drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sorabh Hamirwasia (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-5485) Remove WebServer dependency on DrillClient
Date Mon, 08 May 2017 04:44:04 GMT
Sorabh Hamirwasia created DRILL-5485:
----------------------------------------

             Summary: Remove WebServer dependency on DrillClient
                 Key: DRILL-5485
                 URL: https://issues.apache.org/jira/browse/DRILL-5485
             Project: Apache Drill
          Issue Type: Improvement
          Components: Web Server
            Reporter: Sorabh Hamirwasia
             Fix For: 1.11.0


With encryption support using SASL, client's won't be able to authenticate using PLAIN mechanism
when encryption is enabled on the cluster. Today WebServer which is embedded inside Drillbit
creates a DrillClient instance for each WebClient session. And the WebUser is authenticated
as part of authentication between DrillClient instance and Drillbit using PLAIN mechanism.
But with encryption enabled this will fail since encryption doesn't support authentication
using PLAN mechanism, hence no WebClient can connect to a Drillbit. There are below issues
as well with this approach:
1) Since DrillClient is used per WebUser session this is expensive as it has heavyweight RPC
layer for DrillClient and all it's dependencies. 
2) If the Foreman for a WebUser is also selected to be a different node then there will be
extra hop of transferring data back to WebClient.
To resolve all the above issue it would be better to authenticate the WebUser locally using
the Drillbit on which WebServer is running without creating DrillClient instance. We can use
the local PAMAuthenticator to authenticate the user. After authentication is successful the
local Drillbit can also serve as the Foreman for all the queries submitted by WebUser. This
can be achieved by submitting the query to the local Drillbit Foreman work queue. This will
also remove the requirement to encrypt the channel opened between WebServer (DrillClient)
and selected Drillbit since with this approach there won't be any physical channel opened
between them.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message