[jira] [Commented] (ACCUMULO-3890) Use of CredentialProvider results in a lot of NN ops

Mon, 08 Jun 2015 12:22:20 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-3890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14577680#comment-14577680
 ] 

Josh Elser commented on ACCUMULO-3890:
--------------------------------------

bq. Granted the existing publicly available implementations are all based on 
something file-like. But you never know what's coming in the future...and 
moving secrets into an external store and hooking them up via the 
CredentialProvider is an appealing story.

I'm not sure if you're trying to be coy, but we can't really design for 
something we don't know is coming. If you have something that we can keep in 
mind to avoid invalidating any changes we make, please tell us now so we can 
fix this once.

bq. I had a peek at some of the latest CredentialProvider code; the 
getCredentialEntry() call does have a cache, but I don't see any calls to 
actually populate that cache. Wonder what's going on there; you might want to 
investigate that bit first.

Looking at branch-2.7, I still don't see anything that adds to that cache like 
you mentioned. [~lmccay] do you know if it's a known issue that the JKS 
provider doesn't put elements into the cache (or did we just miss how that 
happens)? If the cache isn't being used properly, we should fix this in Hadoop 
(and maybe add a patch into Accumulo to prevent it from bashing the NN to 
pieces on the broken versions).

> Use of CredentialProvider results in a lot of NN ops
> ----------------------------------------------------
>
>                 Key: ACCUMULO-3890
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3890
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.6.1, 1.6.2, 1.7.0
>            Reporter: Billie Rinaldi
>            Assignee: Billie Rinaldi
>             Fix For: 1.6.3, 1.7.1, 1.8.0
>
>
> Every time we access a sensitive property or iterate over a configuration 
> when there is a CredentialProvider configured, it results in NN operations 
> (as evidenced by FSNamesystem.audit logs).  I think that we could assume the 
> CredentialProvider is static, read its properties once and cache them in 
> memory to avoid these unnecessary reads.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to