Josh Elser created HBASE-23679: ---------------------------------- Summary: FileSystem instance leaks due to bulk loads with Kerberos enabled Key: HBASE-23679 URL: https://issues.apache.org/jira/browse/HBASE-23679 Project: HBase Issue Type: Bug Reporter: Josh Elser Assignee: Josh Elser
Spent the better part of a week chasing an issue on HBase 2.x where the number of DistributedFileSystem instances on the heap of a RegionServer would grow unbounded. Looking at multiple heap-dumps, it was obvious to see that we had an immense number of DFS instances cached (in FileSystem$Cache) for the same user, with the unique number of Tokens contained in that DFS's UGI member (one hbase delegation token, and two HDFS delegation tokens – we only do this for bulk loads). For the user's clusters, they eventually experienced 10x perf degradation as RegionServers spent all of their time in JVM GC (they were unlucky to not have RegionServers crash outright, as this would've, albeit temporarily, fixed the issue). The problem seems to be two-fold with changes by HBASE-15291 being largely the cause. This issue tried to close FileSystem instances which were being leaked – however, it did this by instrumenting the method {{SecureBulkLoadManager.cleanupBulkLoad(..)}}. Two big issues with this approach: 1. It relies on clients to call this method (client's hanging up will leak resources in RegionServers) 2. This method is only called on the RegionServer hosting the first Region of the table which was bulk-loaded into. For multiple RegionServers, they are left to leak resources. HBASE-21342 later tried to fix an issue where FS objects were now being closed prematurely via reference-counting (which appears to work fine), but does not address the other two issues above. Through all of this, I (re)learned the dirty history of UGI and how its caching doesn't work so great HADOOP-6670. I see trying to continue to leverage the FileSystem$CACHE as a potentially dangerous thing (we've been back here multiple times already). My opinion at this point is that we should cleanly create a new FileSystem instance during the call to {{SecureBulkLoadManager#secureBulkLoadHFiles(..)}} and close it in a finally block in that same method. This both simplifies the lifecycle of a FileSystem instance in the bulk-load codepath but also helps us avoid future problems with UGI and FS caching. The one downside is that we pay the penalty to create a new FileSystem instance, but I'm of the opinion that we cross that bridge when we get there. Thanks for [~jdcryans] and [~busbey] for their help along the way. -- This message was sent by Atlassian Jira (v8.3.4#803005)