accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3890) Use of CredentialProvider results in a lot of NN ops
Date Mon, 08 Jun 2015 19:47:01 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14577725#comment-14577725
] 

Josh Elser commented on ACCUMULO-3890:
--------------------------------------

bq. Hmmm, I thought that the cache was complete removed from CredentialProvider API.

In 8c1a46ca4fa27cc996f7e2495b8483001a903faa in branch-2.7, I still see {{private final Map<String,
CredentialEntry> cache = new HashMap<String, CredentialEntry>();}} that isn't getting
updated.

bq. I never thought that caching was as needed for passwords as much as for keys and assumed
the type of scenario that Billie Rinaldi describes in the description of this jira.

I think the issue is partially related to how we store any sensitive in with the rest of the
configuration properties for the system. This results in pulling the keys from the CP more
often than they're likely actually used (perhaps indicative of the larger problem ACCUMULO-3033
touched on).

I'm not really sure what a good bugfix would look like here given the circumstance. I think
we might need to investigate more because I'm not exactly sure how we're running into this.
I would have through the KeyStore implementation would have cached the data in the file from
HDFS anyways. Maybe we're re-creating CPs more often than intended now.

> Use of CredentialProvider results in a lot of NN ops
> ----------------------------------------------------
>
>                 Key: ACCUMULO-3890
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3890
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.6.1, 1.6.2, 1.7.0
>            Reporter: Billie Rinaldi
>            Assignee: Billie Rinaldi
>             Fix For: 1.6.3, 1.7.1, 1.8.0
>
>
> Every time we access a sensitive property or iterate over a configuration when there
is a CredentialProvider configured, it results in NN operations (as evidenced by FSNamesystem.audit
logs).  I think that we could assume the CredentialProvider is static, read its properties
once and cache them in memory to avoid these unnecessary reads.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message