hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12765) HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections
Date Fri, 19 Aug 2016 16:40:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15428416#comment-15428416

Hudson commented on HADOOP-12765:

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10310 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10310/])
HADOOP-12765. HttpServer2 should switch to using the non-blocking (weichiu: rev 03a9343d5798384b66fbd21e1e028acaf55b00e9)
* (edit) hadoop-common-project/hadoop-common/pom.xml
* (add) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SslSelectChannelConnectorSecure.java
* (delete) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SslSocketConnectorSecure.java
* (edit) hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/test/TestJettyHelper.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
* (edit) hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/MiniKMS.java
* (edit) hadoop-project/pom.xml

> HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent
performance degradation when handling SSL connections
> ----------------------------------------------------------------------------------------------------------------------------------------------
>                 Key: HADOOP-12765
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12765
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.7.2, 2.6.3
>            Reporter: Min Shen
>            Assignee: Min Shen
>         Attachments: HADOOP-12765.001.patch, HADOOP-12765.001.patch, HADOOP-12765.002.patch,
HADOOP-12765.003.patch, HADOOP-12765.004.patch, HADOOP-12765.005.patch, blocking_1.png, blocking_2.png,
> The current implementation uses the blocking SslSocketConnector which takes the default
maxIdleTime as 200 seconds. We noticed in our cluster that when users use a custom client
that accesses the WebHDFS REST APIs through https, it could block all the 250 handler threads
in NN jetty server, causing severe performance degradation for accessing WebHDFS and NN web
UI. Attached screenshots (blocking_1.png and blocking_2.png) illustrate that when using SslSocketConnector,
the jetty handler threads are not released until the 200 seconds maxIdleTime has passed. With
sufficient number of SSL connections, this issue could render NN HttpServer to become entirely
> We propose to use the non-blocking SslSelectChannelConnector as a fix. We have deployed
the attached patch within our cluster, and have seen significant improvement. The attached
screenshot (unblocking.png) further illustrates the behavior of NN jetty server after switching
to using SslSelectChannelConnector.
> The patch further disables SSLv3 protocol on server side to preserve the spirit of HADOOP-11260.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message