[kudu-CR] [ranger] enhance the robustness of key retrieval

Mon, 23 Sep 2024 19:31:08 -0700 

Hello Zoltan Chovan, Alexey Serbin, Yingchun Lai, Kudu Jenkins,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/21673

to look at the new patch set (#9).

Change subject: [ranger] enhance the robustness of key retrieval
......................................................................

[ranger] enhance the robustness of key retrieval

In real-world scenarios where encryption keys are generated using
Ranger, we might encounter the following error when starting the
cluster:
'master_main.cc:42] Remote error: RunMasterServer() failed: Could not create 
new FS layout: unable to create instance metadata: failed to generate server 
key: HTTP 403'.
This error can be resolved by simply restarting without making any
changes.
Upon investigation, it was found that the keys requested from Ranger
have an effective period of 30 seconds after adding a new user, as
referenced in [1].
To enhance the robustness of the Kudu code, I have added a retry
mechanism for key retrieval in this patch to mitigate the impact of
Ranger user activation periods on the startup process.

Since only retry logic was added, no new unit tests were introduced.
However, I still verified the success rate of the new patch in a
real-world installation, and it reached 100%, which is a significant
improvement compared to the previous 50%.

[1]https://github.com/apache/ranger/blob/4e365456f6533ee5515c5070c92e355198922c81/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java#L92

Change-Id: I1fd3263ad6ba6d8e444036bb7d2158986098cb4b
---
M src/kudu/ranger-kms/ranger_kms_client.cc
1 file changed, 47 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/73/21673/9
--
To view, visit http://gerrit.cloudera.org:8080/21673
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I1fd3263ad6ba6d8e444036bb7d2158986098cb4b
Gerrit-Change-Number: 21673
Gerrit-PatchSet: 9
Gerrit-Owner: KeDeng <kdeng...@gmail.com>
Gerrit-Reviewer: Alexey Serbin <ale...@apache.org>
Gerrit-Reviewer: KeDeng <kdeng...@gmail.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Yingchun Lai <laiyingc...@apache.org>
Gerrit-Reviewer: Zoltan Chovan <zcho...@cloudera.com>

Reply via email to