[ https://issues.apache.org/jira/browse/HADOOP-9747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16324755#comment-16324755 ]
Daryn Sharp commented on HADOOP-9747: ------------------------------------- As an update, extremely close, really planned to have a final patch much earlier. I've stripped out all the "intelligence" that analyzed the ugi because it's actually quasi-broken in the sense that it causes kerberos instances to double up in the creds, and as mentioned before, didn't play nice with ranger's (ab)use of the ugi. Thought that would be simple but ran into issues with the "external ugi" hackery. Found graceful way to manage them. Updating/writing more tests. The last thing I'm doing is solving the getLoginUser race. I thought the unlikely race was "ok", but the dubious means of spawning renewals can be a problem. We can't go back to a purely synchronized design because the NN's rpc handlers pile up getting the login user to fetch an EDEK which is the primary motivation for me atm. > Reduce unnecessary UGI synchronization > -------------------------------------- > > Key: HADOOP-9747 > URL: https://issues.apache.org/jira/browse/HADOOP-9747 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0-alpha1 > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Priority: Critical > Attachments: HADOOP-9747-trunk.01.patch, HADOOP-9747-trunk.02.patch, > HADOOP-9747.2.branch-2.patch, HADOOP-9747.2.trunk.patch, > HADOOP-9747.branch-2.patch, HADOOP-9747.trunk.patch > > > Jstacks of heavily loaded NNs show up to dozens of threads blocking in the > UGI. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org