flink-issues mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	"ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject	[jira] [Commented] (FLINK-9878) IO worker threads BLOCKED on SSL Session Cache while CMS full gc
Date	Wed, 18 Jul 2018 16:06:00 GMT
[ https://issues.apache.org/jira/browse/FLINK-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16548014#comment-16548014 ] ASF GitHub Bot commented on FLINK-9878: --------------------------------------- Github user zentol commented on a diff in the pull request: https://github.com/apache/flink/pull/6355#discussion_r203437995 --- Diff: flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java --- @@ -160,4 +160,41 @@ key("security.ssl.verify-hostname") .defaultValue(true) .withDescription("Flag to enable peer’s hostname verification during ssl handshake."); + + /** + * SSL session cache size. + / + public static final ConfigOption<Integer> SSL_SESSION_CACHE_SIZE = + key("security.ssl.session-cache-size") + .defaultValue(-1) + .withDescription("The size of the cache used for storing SSL session objects. " + + "According to https://github.com/netty/netty/issues/832, you should always set " + + "this to an appropriate number to not run into a bug with stalling IO threads " + + "during garbage collection. (-1 = use system default)."); + + /* + * SSL session timeout. + / + public static final ConfigOption<Integer> SSL_SESSION_TIMEOUT = + key("security.ssl.session-timeout") + .defaultValue(-1) + .withDescription("The timeout (in ms) for the cached SSL session objects. (-1 = use system default)"); + + /* + * SSL session timeout during handshakes. + / + public static final ConfigOption<Integer> SSL_HANDSHAKE_TIMEOUT = + key("security.ssl.handshake-timeout") + .defaultValue(-1) + .withDescription("The timeout (in ms) during SSL handshake. (-1 = use system default)"); + + /* + * SSL session timeout after flushing the `close_notify` message. + */ + public static final ConfigOption<Integer> SSL_CLOSE_NOTIFY_FLUSH_TIMEOUT = + key("security.ssl.close-notify-flush-timeout") + .defaultValue(-1) + .withDescription("The timeout (in ms) for flushing the `close_notify` that was triggered by closing a " + --- End diff -- it's not showing up as a code block since that only works for markdown; the description so far was plain-text. > IO worker threads BLOCKED on SSL Session Cache while CMS full gc > ---------------------------------------------------------------- > > Key: FLINK-9878 > URL: https://issues.apache.org/jira/browse/FLINK-9878 > Project: Flink > Issue Type: Bug > Components: Network > Affects Versions: 1.5.0, 1.5.1, 1.6.0 > Reporter: Nico Kruber > Assignee: Nico Kruber > Priority: Major > Labels: pull-request-available > Fix For: 1.5.2, 1.6.0 > > > According to https://github.com/netty/netty/issues/832, there is a JDK issue during garbage collection when the SSL session cache is not limited. We should allow the user to configure this and further (advanced) SSL parameters for fine-tuning to fix this and similar issues. In particular, the following parameters should be configurable: > - SSL session cache size > - SSL session timeout > - SSL handshake timeout > - SSL close notify flush timeout -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Mime	Unnamed text/plain (inline, Quoted Printable, 3627 bytes)
	View raw message