hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11885) createEncryptionZone should not block on initializing EDEK cache
Date Wed, 31 May 2017 04:42:04 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16030623#comment-16030623
] 

Xiao Chen commented on HDFS-11885:
----------------------------------

Thanks [~andrew.wang] for reporting the issue and providing a patch. I think this is a good
fix.

[~shahrs87]'s comments addresses a similar but different problem, but also sounds like a good
improvement. Rushabh, would you mind filing a jira and attach your patch? Thanks.

Back to this jira. It seems the proactive warming up was added by HDFS-7209, but now that
we have EDEKloader thread, it makes sense to do it there. And most importantly, async.

Some small comments and 1 question. (Also thanks for the refactoring, looks pretty good!)

Comments:
- I feel the javadocs on those {{@VisibleForTesting}} methods are a bit redundant.
- This is existing code, {{EDEKCacheLoader.java}} line 112's param name should be "keyNames",
not "edeks"
- precommit will likely catch this: FSN's {{edekCacheLoader}} should be private.
- I think the new test case's name should be warmup *Dont* block create zone.
- Sleeping for nine 9s' are pretty much stalled, but I think {{Long.MAX_VALUE}} reads better.

Question:
Wanted to get this all sorted out: It seems after this fix there are only 2 places that could
end up with blocking call to KMS:
- startFile which eventually {{generateEncryptedKey}}. With Rushabh's patch this will become
retriable exception IIUC.
- createZone which eventually {{ensureKeyIsInitialized}}. Will this also be covered? It seems
to me {{KeyProvider#getMetadata}} is always a synchronized call, and there's no client-side
cache now. If our goal is createEZ should never block, shouldn't we fix this too?

> createEncryptionZone should not block on initializing EDEK cache
> ----------------------------------------------------------------
>
>                 Key: HDFS-11885
>                 URL: https://issues.apache.org/jira/browse/HDFS-11885
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 2.6.5
>            Reporter: Andrew Wang
>            Assignee: Andrew Wang
>            Priority: Critical
>         Attachments: HDFS-11885.001.patch
>
>
> When creating an encryption zone, we call {{ensureKeyIsInitialized}}, which calls {{provider.warmUpEncryptedKeys(keyName)}}.
This is a blocking call, which attempts to fill the key cache up to the low watermark.
> If the KMS is down or slow, this can take a very long time, and cause the createZone
RPC to fail with a timeout.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message