Repository: hadoop Updated Branches: refs/heads/branch-2.6.1 65180617f -> 2a2888f2f
HADOOP-11368. Fix SSLFactory truststore reloader thread leak in KMSClientProvider. Contributed by Arun Suresh. (cherry picked from commit 74d4bfded98239507511dedb515bc6a54958d5a8) (cherry picked from commit deaa172e7a2ab09656cc9eb431a3e68a73e0bd96) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/2a2888f2 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/2a2888f2 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/2a2888f2 Branch: refs/heads/branch-2.6.1 Commit: 2a2888f2f3e060ef50094b232b995e0cd568e756 Parents: 6518061 Author: Andrew Wang <[email protected]> Authored: Tue Dec 9 10:46:50 2014 -0800 Committer: Vinod Kumar Vavilapalli <[email protected]> Committed: Sun Aug 30 13:41:40 2015 -0700 ---------------------------------------------------------------------- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../crypto/key/kms/KMSClientProvider.java | 4 +++ .../hadoop/crypto/key/kms/server/TestKMS.java | 26 ++++++++++++++++++++ 3 files changed, 33 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/2a2888f2/hadoop-common-project/hadoop-common/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index dcdcfd7..68abb03 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -24,6 +24,9 @@ Release 2.6.1 - UNRELEASED HADOOP-11343. Overflow is not properly handled in caclulating final iv for AES CTR. (Jerry Chen via wang) + HADOOP-11368. Fix SSLFactory truststore reloader thread leak in + KMSClientProvider. (Arun Suresh via wang) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/2a2888f2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index 60faaa5..c5f09de 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -814,6 +814,10 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, encKeyVersionQueue.shutdown(); } catch (Exception e) { throw new IOException(e); + } finally { + if (sslFactory != null) { + sslFactory.destroy(); + } } } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/2a2888f2/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java index 4628e36..fa285ca 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java @@ -306,6 +306,32 @@ public class TestKMS { url.getProtocol().equals("https")); final URI uri = createKMSUri(getKMSUrl()); + if (ssl) { + KeyProvider testKp = new KMSClientProvider(uri, conf); + ThreadGroup threadGroup = Thread.currentThread().getThreadGroup(); + while (threadGroup.getParent() != null) { + threadGroup = threadGroup.getParent(); + } + Thread[] threads = new Thread[threadGroup.activeCount()]; + threadGroup.enumerate(threads); + Thread reloaderThread = null; + for (Thread thread : threads) { + if ((thread.getName() != null) + && (thread.getName().contains("Truststore reloader thread"))) { + reloaderThread = thread; + } + } + Assert.assertTrue("Reloader is not alive", reloaderThread.isAlive()); + testKp.close(); + boolean reloaderStillAlive = true; + for (int i = 0; i < 10; i++) { + reloaderStillAlive = reloaderThread.isAlive(); + if (!reloaderStillAlive) break; + Thread.sleep(1000); + } + Assert.assertFalse("Reloader is still alive", reloaderStillAlive); + } + if (kerberos) { for (String user : new String[]{"client", "client/host"}) { doAs(user, new PrivilegedExceptionAction<Void>() {
