hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "He Xiaoqiao (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-14305) Serial number in BlockTokenSecretManager could overlap between different namenodes
Date Mon, 25 Feb 2019 16:50:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-14305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16777091#comment-16777091

He Xiaoqiao commented on HDFS-14305:

Thanks [~xkrogen]. I will update code style and add some comment later.
{quote}I think 10 bits for the mask seems a little high to me; I agree with Chao that I can't
think of a situation where you would need more than 32 or 64, and fewer bits for the per-NN
key space mean a higher chance of collision on a NameNode restart.{quote}
Considering that there are total 32 bits of Integer and it is enough for rolling serial no
using 22 bits. another side, fewer bits for mask more namenodes it could cover that avoid
collision. So I choose 10 bits.
Of course, it is OK for me if choose number of mask bits between 3~10. Thanks again.

> Serial number in BlockTokenSecretManager could overlap between different namenodes
> ----------------------------------------------------------------------------------
>                 Key: HDFS-14305
>                 URL: https://issues.apache.org/jira/browse/HDFS-14305
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>            Reporter: Chao Sun
>            Assignee: Chao Sun
>            Priority: Major
>         Attachments: HDFS-14305.001.patch, HDFS-14305.002.patch, HDFS-14305.003.patch
> Currently, a {{BlockTokenSecretManager}} starts with a random integer as the initial
serial number, and then use this formula to rotate it:
> {code:java}
>     this.intRange = Integer.MAX_VALUE / numNNs;
>     this.nnRangeStart = intRange * nnIndex;
>     this.serialNo = (this.serialNo % intRange) + (nnRangeStart);
>  {code}
> while {{numNNs}} is the total number of NameNodes in the cluster, and {{nnIndex}} is
the index of the current NameNode specified in the configuration {{dfs.ha.namenodes.<nameservice>}}.
> However, with this approach, different NameNode could have overlapping ranges for serial
number. For simplicity, let's assume {{Integer.MAX_VALUE}} is 100, and we have 2 NameNodes
{{nn1}} and {{nn2}} in configuration. Then the ranges for these two are:
> {code}
> nn1 -> [-49, 49]
> nn2 -> [1, 99]
> {code}
> This is because the initial serial number could be any negative integer.
> Moreover, when the keys are updated, the serial number will again be updated with the
> {code}
> this.serialNo = (this.serialNo % intRange) + (nnRangeStart);
> {code}
> which means the new serial number could be updated to a range that belongs to a different
NameNode, thus increasing the chance of collision again.
> When the collision happens, DataNodes could overwrite an existing key which will cause
clients to fail because of {{InvalidToken}} error.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message