accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3890) Use of CredentialProvider results in a lot of NN ops
Date Wed, 10 Jun 2015 04:52:00 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14580014#comment-14580014
] 

Larry McCay commented on ACCUMULO-3890:
---------------------------------------

HADOOP-12076 might actually help here. I thought that Accumulo was using Configuration.getPassword
but it seems not. If we instantiate the credential providers and keep them around instead
of reinstantiating them each time that properties are reloaded then the cache inside the provider
will help. As long as we keep in mind that clearing the cache will require restart or reinstantiating
the credential providers then it may help. We also have to consider that the provider.path
property shouldn't be changed across scans because the retrieved credential providers will
be static if you do this.

Whether there is value in accumulo having more control over the caching mechanism is a call
for you all. Given what must be a fairly aggressive config reloading pattern - I think that
it may make sense.


> Use of CredentialProvider results in a lot of NN ops
> ----------------------------------------------------
>
>                 Key: ACCUMULO-3890
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3890
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.6.1, 1.6.2, 1.7.0
>            Reporter: Billie Rinaldi
>            Assignee: Billie Rinaldi
>             Fix For: 1.6.3, 1.7.1, 1.8.0
>
>         Attachments: ACCUMULO-3890.1.patch, ACCUMULO-3890.2.patch
>
>
> Every time we access a sensitive property or iterate over a configuration when there
is a CredentialProvider configured, it results in NN operations (as evidenced by FSNamesystem.audit
logs).  I think that we could assume the CredentialProvider is static, read its properties
once and cache them in memory to avoid these unnecessary reads.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message