mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Sekretenko (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (MESOS-10056) Perform synchronous authorization for scheduler calls.
Date Tue, 03 Mar 2020 14:24:00 GMT

    [ https://issues.apache.org/jira/browse/MESOS-10056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17032564#comment-17032564
] 

Andrei Sekretenko edited comment on MESOS-10056 at 3/3/20 2:23 PM:
-------------------------------------------------------------------

[https://reviews.apache.org/r/72094]
 [https://reviews.apache.org/r/72095]
 [https://reviews.apache.org/r/72089]
 [https://reviews.apache.org/r/72093]
 [https://reviews.apache.org/r/72096]
 [https://reviews.apache.org/r/72097
https://reviews.apache.org/r/72169|https://reviews.apache.org/r/72097]
 [https://reviews.apache.org/r/72098]
 [https://reviews.apache.org/r/72099]


was (Author: asekretenko):
[https://reviews.apache.org/r/72094]
[https://reviews.apache.org/r/72095]
 [https://reviews.apache.org/r/72089]
 [https://reviews.apache.org/r/72093]
 [https://reviews.apache.org/r/72096]
 [https://reviews.apache.org/r/72097]
 [https://reviews.apache.org/r/72098]
 [https://reviews.apache.org/r/72099]

> Perform synchronous authorization for scheduler calls.
> ------------------------------------------------------
>
>                 Key: MESOS-10056
>                 URL: https://issues.apache.org/jira/browse/MESOS-10056
>             Project: Mesos
>          Issue Type: Improvement
>          Components: master
>            Reporter: Benjamin Mahler
>            Assignee: Andrei Sekretenko
>            Priority: Major
>
> After chatting with [~asekretenko] about how best to resolve MESOS-10023, as an alternative
to making all scheduler calls get sequenced through an asynchronous authorization step, I
brought up the old idea of making authorization synchronous.
> This came up (although I can't find a ticket for it) in the past because the master event
stream outgoing message authorization becomes very expensive for a large number of subscribers
(cc [~greggomann]). Back then, I suggested that we always hold on to valid object approvers
so that we could synchronously (and cheaply) authorize the outgoing events. These object approvers
would be kept up to date in the background, and if authorization fails to keep them up to
date, we would treat that the same as an authorization failure is currently treated.
> We can apply the same idea (although we haven't applied it to the master's event stream
yet) to scheduler API calls, which should help resolve MESOS-10023 since we're no longer mixing
asynchronously authorized calls with calls that don't go through authorization.
> This will also yield a performance improvement, scheduler calls no longer get delayed
by asynchronous authorization, and an extra trip through the master queue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message