[jira] [Comment Edited] (MESOS-10056) Perform synchronous authorization for scheduler calls.

Fri, 21 Feb 2020 13:59:22 -0800 


    [ 
https://issues.apache.org/jira/browse/MESOS-10056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17032564#comment-17032564
 ] 

Andrei Sekretenko edited comment on MESOS-10056 at 2/21/20 9:58 PM:
--------------------------------------------------------------------

[https://reviews.apache.org/r/72094
[https://reviews.apache.org/r/72095]
|https://reviews.apache.org/r/72090] [https://reviews.apache.org/r/72089]
 [https://reviews.apache.org/r/72093]
 [|https://reviews.apache.org/r/72094] [https://reviews.apache.org/r/72096]
 [https://reviews.apache.org/r/72097]
 [https://reviews.apache.org/r/72098]
 [https://reviews.apache.org/r/72099]


was (Author: asekretenko):
[https://reviews.apache.org/r/72094
https://reviews.apache.org/r/72095
|https://reviews.apache.org/r/72090] [https://reviews.apache.org/r/72089]
 [https://reviews.apache.org/r/72093]
 [|https://reviews.apache.org/r/72094] [https://reviews.apache.org/r/72096]
 [https://reviews.apache.org/r/72097]
 [https://reviews.apache.org/r/72098]
 [https://reviews.apache.org/r/72099]

> Perform synchronous authorization for scheduler calls.
> ------------------------------------------------------
>
>                 Key: MESOS-10056
>                 URL: https://issues.apache.org/jira/browse/MESOS-10056
>             Project: Mesos
>          Issue Type: Improvement
>          Components: master
>            Reporter: Benjamin Mahler
>            Assignee: Andrei Sekretenko
>            Priority: Major
>
> After chatting with [~asekretenko] about how best to resolve MESOS-10023, as 
> an alternative to making all scheduler calls get sequenced through an 
> asynchronous authorization step, I brought up the old idea of making 
> authorization synchronous.
> This came up (although I can't find a ticket for it) in the past because the 
> master event stream outgoing message authorization becomes very expensive for 
> a large number of subscribers (cc [~greggomann]). Back then, I suggested that 
> we always hold on to valid object approvers so that we could synchronously 
> (and cheaply) authorize the outgoing events. These object approvers would be 
> kept up to date in the background, and if authorization fails to keep them up 
> to date, we would treat that the same as an authorization failure is 
> currently treated.
> We can apply the same idea (although we haven't applied it to the master's 
> event stream yet) to scheduler API calls, which should help resolve 
> MESOS-10023 since we're no longer mixing asynchronously authorized calls with 
> calls that don't go through authorization.
> This will also yield a performance improvement, scheduler calls no longer get 
> delayed by asynchronous authorization, and an extra trip through the master 
> queue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to