flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-9878) IO worker threads BLOCKED on SSL Session Cache while CMS full gc
Date Wed, 18 Jul 2018 16:06:00 GMT

    [ https://issues.apache.org/jira/browse/FLINK-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16548014#comment-16548014
] 

ASF GitHub Bot commented on FLINK-9878:
---------------------------------------

Github user zentol commented on a diff in the pull request:

    https://github.com/apache/flink/pull/6355#discussion_r203437995
  
    --- Diff: flink-core/src/main/java/org/apache/flink/configuration/SecurityOptions.java
---
    @@ -160,4 +160,41 @@
     		key("security.ssl.verify-hostname")
     			.defaultValue(true)
     			.withDescription("Flag to enable peer’s hostname verification during ssl handshake.");
    +
    +	/**
    +	 * SSL session cache size.
    +	 */
    +	public static final ConfigOption<Integer> SSL_SESSION_CACHE_SIZE =
    +		key("security.ssl.session-cache-size")
    +			.defaultValue(-1)
    +			.withDescription("The size of the cache used for storing SSL session objects. "
    +				+ "According to https://github.com/netty/netty/issues/832, you should always set
"
    +				+ "this to an appropriate number to not run into a bug with stalling IO threads "
    +				+ "during garbage collection. (-1 = use system default).");
    +
    +	/**
    +	 * SSL session timeout.
    +	 */
    +	public static final ConfigOption<Integer> SSL_SESSION_TIMEOUT =
    +		key("security.ssl.session-timeout")
    +			.defaultValue(-1)
    +			.withDescription("The timeout (in ms) for the cached SSL session objects. (-1 = use
system default)");
    +
    +	/**
    +	 * SSL session timeout during handshakes.
    +	 */
    +	public static final ConfigOption<Integer> SSL_HANDSHAKE_TIMEOUT =
    +		key("security.ssl.handshake-timeout")
    +			.defaultValue(-1)
    +			.withDescription("The timeout (in ms) during SSL handshake. (-1 = use system default)");
    +
    +	/**
    +	 * SSL session timeout after flushing the `close_notify` message.
    +	 */
    +	public static final ConfigOption<Integer> SSL_CLOSE_NOTIFY_FLUSH_TIMEOUT =
    +		key("security.ssl.close-notify-flush-timeout")
    +			.defaultValue(-1)
    +			.withDescription("The timeout (in ms) for flushing the `close_notify` that was triggered
by closing a " +
    --- End diff --
    
    it's not showing up as a code block since that only works for markdown; the description
so far was plain-text.


> IO worker threads BLOCKED on SSL Session Cache while CMS full gc
> ----------------------------------------------------------------
>
>                 Key: FLINK-9878
>                 URL: https://issues.apache.org/jira/browse/FLINK-9878
>             Project: Flink
>          Issue Type: Bug
>          Components: Network
>    Affects Versions: 1.5.0, 1.5.1, 1.6.0
>            Reporter: Nico Kruber
>            Assignee: Nico Kruber
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.5.2, 1.6.0
>
>
> According to https://github.com/netty/netty/issues/832, there is a JDK issue during garbage
collection when the SSL session cache is not limited. We should allow the user to configure
this and further (advanced) SSL parameters for fine-tuning to fix this and similar issues.
In particular, the following parameters should be configurable:
> - SSL session cache size
> - SSL session timeout
> - SSL handshake timeout
> - SSL close notify flush timeout



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message