hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3608) fuse_dfs: detect changes in UID ticket cache
Date Thu, 19 Jul 2012 01:30:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417943#comment-13417943

Aaron T. Myers commented on HDFS-3608:

Latest patch looks pretty good to me. A few comments:

# I think the default timer period should be way lower. It seems totally fine to me to run
this every 5 or 10 seconds, instead of every 2.5 minutes.
# It's still weird to me that "expirationCount" isn't just a measure of time since last use,
but rather how many expiration checks have occurred. Why not make it time-based? It also seems
odd to me that the frequency of checking for expiration would affect how long the FS objects
stay in the cache. Seems like those two things should be independent. At the very least, the
comment "respresenting how recently this connection has been used" is still not accurate.
# Rather than configuring the timer period using the env var "FUSE_CONNECT_TIMER_PERIOD",
how about making it part of the normal Hadoop configuration? Or passing it as an argument
to fuse_dfs? There doesn't seem to be any reason to depart from the normal configuration systems
for this setting.
# Could use a function comment for printTime, hdfsConnExpiry.
# Typo: "This must be called before any of the other functions in this module.edu"

One question regarding your testing: did you test with Kerberos enabled? If so, did you try
kdestroy/kinit as a different use and confirm that it works as expected? Or a `kinit -R' ?
> fuse_dfs: detect changes in UID ticket cache
> --------------------------------------------
>                 Key: HDFS-3608
>                 URL: https://issues.apache.org/jira/browse/HDFS-3608
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.1.0-alpha
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>            Priority: Minor
>         Attachments: HDFS-3608.004.patch, HDFS-3608.006.patch, HDFS-3608.007.patch, HDFS-3608.008.patch
> Currently in fuse_dfs, if one kinits as some principal "foo" and then does some operation
on fuse_dfs, then kdestroy and kinit as some principal "bar", subsequent operations done via
fuse_dfs will still use cached credentials for "foo". The reason for this is that fuse_dfs
caches Filesystem instances using the UID of the user running the command as the key into
the cache.  This is a very uncommon scenario, since it's pretty uncommon for a single user
to want to use credentials for several different principals on the same box.
> However, we can use inotify to detect changes in the Kerberos ticket cache file and force
the next operation to create a new FileSystem instance in that case.  This will also require
a reference counting mechanism in fuse_dfs so that we can free the FileSystem classes when
they refer to previous Kerberos ticket caches.
> Another mechanism is to run a stat periodically on the ticket cache file.  This is a
good fallback mechanism if inotify does not work on the file (for example, because it's on
an NFS mount.)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message