[ https://issues.apache.org/jira/browse/MESOS-10056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17032564#comment-17032564 ]
Andrei Sekretenko edited comment on MESOS-10056 at 3/3/20 2:24 PM: ------------------------------------------------------------------- [https://reviews.apache.org/r/72094] [https://reviews.apache.org/r/72095] [https://reviews.apache.org/r/72089] [https://reviews.apache.org/r/72093] [https://reviews.apache.org/r/72096] [https://reviews.apache.org/r/72097] [https://reviews.apache.org/r/72169] [https://reviews.apache.org/r/72098] [https://reviews.apache.org/r/72099] [https://reviews.apache.org/r/72170] was (Author: asekretenko): [https://reviews.apache.org/r/72094] [https://reviews.apache.org/r/72095] [https://reviews.apache.org/r/72089] [https://reviews.apache.org/r/72093] [https://reviews.apache.org/r/72096] [https://reviews.apache.org/r/72097] [https://reviews.apache.org/r/72169] [https://reviews.apache.org/r/72098] [https://reviews.apache.org/r/72099] > Perform synchronous authorization for scheduler calls. > ------------------------------------------------------ > > Key: MESOS-10056 > URL: https://issues.apache.org/jira/browse/MESOS-10056 > Project: Mesos > Issue Type: Improvement > Components: master > Reporter: Benjamin Mahler > Assignee: Andrei Sekretenko > Priority: Major > > After chatting with [~asekretenko] about how best to resolve MESOS-10023, as > an alternative to making all scheduler calls get sequenced through an > asynchronous authorization step, I brought up the old idea of making > authorization synchronous. > This came up (although I can't find a ticket for it) in the past because the > master event stream outgoing message authorization becomes very expensive for > a large number of subscribers (cc [~greggomann]). Back then, I suggested that > we always hold on to valid object approvers so that we could synchronously > (and cheaply) authorize the outgoing events. These object approvers would be > kept up to date in the background, and if authorization fails to keep them up > to date, we would treat that the same as an authorization failure is > currently treated. > We can apply the same idea (although we haven't applied it to the master's > event stream yet) to scheduler API calls, which should help resolve > MESOS-10023 since we're no longer mixing asynchronously authorized calls with > calls that don't go through authorization. > This will also yield a performance improvement, scheduler calls no longer get > delayed by asynchronous authorization, and an extra trip through the master > queue. -- This message was sent by Atlassian Jira (v8.3.4#803005)