature, I am debating weather we should add this to 5.3.2. I'm kind of inclined towards putting this in 5.3.2 unless someone has a problem with it as it would help users who're hitting the timeouts.
        Hide
        Anshum Gupta added a comment -

        Noble Paul do you want to commit the patch from SOLR-8326 here? If you do, please commit it to the 5.3 branch too.

        Show
        Anshum Gupta added a comment - Noble Paul do you want to commit the patch from SOLR-8326 here? If you do, please commit it to the 5.3 branch too.
        Hide
        Anshum Gupta added a comment -

        LGTM!

        Show
        Anshum Gupta added a comment - LGTM!
        Hide
        ASF subversion and git services added a comment -

        Commit 1722811 from Noble Paul in branch 'dev/trunk'
        [ https://svn.apache.org/r1722811 ]

        SOLR-8470: Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property
        (pkiauth.ttl)

        Show
        ASF subversion and git services added a comment - Commit 1722811 from Noble Paul in branch 'dev/trunk' [ https://svn.apache.org/r1722811 ] SOLR-8470 : Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)
        Hide
        ASF subversion and git services added a comment -

        Commit 1722813 from Noble Paul in branch 'dev/branches/branch_5x'
        [ https://svn.apache.org/r1722813 ]

        SOLR-8470: Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)

        Show
        ASF subversion and git services added a comment - Commit 1722813 from Noble Paul in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1722813 ] SOLR-8470 : Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)
        Hide
        ASF subversion and git services added a comment -

        Commit 1722815 from Noble Paul in branch 'dev/branches/lucene_solr_5_3'
        [ https://svn.apache.org/r1722815 ]

        SOLR-8470: Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)

        Show
        ASF subversion and git services added a comment - Commit 1722815 from Noble Paul in branch 'dev/branches/lucene_solr_5_3' [ https://svn.apache.org/r1722815 ] SOLR-8470 : Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)
        Hide
        Nirmala Venkatraman added a comment -

        I applied Noble's patch for pkiauth.ttl(SOLR-8470) and set the ttl parameter to 60sec(default is 5sec) and ran another batch of indexing load. Good news is that I didn't hit any of the 401 exceptions as seen in SOLR-8422 , but one of the nodes sgdsolar7 went into recovery with zksession expiration in /overseer/elect.
        So I think this is a good fix for 5.3.2

        Show
        Nirmala Venkatraman added a comment - I applied Noble's patch for pkiauth.ttl( SOLR-8470 ) and set the ttl parameter to 60sec(default is 5sec) and ran another batch of indexing load. Good news is that I didn't hit any of the 401 exceptions as seen in SOLR-8422 , but one of the nodes sgdsolar7 went into recovery with zksession expiration in /overseer/elect. So I think this is a good fix for 5.3.2
        Hide
        Noble Paul added a comment -

        Nirmala Venkatraman Thanks a lot

        Show
        Noble Paul added a comment - Nirmala Venkatraman Thanks a lot
        Hide
        Nirmala Venkatraman added a comment -

        After applying the ttl patch and setting to 60sec, one of the nodes hit this error. Most likely culprit is slightly longer GC pauses . Do you think we should set autoReplicaFailoverWorkLoopDelay to a greater # than default of 10sec

        2016-01-04 23:05:37.205 ERROR (OverseerHdfsCoreFailoverThread-239245611805900804-sgdsolar7.swg.usma.ibm.com:8984_solr-n_0000000133) [ ] o.a.s.c.OverseerAutoReplicaFailoverThread OverseerAutoReplicaFailoverThread had an error in its thread work loop.:org.apache.solr.common.SolrException: Error reading cluster properties
        at org.apache.solr.common.cloud.ZkStateReader.getClusterProps(ZkStateReader.java:732)
        at org.apache.solr.cloud.OverseerAutoReplicaFailoverThread.doWork(OverseerAutoReplicaFailoverThread.java:152)
        at org.apache.solr.cloud.OverseerAutoReplicaFailoverThread.run(OverseerAutoReplicaFailoverThread.java:131)
        at java.lang.Thread.run(Thread.java:745)
        Caused by: java.lang.InterruptedException
        at java.lang.Object.wait(Native Method)
        at java.lang.Object.wait(Object.java:502)
        at org.apache.zookeeper.ClientCnxn.submitRequest(ClientCnxn.java:1342)
        at org.apache.zookeeper.ZooKeeper.exists(ZooKeeper.java:1040)
        at org.apache.solr.common.cloud.SolrZkClient$5.execute(SolrZkClient.java:311)
        at org.apache.solr.common.cloud.SolrZkClient$5.execute(SolrZkClient.java:308)
        at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:61)
        at org.apache.solr.common.cloud.SolrZkClient.exists(SolrZkClient.java:308)
        at org.apache.solr.common.cloud.ZkStateReader.getClusterProps(ZkStateReader.java:725)
        ... 3 more

        2016-01-04 23:05:37.218 ERROR (OverseerExitThread) [ ] o.a.s.c.Overseer could not read the data
        org.apache.zookeeper.KeeperException$SessionExpiredException: KeeperErrorCode = Session expired for /overseer_elect/leader
        at org.apache.zookeeper.KeeperException.create(KeeperException.java:127)
        at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
        at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1155)
        at org.apache.solr.common.cloud.SolrZkClient$7.execute(SolrZkClient.java:345)
        at org.apache.solr.common.cloud.SolrZkClient$7.execute(SolrZkClient.java:342)
        at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:61)
        at org.apache.solr.common.cloud.SolrZkClient.getData(SolrZkClient.java:342)
        at org.apache.solr.cloud.Overseer$ClusterStateUpdater.checkIfIamStillLeader(Overseer.java:300)
        at org.apache.solr.cloud.Overseer$ClusterStateUpdater.access$300(Overseer.java:87)
        at org.apache.solr.cloud.Overseer$ClusterStateUpdater$2.run(Overseer.java:261)
        2016-01-04 23:05:37.206 ERROR (qtp829053325-487) [c:collection33 s:shard1 r:core_node2 x:collection33_shard1_replica1] o.a.s.c.SolrCore org.apache.solr.common.SolrException: Cannot talk to ZooKeeper - Updates are disabled.

        Show
        Nirmala Venkatraman added a comment - After applying the ttl patch and setting to 60sec, one of the nodes hit this error. Most likely culprit is slightly longer GC pauses . Do you think we should set autoReplicaFailoverWorkLoopDelay to a greater # than default of 10sec 2016-01-04 23:05:37.205 ERROR (OverseerHdfsCoreFailoverThread-239245611805900804-sgdsolar7.swg.usma.ibm.com:8984_solr-n_0000000133) [ ] o.a.s.c.OverseerAutoReplicaFailoverThread OverseerAutoReplicaFailoverThread had an error in its thread work loop.:org.apache.solr.common.SolrException: Error reading cluster properties at org.apache.solr.common.cloud.ZkStateReader.getClusterProps(ZkStateReader.java:732) at org.apache.solr.cloud.OverseerAutoReplicaFailoverThread.doWork(OverseerAutoReplicaFailoverThread.java:152) at org.apache.solr.cloud.OverseerAutoReplicaFailoverThread.run(OverseerAutoReplicaFailoverThread.java:131) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.InterruptedException at java.lang.Object.wait(Native Method) at java.lang.Object.wait(Object.java:502) at org.apache.zookeeper.ClientCnxn.submitRequest(ClientCnxn.java:1342) at org.apache.zookeeper.ZooKeeper.exists(ZooKeeper.java:1040) at org.apache.solr.common.cloud.SolrZkClient$5.execute(SolrZkClient.java:311) at org.apache.solr.common.cloud.SolrZkClient$5.execute(SolrZkClient.java:308) at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:61) at org.apache.solr.common.cloud.SolrZkClient.exists(SolrZkClient.java:308) at org.apache.solr.common.cloud.ZkStateReader.getClusterProps(ZkStateReader.java:725) ... 3 more 2016-01-04 23:05:37.218 ERROR (OverseerExitThread) [ ] o.a.s.c.Overseer could not read the data org.apache.zookeeper.KeeperException$SessionExpiredException: KeeperErrorCode = Session expired for /overseer_elect/leader at org.apache.zookeeper.KeeperException.create(KeeperException.java:127) at org.apache.zookeeper.KeeperException.create(KeeperException.java:51) at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1155) at org.apache.solr.common.cloud.SolrZkClient$7.execute(SolrZkClient.java:345) at org.apache.solr.common.cloud.SolrZkClient$7.execute(SolrZkClient.java:342) at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:61) at org.apache.solr.common.cloud.SolrZkClient.getData(SolrZkClient.java:342) at org.apache.solr.cloud.Overseer$ClusterStateUpdater.checkIfIamStillLeader(Overseer.java:300) at org.apache.solr.cloud.Overseer$ClusterStateUpdater.access$300(Overseer.java:87) at org.apache.solr.cloud.Overseer$ClusterStateUpdater$2.run(Overseer.java:261) 2016-01-04 23:05:37.206 ERROR (qtp829053325-487) [c:collection33 s:shard1 r:core_node2 x:collection33_shard1_replica1] o.a.s.c.SolrCore org.apache.solr.common.SolrException: Cannot talk to ZooKeeper - Updates are disabled.
        Hide
        Noble Paul added a comment -

        This is because ZK session time out . Maybe, you need to keep a higher timeout.

        Show
        Noble Paul added a comment - This is because ZK session time out . Maybe, you need to keep a higher timeout.
        Hide
        ASF subversion and git services added a comment -

        Commit 1724197 from Adrien Grand in branch 'dev/branches/lucene_solr_5_4'
        [ https://svn.apache.org/r1724197 ]

        SOLR-8470: Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)

        Show
        ASF subversion and git services added a comment - Commit 1724197 from Adrien Grand in branch 'dev/branches/lucene_solr_5_4' [ https://svn.apache.org/r1724197 ] SOLR-8470 : Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)
        Hide
        ASF subversion and git services added a comment -

        Commit 1724198 from jpountz@apache.org in branch 'dev/branches/lucene_solr_5_4'
        [ https://svn.apache.org/r1724198 ]

        SOLR-8460, SOLR-8373, SOLR-8422, SOLR-7462, SOLR-8470: Add CHANGES entries for 5.4.1.

        Show
        ASF subversion and git services added a comment - Commit 1724198 from jpountz@apache.org in branch 'dev/branches/lucene_solr_5_4' [ https://svn.apache.org/r1724198 ] SOLR-8460 , SOLR-8373 , SOLR-8422 , SOLR-7462 , SOLR-8470 : Add CHANGES entries for 5.4.1.
        Hide
        ASF subversion and git services added a comment -

        Commit ca278cc8d55c392723c47bd7a396f591a0c6e679 in lucene-solr's branch refs/heads/branch_5_4 from Adrien Grand
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=ca278cc ]

        SOLR-8470: Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl)

        git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/branches/lucene_solr_5_4@1724197 13f79535-47bb-0310-9956-ffa450edef68

        Show
        ASF subversion and git services added a comment - Commit ca278cc8d55c392723c47bd7a396f591a0c6e679 in lucene-solr's branch refs/heads/branch_5_4 from Adrien Grand [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=ca278cc ] SOLR-8470 : Make TTL of PKIAuthenticationPlugin's tokens configurable through a system property (pkiauth.ttl) git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/branches/lucene_solr_5_4@1724197 13f79535-47bb-0310-9956-ffa450edef68
        Hide
        ASF subversion and git services added a comment -

        Commit 9ef144ddefe21f30c1c9ebd5246e7e03387488e1 in lucene-solr's branch refs/heads/branch_5_4 from Adrien Grand
        [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=9ef144d ]

        SOLR-8460, SOLR-8373, SOLR-8422, SOLR-7462, SOLR-8470: Add CHANGES entries for 5.4.1.

        git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/branches/lucene_solr_5_4@1724198 13f79535-47bb-0310-9956-ffa450edef68

        Show
        ASF subversion and git services added a comment - Commit 9ef144ddefe21f30c1c9ebd5246e7e03387488e1 in lucene-solr's branch refs/heads/branch_5_4 from Adrien Grand [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=9ef144d ] SOLR-8460 , SOLR-8373 , SOLR-8422 , SOLR-7462 , SOLR-8470 : Add CHANGES entries for 5.4.1. git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/branches/lucene_solr_5_4@1724198 13f79535-47bb-0310-9956-ffa450edef68

          People

          • Assignee:
            Noble Paul
            Reporter:
            Noble Paul
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development