HADOOP-11368. Fix SSLFactory truststore reloader thread leak in KMSClientProvider. Contributed by Arun Suresh.
(cherry picked from commit 74d4bfded98239507511dedb515bc6a54958d5a8) (cherry picked from commit deaa172e7a2ab09656cc9eb431a3e68a73e0bd96) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/478b37a8 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/478b37a8 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/478b37a8 Branch: refs/heads/ajisakaa/common-merge Commit: 478b37a8cb25c289034270fd89b7bc1f57b29605 Parents: 6245bea Author: Andrew Wang <[email protected]> Authored: Tue Dec 9 10:46:50 2014 -0800 Committer: Akira Ajisaka <[email protected]> Committed: Fri Aug 14 00:28:44 2015 +0900 ---------------------------------------------------------------------- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../crypto/key/kms/KMSClientProvider.java | 4 +++ .../hadoop/crypto/key/kms/server/TestKMS.java | 26 ++++++++++++++++++++ 3 files changed, 33 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/478b37a8/hadoop-common-project/hadoop-common/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index af406b6..3ed0c0e 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -22,6 +22,9 @@ Release 2.6.1 - UNRELEASED HADOOP-11343. Overflow is not properly handled in caclulating final iv for AES CTR. (Jerry Chen via wang) + HADOOP-11368. Fix SSLFactory truststore reloader thread leak in + KMSClientProvider. (Arun Suresh via wang) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/478b37a8/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index 60faaa5..c5f09de 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -814,6 +814,10 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, encKeyVersionQueue.shutdown(); } catch (Exception e) { throw new IOException(e); + } finally { + if (sslFactory != null) { + sslFactory.destroy(); + } } } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/478b37a8/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java index 4628e36..fa285ca 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java @@ -306,6 +306,32 @@ public class TestKMS { url.getProtocol().equals("https")); final URI uri = createKMSUri(getKMSUrl()); + if (ssl) { + KeyProvider testKp = new KMSClientProvider(uri, conf); + ThreadGroup threadGroup = Thread.currentThread().getThreadGroup(); + while (threadGroup.getParent() != null) { + threadGroup = threadGroup.getParent(); + } + Thread[] threads = new Thread[threadGroup.activeCount()]; + threadGroup.enumerate(threads); + Thread reloaderThread = null; + for (Thread thread : threads) { + if ((thread.getName() != null) + && (thread.getName().contains("Truststore reloader thread"))) { + reloaderThread = thread; + } + } + Assert.assertTrue("Reloader is not alive", reloaderThread.isAlive()); + testKp.close(); + boolean reloaderStillAlive = true; + for (int i = 0; i < 10; i++) { + reloaderStillAlive = reloaderThread.isAlive(); + if (!reloaderStillAlive) break; + Thread.sleep(1000); + } + Assert.assertFalse("Reloader is still alive", reloaderStillAlive); + } + if (kerberos) { for (String user : new String[]{"client", "client/host"}) { doAs(user, new PrivilegedExceptionAction<Void>() {
