accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3890) Use of CredentialProvider results in a lot of NN ops
Date Fri, 05 Jun 2015 17:28:00 GMT


Josh Elser commented on ACCUMULO-3890:

bq. does that happen for all CredentialProviders or just the demo java keystore-on-hdfs one?

Well, you're only going to incur a lot of NN ops when the CP is stored on HDFS :). In general,
I didn't add any caching to reading from the CPs when I added this support.

bq. how do we figure out when things have changed? i.e. for those that are using non-trivial
credential providers where sensitive properties might be updated as a part of a security incident,
are we going to require a cluster restart?

IMO, CPs should be treated like a static resource, same as accumulo-site.xml. Users should
still be able to override the value in ZK (when the property itself allows it: replication
user password and trace user password come to mind). Assuming I did that right too :)

> Use of CredentialProvider results in a lot of NN ops
> ----------------------------------------------------
>                 Key: ACCUMULO-3890
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.6.1, 1.6.2, 1.7.0
>            Reporter: Billie Rinaldi
>            Assignee: Billie Rinaldi
>             Fix For: 1.7.1, 1.8.0
> Every time we access a sensitive property or iterate over a configuration when there
is a CredentialProvider configured, it results in NN operations (as evidenced by FSNamesystem.audit
logs).  I think that we could assume the CredentialProvider is static, read its properties
once and cache them in memory to avoid these unnecessary reads.

This message was sent by Atlassian JIRA

View raw message