This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch 1.4.x
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 58d8e4804408eb112b537609fa60f188f5fed248
Author: Benjamin Mahler <bmah...@apache.org>
AuthorDate: Fri Aug 10 17:09:52 2018 -0700
Increased and added flag for the master's authentication timeout.
There is not a lot of value in the master timing out a client's
authentication, other than releasing a small amount of resources.
We currently have a burned in 5 second timeout, which is largely
sufficient since most authenticators are implemented to use an
actor per session and avoid any head-of-line blocking.
Ideally, the master would know how long the client's timeout and
the master can use that for its own timeout. The current max backoff
for schedulers and agents is 1 minute, so this patch bumps the
master's timeout to be closer to that (15 seconds). We don't bump it
further because the vast majority of the timeout time is spent in
the initial trip through the master's queue, which occurs before
the master sets up its timeout.
This also adds a flag, both to allow users to tune this, as well
as to allow us to control timing in tests.
Review: https://reviews.apache.org/r/68305
---
docs/authentication.md | 4 ++++
src/master/constants.hpp | 8 ++++++++
src/master/flags.cpp | 10 ++++++++++
src/master/flags.hpp | 1 +
src/master/master.cpp | 2 +-
5 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/docs/authentication.md b/docs/authentication.md
index a96de6e..1b00695 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -64,6 +64,10 @@ Mesos master and agent processes. For more information,
refer to the
allowed to register. If `false` (the default), unauthenticated agents are
also
allowed to register.
+* `--authentication_v0_timeout` - The timeout within which an authentication is
+ expected to complete against a v0 framework or agent. This does not apply to
+ the v0 or v1 HTTP APIs.(default: `15secs`)
+
* `--authenticators` - Specifies which authenticator module to use. The
default
is `crammd5`, but additional modules can be added using the `--modules`
option.
diff --git a/src/master/constants.hpp b/src/master/constants.hpp
index c35ed45..e8a8085 100644
--- a/src/master/constants.hpp
+++ b/src/master/constants.hpp
@@ -45,6 +45,14 @@ constexpr double MIN_CPUS = 0.01;
// Minimum amount of memory per offer.
constexpr Bytes MIN_MEM = Megabytes(32);
+// Default timeout for v0 framework and agent authentication
+// before the master cancels an in-progress authentication.
+//
+// TODO(bmahler): Ideally, we remove this v0-style authentication
+// in favor of just using HTTP authentication at the libprocess
+// layer.
+constexpr Duration DEFAULT_AUTHENTICATION_V0_TIMEOUT = Seconds(15);
+
// Default interval the master uses to send heartbeats to an HTTP
// scheduler.
constexpr Duration DEFAULT_HEARTBEAT_INTERVAL = Seconds(15);
diff --git a/src/master/flags.cpp b/src/master/flags.cpp
index af0014c..19145db 100644
--- a/src/master/flags.cpp
+++ b/src/master/flags.cpp
@@ -231,6 +231,16 @@ mesos::internal::master::Flags::Flags()
"If `false`, unauthenticated agents are also allowed to register.",
false);
+ // TODO(bmahler): Ideally, we remove this v0-style authentication
+ // in favor of just using HTTP authentication at the libprocess
+ // layer.
+ add(&Flags::authentication_v0_timeout,
+ "authentication_v0_timeout",
+ "The timeout within which an authentication is expected\n"
+ "to complete against a v0 framework or agent. This does not\n"
+ "apply to the v0 or v1 HTTP APIs.",
+ DEFAULT_AUTHENTICATION_V0_TIMEOUT);
+
// TODO(zhitao): Remove deprecated `--authenticate_http` flag name after
// the deprecation cycle which started with Mesos 1.0.
add(&Flags::authenticate_http_readwrite,
diff --git a/src/master/flags.hpp b/src/master/flags.hpp
index b262fd2..2e659df 100644
--- a/src/master/flags.hpp
+++ b/src/master/flags.hpp
@@ -68,6 +68,7 @@ public:
Option<std::string> weights;
bool authenticate_frameworks;
bool authenticate_agents;
+ Duration authentication_v0_timeout;
bool authenticate_http_readonly;
bool authenticate_http_readwrite;
bool authenticate_http_frameworks;
diff --git a/src/master/master.cpp b/src/master/master.cpp
index f654300..8256999 100644
--- a/src/master/master.cpp
+++ b/src/master/master.cpp
@@ -7898,7 +7898,7 @@ void Master::authenticate(const UPID& from, const UPID&
pid)
future.onAny(defer(self(), &Self::_authenticate, pid, lambda::_1));
// Don't wait for authentication to complete forever.
- delay(Seconds(5),
+ delay(flags.authentication_v0_timeout,
self(),
&Self::authenticationTimeout,
future);
