Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B16ED200ACA for ; Thu, 9 Jun 2016 21:18:59 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id B0149160A58; Thu, 9 Jun 2016 19:18:59 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D5B48160A29 for ; Thu, 9 Jun 2016 21:18:58 +0200 (CEST) Received: (qmail 37285 invoked by uid 500); 9 Jun 2016 19:18:58 -0000 Mailing-List: contact user-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@accumulo.apache.org Delivered-To: mailing list user@accumulo.apache.org Received: (qmail 37275 invoked by uid 99); 9 Jun 2016 19:18:58 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Jun 2016 19:18:58 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 921001A01DD for ; Thu, 9 Jun 2016 19:18:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.28 X-Spam-Level: * X-Spam-Status: No, score=1.28 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=deenlo-com.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id O9mSUoQsfgnY for ; Thu, 9 Jun 2016 19:18:56 +0000 (UTC) Received: from mail-oi0-f51.google.com (mail-oi0-f51.google.com [209.85.218.51]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 5EE675F22F for ; Thu, 9 Jun 2016 19:18:53 +0000 (UTC) Received: by mail-oi0-f51.google.com with SMTP id p204so78978971oih.3 for ; Thu, 09 Jun 2016 12:18:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deenlo-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=gudmhsVYbkij66aBquXEA03PwFYYtW2rZhZXbMv0Em8=; b=hwofkub1rl67flE9o+Hwev2ikZrGjvrsO8MIOsiVeBsKvytJ7PMecTdnCco1kjmJYT vPH60TZxBRQ7LfbtRfXGK4djfAwGd7KSgQMWLP539lNqzE4UeNNOVnZjo6mgFrba+Or8 ZopeWHFLgHk/J4AvMC6S0RLzrDGuVtZx9Qr7fCalOjDAvOshMK0uv55jP9LQY6NdsMaI ADud6cduJBAH62UhiPOCaQO/VJsYNXWaUzLun1vYKSLSfLbq8MY6tIZxbu1RyFdsE0Ht 1ZTikcHfFxS/26UNoBUQM7XNwzjCzWzVQJ6Dz6GN3f52LzrjpbjFuybN9HYa88/lRh1k tlKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=gudmhsVYbkij66aBquXEA03PwFYYtW2rZhZXbMv0Em8=; b=N1ZFgP4S6M8NogS+gtQ551+Iaums6LxhI3z7+NsgSLa6M8c7ZETaZRehp8V5T6rU/Q 6F9DHSLZWwCl4kRDIuuKD/Pngx+qginfdtzuz9R+xSmA3lWHaylYjzYXo7WACD2i/Swz /3rkW+31vem841yVAur6EUGWtkfV+XaTJxd/f6B4fq6n4r4/n2b1oydxkV2GNdaWSLOF H5aDvYlHwz4qNpEpBgWIElEs3IE2nIulTlL0ES7G9g2L9x+F/SvdjFpSdcxsXXM+QEel fujT9bneULh6nDokZMCMZ/w381sG97IfPelDypQT+pdF0ZJmuGnp0egGuvmkx3JeS8nG fSIA== X-Gm-Message-State: ALyK8tIqm5dtfxrqox2f1XIp0r86yXFQwjuC5Q1fmUH/8TNdH+rHFxsX7U/WfPap5C8GhKQAXcI4QtLucwhE/w== MIME-Version: 1.0 X-Received: by 10.157.26.59 with SMTP id a56mr6022246ote.169.1465499921603; Thu, 09 Jun 2016 12:18:41 -0700 (PDT) Received: by 10.202.216.6 with HTTP; Thu, 9 Jun 2016 12:18:41 -0700 (PDT) In-Reply-To: References: Date: Thu, 9 Jun 2016 15:18:41 -0400 Message-ID: Subject: Re: visibility constraint performance From: Keith Turner To: user@accumulo.apache.org Content-Type: multipart/alternative; boundary=001a113e2df23eff6c0534dd4a13 archived-at: Thu, 09 Jun 2016 19:18:59 -0000 --001a113e2df23eff6c0534dd4a13 Content-Type: text/plain; charset=UTF-8 On Thu, Jun 9, 2016 at 2:49 PM, Jonathan Wonders wrote: > Hi All, > > I've been tracking down some performance issues on a few 1.6.x > environments and noticed some interesting and potentially undesirable > behavior in the visibility constraint. When the associated visibility > evaluator checks a token to see if the user has a matching authorization, > it uses the security operations from the tablet server's constraint > environment which ends up authenticating the user's credentials on each > call. This will end up flooding logs with Audit messages corresponding to > these authentications if the Audit logging is enabled. It also consumes a > non-negligible amount of CPU, produces a lot of garbage (maybe 50-60% of > that generated under a heavy streaming ingest load), and can cause some > contention between client pool threads when accessing the ZooCache. > > My initial measurements indicate a 25-30% decrease in ingest rate > (entries/s and MB/s) for my environement and workload when this constraint > is enabled. This is with the Audit logging disabled. > > Is this intended behavior? It seems like the authentication is redundant > with the authentication that is performed at the beginning of the update > session. > No. It would be best to avoid that behavior. > > Thanks, > --Jonathan > --001a113e2df23eff6c0534dd4a13 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Thu, Jun 9, 2016 at 2:49 PM, Jonathan Wonders <= jwonders88@gmail.= com> wrote:
Hi All,

I've been tracking down some performance i= ssues on a few 1.6.x environments and noticed some interesting and potentia= lly undesirable behavior in the visibility constraint.=C2=A0 When the assoc= iated visibility evaluator checks a token to see if the user has a matching= authorization, it uses the security operations from the tablet server'= s constraint environment which ends up authenticating the user's creden= tials on each call.=C2=A0 This will end up flooding logs with Audit message= s corresponding to these authentications if the Audit logging is enabled.= =C2=A0 It also consumes a non-negligible amount of CPU, produces a lot of g= arbage (maybe 50-60% of that generated under a heavy streaming ingest load)= , and can cause some contention between client pool threads when accessing = the ZooCache.

My initial measurements indicat= e a 25-30% decrease in ingest rate (entries/s and MB/s) for my environement= and workload when this constraint is enabled.=C2=A0 This is with the Audit= logging disabled.

Is this intended behavior= ?=C2=A0 It seems like the authentication is redundant with the authenticati= on that is performed at the beginning of the update session.

No. It would be best to avoid that behavior.<= /div>
=C2=A0
=
Thanks,
--Jonathan

--001a113e2df23eff6c0534dd4a13--