drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keys Botzum <kbot...@mapr.com>
Subject Re: Drill Session ID between Nodes
Date Fri, 23 Jun 2017 12:07:03 GMT
Why is a wildcard certificate a problem? They are quite common. One just needs all of the Drillbits
to share a common domain for the wildcard to be easy and thus avoid having to list individual
hosts.

Are you saying that you can't use hostnames and must use IPs?

In case I'm not clear, here's an example of what I'm saying.

this is good with wildcards: drill1.mydrill.corp.com<http://drill1.mydrill.corp.com>,
drill2.mydrill.corp.com<http://drill2.mydrill.corp.com>, drill3.mydrill.corp.com<http://drill3.mydrill.corp.com>,
drill4.mydrill.corp.com<http://drill4.mydrill.corp.com>,
this is bad with wildcards: drill1, drill2, drill3, drill4


Keys
_______________________________
Keys Botzum
MapR Technologies



On Jun 22, 2017, at 8:24 PM, John Omernik <john@omernik.com<mailto:john@omernik.com>>
wrote:

Would there be interest in finding a way to globalize this? This is
challenging for me and others that may run drill with multi Tennant
orchestrators.  In my particular setup, each node running drill gets added
to an a record automatically giving me HA and distribution of Rest API
queries.  It also allows me to have a single certificate for my cluster
rather than managing certificates on a individual basis.   I set things up
to connect via IP but then I had certificate mismatch warnings. My goal is
to find a way to connect to the rest API , while maintaining a session to
single node, with out sacrificing HA and balancing and with compromising
ssl security.   I know it's a tall order, but if there I ideas outside of a
global state management I am all ears.

Note some ideas I've also considered:

1.  using a load balancer that would allow me to pin connections.  Not
ideal because it's another service to manage but it would work.

2. There may be a way to hack things with a wild card cert but it's seems
complicated and fragile.

On Jun 22, 2017 5:47 PM, "Sorabh Hamirwasia" <shamirwasia@mapr.com<mailto:shamirwasia@mapr.com>>
wrote:

Hi John,
As Paul mentioned session ID's are not global. Each session is part of the
BitToUserConnection instance created for a connection between Drillbit and
client. Hence it's local to that Drillbit only and the lifetime of the
session is tied to lifetime of the connection. You can find the code here<
https://github.com/apache/drill/blob/master/exec/
java-exec/src/main/java/org/apache/drill/exec/rpc/user/
UserServer.java#L102>.

Thanks,
Sorabh

________________________________
From: Paul Rogers <progers@mapr.com>
Sent: Thursday, June 22, 2017 2:19:50 PM
To: user@drill.apache.org
Subject: Re: Drill Session ID between Nodes

Hi John,

I do not believe that session IDs are global. Each Drillbit maintains its
own concept of sessions. A global session would require some centralized
registry of sessions, which Drill does not have.

Would be great if someone can confirm…

- Paul

On Jun 22, 2017, at 12:14 PM, John Omernik <john@omernik.com> wrote:

When I log onto a drill node, and get Session Id, if I connect to another
drill node in the cluster will the session id be valid?

I am guessing not, but want to validate.

My conumdrum, I have my Drill cluster running in such a way that the
connections to the nodes are load balanced via DNS. However, if I get a
DNS
IP while in session it appears to invalidate, and thus forces me to log
on...



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message