[
https://issues.apache.org/jira/browse/HDFS-13603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849473#comment-17849473
]
ASF GitHub Bot commented on HDFS-13603:
---------------------------------------
yzhang559 commented on code in PR #6774:
URL: https://github.com/apache/hadoop/pull/6774#discussion_r1614786685
##########
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSDirEncryptionZoneOp.java:
##########
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hdfs.server.namenode;
+
+import java.io.IOException;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
+import org.apache.hadoop.hdfs.server.common.HdfsServerConstants.NamenodeRole;
+
+import org.junit.Test;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+public class TestFSDirEncryptionZoneOp {
+
+ @Test
+ public void testWarmUpEdekCacheRetries() throws IOException {
+ NameNode.initMetrics(new Configuration(), NamenodeRole.NAMENODE);
+
+ final int initialDelay = 100;
+ final int retryInterval = 100;
+ final int maxRetries = 2;
+
+ KeyProviderCryptoExtension kpMock = mock(KeyProviderCryptoExtension.class);
+
+ doThrow(new IOException())
+ .doThrow(new IOException())
+ .doAnswer(invocation -> null)
+ .when(kpMock).warmUpEncryptedKeys(any());
+
+ FSDirEncryptionZoneOp.EDEKCacheLoader loader =
+ new FSDirEncryptionZoneOp.EDEKCacheLoader(new String[] {"edek1",
"edek2"}, kpMock,
+ initialDelay, retryInterval, maxRetries);
+
+ loader.run();
+
+ verify(kpMock, times(maxRetries)).warmUpEncryptedKeys(any());
+ }
+}
Review Comment:
it's tricky to test it here. Added one ut in
[TestValueQueue.java](https://github.com/apache/hadoop/pull/6774/commits/93e9cb1d8e2a06f27eef7f48ffcd1914a1b0b409#diff-91a27146ffcf47f09845b86f96aaa41123d46f5174dd5915e5e82b3466c3bc0f)
> Warmup NameNode EDEK thread retries continuously if there's an invalid key
> ---------------------------------------------------------------------------
>
> Key: HDFS-13603
> URL: https://issues.apache.org/jira/browse/HDFS-13603
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption, namenode
> Affects Versions: 2.8.0
> Reporter: Antony Jay
> Priority: Major
> Labels: pull-request-available
>
> https://issues.apache.org/jira/browse/HDFS-9405 adds a background thread to
> pre-warm EDEK cache.
> However this fails and retries continuously if key retrieval fails for one
> encryption zone. In our usecase, we have temporarily removed keys for certain
> encryption zones. Currently namenode and kms log is filled up with errors
> related to background thread retrying warmup for ever .
> The pre-warm thread should
> * Continue to refresh other encryption zones even if it fails for one
> * Should retry only if it fails for all encryption zones, which will be the
> case when kms is down.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
