[
https://issues.apache.org/jira/browse/HDFS-13603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17841384#comment-17841384
]
ASF GitHub Bot commented on HDFS-13603:
---------------------------------------
yzhang559 opened a new pull request, #6774:
URL: https://github.com/apache/hadoop/pull/6774
<!--
Thanks for sending a pull request!
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
2. Make sure your PR title starts with JIRA issue id, e.g.,
'HADOOP-17799. Your PR title ...'.
-->
### Description of PR
JIRA = HDFS-13603
The ekek cache warm up thread should not fail the whole warmup of other keys
if an invalid key is encountered.
We have observed infinite retries to KMS if one of Encryption Key is not
available.
Change it to
- Only throw IOException if cache warmup fail for all keys, continue to
warmup other keys.
- Should retry only if it fails for all keys, and add a config for the retry
limit.
### How was this patch tested?
Added unit test TestFSDirEncryptionZoneOp for retry behavior
Related unit tests
```
mvn test
-Dtest=TestEncryptionZones,TestEncryptionZonesWithKMS,TestFSDirEncryptionZoneOp
[INFO] Running org.apache.hadoop.hdfs.TestEncryptionZones
[INFO] Tests run: 44, Failures: 0, Errors: 0, Skipped: 0, Time elapsed:
137.217 s - in org.apache.hadoop.hdfs.TestEncryptionZones
[INFO] Running org.apache.hadoop.hdfs.TestEncryptionZonesWithKMS
[INFO] Tests run: 47, Failures: 0, Errors: 0, Skipped: 0, Time elapsed:
187.815 s - in org.apache.hadoop.hdfs.TestEncryptionZonesWithKMS
[INFO] Running
org.apache.hadoop.hdfs.server.namenode.TestFSDirEncryptionZoneOp
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.331
s - in org.apache.hadoop.hdfs.server.namenode.TestFSDirEncryptionZoneOp
mvn test -Dtest=TestValueQueue
[INFO] Running org.apache.hadoop.crypto.key.TestValueQueue
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed:
11.893 s - in org.apache.hadoop.crypto.key.TestValueQueue
```
### For code changes:
- [x] Does the title or this PR starts with the corresponding JIRA issue id
(e.g. 'HADOOP-17799. Your PR title ...')?
- [ ] Object storage: have the integration tests been executed and the
endpoint declared according to the connector-specific documentation? NA
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)? NA
- [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`,
`NOTICE-binary` files? NA
> Warmup NameNode EDEK thread retries continuously if there's an invalid key
> ---------------------------------------------------------------------------
>
> Key: HDFS-13603
> URL: https://issues.apache.org/jira/browse/HDFS-13603
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption, namenode
> Affects Versions: 2.8.0
> Reporter: Antony Jay
> Priority: Major
>
> https://issues.apache.org/jira/browse/HDFS-9405 adds a background thread to
> pre-warm EDEK cache.
> However this fails and retries continuously if key retrieval fails for one
> encryption zone. In our usecase, we have temporarily removed keys for certain
> encryption zones. Currently namenode and kms log is filled up with errors
> related to background thread retrying warmup for ever .
> The pre-warm thread should
> * Continue to refresh other encryption zones even if it fails for one
> * Should retry only if it fails for all encryption zones, which will be the
> case when kms is down.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
