[GitHub] [hadoop] slfan1989 commented on a diff in pull request #5897: HDFS-17128. Updating SQLDelegationTokenSecretManager to use LoadingCache so tokens are updated frequently.
slfan1989 commented on code in PR #5897:
URL: https://github.com/apache/hadoop/pull/5897#discussion_r1282657547
##
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/DelegationTokenLoadingCache.java:
##
@@ -0,0 +1,116 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.security.token.delegation;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Function;
+import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder;
+import org.apache.hadoop.thirdparty.com.google.common.cache.CacheLoader;
+import org.apache.hadoop.thirdparty.com.google.common.cache.LoadingCache;
+
+
+/**
+ * Cache for delegation tokens that can handle high volume of tokens. A
+ * loading cache will prevent all active tokens from being in memory at the
+ * same time. It will also trigger more requests from the persistent token
storage.
+ */
+public class DelegationTokenLoadingCache implements Map {
+ private LoadingCache internalLoadingCache;
+
+ public DelegationTokenLoadingCache(long cacheExpirationMs, Function
singleEntryFunction) {
+this.internalLoadingCache = CacheBuilder.newBuilder()
+.expireAfterWrite(cacheExpirationMs, TimeUnit.MILLISECONDS)
Review Comment:
Should we consider the limit on the number of caches, because if there is no
limit on the number of caches, will it cause memory shortage?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[GitHub] [hadoop] slfan1989 commented on a diff in pull request #5897: HDFS-17128. Updating SQLDelegationTokenSecretManager to use LoadingCache so tokens are updated frequently.
slfan1989 commented on code in PR #5897:
URL: https://github.com/apache/hadoop/pull/5897#discussion_r1280115270
##
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/DelegationTokenLoadingCache.java:
##
@@ -0,0 +1,116 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.security.token.delegation;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Function;
+import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder;
+import org.apache.hadoop.thirdparty.com.google.common.cache.CacheLoader;
+import org.apache.hadoop.thirdparty.com.google.common.cache.LoadingCache;
+
+
+/**
+ * Cache for delegation tokens that can handle high volume of tokens. A
+ * loading cache will prevent all active tokens from being in memory at the
+ * same time. It will also trigger more requests from the persistent token
storage.
+ */
+public class DelegationTokenLoadingCache implements Map {
+ private LoadingCache internalLoadingCache;
+
+ public DelegationTokenLoadingCache(long cacheExpirationMs, Function
singleEntryFunction) {
+this.internalLoadingCache = CacheBuilder.newBuilder()
+.expireAfterWrite(cacheExpirationMs, TimeUnit.MILLISECONDS)
Review Comment:
Do we need to increase the limit of a number?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[GitHub] [hadoop] slfan1989 commented on a diff in pull request #5897: HDFS-17128. Updating SQLDelegationTokenSecretManager to use LoadingCache so tokens are updated frequently.
slfan1989 commented on code in PR #5897:
URL: https://github.com/apache/hadoop/pull/5897#discussion_r1280112864
##
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/SQLDelegationTokenSecretManager.java:
##
@@ -153,36 +161,60 @@ protected void removeStoredToken(TokenIdent ident) throws
IOException {
}
}
+ @Override
+ protected void removeExpiredStoredToken(TokenIdent ident) {
+try {
+ // Ensure that the token has not been renewed in SQL by
+ // another secret manager
+ DelegationTokenInformation tokenInfo = getTokenInfoFromSQL(ident);
+ if (tokenInfo.getRenewDate() >= Time.now()) {
+LOG.info("Token was renewed by a different router and has not been
deleted: " + ident);
Review Comment:
LOG.info("Token was renewed by a different router and has not been deleted:
{}", ident);
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
