Benjamin Mahler created MESOS-10056:
---------------------------------------
Summary: Perform synchronous authorization for scheduler calls.
Key: MESOS-10056
URL: https://issues.apache.org/jira/browse/MESOS-10056
Project: Mesos
Issue Type: Improvement
Components: master
Reporter: Benjamin Mahler
After chatting with [~asekretenko] about how best to resolve MESOS-10023, as an
alternative to making all scheduler calls get sequenced through an asynchronous
authorization step, I brought up the old idea of making authorization
synchronous.
This came up (although I can't find a ticket for it) in the past because the
master event stream outgoing message authorization becomes very expensive for a
large number of subscribers (cc [~greggomann]). Back then, I suggested that we
always hold on to valid object approvers so that we could synchronously (and
cheaply) authorize the outgoing events. These object approvers would be kept up
to date in the background, and if authorization fails to keep them up to date,
we would treat that the same as an authorization failure is currently treated.
We can apply the same idea (although we haven't applied it to the master's
event stream yet) to scheduler API calls, which should help resolve MESOS-10023
since we're no longer mixing asynchronously authorized calls with calls that
don't go through authorization.
This will also yield a performance improvement, scheduler calls no longer get
delayed by asynchronous authorization, and an extra trip through the master
queue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
