[
https://issues.apache.org/jira/browse/KNOX-2375?focusedWorklogId=440110&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-440110
]
ASF GitHub Bot logged work on KNOX-2375:
----------------------------------------
Author: ASF GitHub Bot
Created on: 02/Jun/20 12:49
Start Date: 02/Jun/20 12:49
Worklog Time Spent: 10m
Work Description: pzampino commented on a change in pull request #337:
URL: https://github.com/apache/knox/pull/337#discussion_r433848858
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/AliasBasedTokenStateService.java
##########
@@ -109,30 +133,52 @@ public long getTokenExpiration(final String tokenId)
throws UnknownTokenExceptio
@Override
protected boolean isUnknown(final String tokenId) {
- boolean isUnknown = false;
- try {
- isUnknown =
(aliasService.getPasswordFromAliasForCluster(AliasService.NO_CLUSTER_NAME,
tokenId) == null);
- } catch (AliasServiceException e) {
- log.errorAccessingTokenState(tokenId, e);
+ boolean isUnknown = super.isUnknown(tokenId);
+
+ // If it's not in the cache, then check the underlying alias
+ if (isUnknown) {
+ try {
+ isUnknown =
(aliasService.getPasswordFromAliasForCluster(AliasService.NO_CLUSTER_NAME,
tokenId) == null);
+ } catch (AliasServiceException e) {
+ log.errorAccessingTokenState(tokenId, e);
+ }
}
return isUnknown;
}
@Override
protected void removeToken(final String tokenId) throws
UnknownTokenException {
- validateToken(tokenId);
-
try {
aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME,
tokenId);
aliasService.removeAliasForCluster(AliasService.NO_CLUSTER_NAME, tokenId
+ TOKEN_MAX_LIFETIME_POSTFIX);
log.removedTokenState(tokenId);
} catch (AliasServiceException e) {
log.failedToRemoveTokenState(tokenId, e);
}
+ super.removeToken(tokenId);
+ }
Review comment:
Yes, that would be better than invoking the individual removal method
twice, now that there is the bulk removal method.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 440110)
Time Spent: 0.5h (was: 20m)
> Token state eviction should access the keystore file less frequently
> --------------------------------------------------------------------
>
> Key: KNOX-2375
> URL: https://issues.apache.org/jira/browse/KNOX-2375
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.4.0
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> When the AliasBasedTokenStateService is employed, the TokenStateService
> reaper loads the keystore file (via the AliasService and KeyStoreService)
> very frequently.
> # It queries all the token-state-related aliases
> # For every token ID
> ## Looks up the token again (validateToken())
> ## Looks up the the token expiration
> ## Removes the token expiration alias
> ## Removes the token max lifetime alias
> This means the KeyStoreService loads the keystore file (1 + 2-to-4-per-token)
> times every eviction interval (default 5 minutes). That means, if there are
> 100 expired tokens and 100 unexpired tokens, the reaper will load the
> keystore file 601 times in one iteration.
> As the keystore file size increases, the already poor performance of loading
> this file degrades even more to the point that the token state reaper can
> consume 100% of the CPU.
> The reaper should operate on the in-memory token state as much as possible,
> and even remove expired token state in bulk (loading / writing the keystore
> file once for all).
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
