hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rushabh S Shah (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11804) KMS client needs retry logic
Date Fri, 09 Jun 2017 18:31:18 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16044816#comment-16044816

Rushabh S Shah commented on HDFS-11804:

Thanks [~xiaochen] for the review.
bq. Not introduced by this, but the first parameter URI providerUri is not used in KMSCP#createProvider.
Fixed in the latest patch.

bq. Config names should follow existing pattern: s/kms.client/hadoop.security.kms.client/g
Fixed in the latest patch.
bq. core-default.xml needs to be updated with the new configs
Added in the latest patch.

bq. LBKMSCP, can we bring throw new IOException("No providers configured !"); forward, to
add a check at the beginning?
Added in the latest patch.

Regarding AuthenticatedException, I think below is 1 possible way to have LBKMSCP#doOp end
up catching one:
KMSCP#createKey -> KMSCP#createConnection -> DelegationTokenAuthenticatedURL#openConnection
For this particular case, {{FailoverOnNetworkExceptionRetry}} retry policy will do the right
// Some comments here
  public RetryAction shouldRetry(Exception e, int retries,
        int failovers, boolean isIdempotentOrAtMostOnce) throws Exception {
else if (e instanceof SocketException
          || (e instanceof IOException && !(e instanceof RemoteException))) {
        if (isIdempotentOrAtMostOnce) {
          return new RetryAction(RetryAction.RetryDecision.FAILOVER_AND_RETRY,
        } else {
          return new RetryAction(RetryAction.RetryDecision.FAIL, 0,
              "the invoked method is not idempotent, and unable to determine "
                  + "whether it was invoked");
Since we are always passing {{isIdempotentOrAtMostOnce}} flag as false, the retryPolicy will
There are many places in KMSClientProvider in which all the Exception are getting converted
to IOException.
I don't understand the reasoning behind that.
If we want to fix it, we can open a new jira as that change is outside the scope of this jira.
Please review the latest patch.

> KMS client needs retry logic
> ----------------------------
>                 Key: HDFS-11804
>                 URL: https://issues.apache.org/jira/browse/HDFS-11804
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.6.0
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>         Attachments: HDFS-11804-trunk-1.patch, HDFS-11804-trunk-2.patch, HDFS-11804-trunk-3.patch,
HDFS-11804-trunk-4.patch, HDFS-11804-trunk.patch
> The kms client appears to have no retry logic – at all.  It's completely decoupled
from the ipc retry logic.  This has major impacts if the KMS is unreachable for any reason,
including but not limited to network connection issues, timeouts, the +restart during an upgrade+.
> This has some major ramifications:
> # Jobs may fail to submit, although oozie resubmit logic should mask it
> # Non-oozie launchers may experience higher rates if they do not already have retry logic.
> # Tasks reading EZ files will fail, probably be masked by framework reattempts
> # EZ file creation fails after creating a 0-length file – client receives EDEK in
the create response, then fails when decrypting the EDEK
> # Bulk hadoop fs copies, and maybe distcp, will prematurely fail

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message