phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-3189) HBase/ZooKeeper connection leaks when providing principal/keytab in JDBC url
Date Wed, 17 Aug 2016 17:47:21 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15425017#comment-15425017
] 

ASF GitHub Bot commented on PHOENIX-3189:
-----------------------------------------

GitHub user joshelser opened a pull request:

    https://github.com/apache/phoenix/pull/191

    PHOENIX-3189 Perform Kerberos login before ConnectionInfo is constructed

    Now that ConnectionInfo has the current User/UGI stored inside, we must
    make sure that any automatic Kerberos login occurs before the ConnectionInfo
    object is constructed. Otherwise, we will have multiple instances of
    ConnectionInfo that differ only by the User, which will leak HBase/ZK
    connections in the connectionQueryServicesMap.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/joshelser/phoenix 3189-secure-cnxninfo

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/phoenix/pull/191.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #191
    
----
commit ac4184b9ec52ab261fc4d9f73edc6676eb421d79
Author: Josh Elser <elserj@apache.org>
Date:   2016-08-17T17:34:59Z

    PHOENIX-3189 Perform Kerberos login before ConnectionInfo is constructed
    
    Now that ConnectionInfo has the current User/UGI stored inside, we must
    make sure that any automatic Kerberos login occurs before the ConnectionInfo
    object is constructed. Otherwise, we will have multiple instances of
    ConnectionInfo that differ only by the User, which will leak HBase/ZK
    connections in the connectionQueryServicesMap.

----


> HBase/ZooKeeper connection leaks when providing principal/keytab in JDBC url
> ----------------------------------------------------------------------------
>
>                 Key: PHOENIX-3189
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3189
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Blocker
>             Fix For: 4.8.1
>
>
> We've been doing some more testing after PHOENIX-3126 and, with the help of [~arpitgupta]
and [~harsha_ch], we've found an issue in a test between Storm and Phoenix.
> Storm was configured to create a JDBC Bolt, specifying the principal and keytab in the
JDBC URL, relying on PhoenixDriver to do the Kerberos login for them. After PHOENIX-3126,
a ZK server blacklisted the host running the bolt, and we observed that there were over 140
active ZK threads in the JVM.
> This results in a subtle change where every time the client tries to get a new Connection,
we end up getting a new UGI instance (because the {{ConnectionQueryServicesImpl#openConnection()}}
always does a new login).
> If users are correctly caching Connections, there isn't an issue (best as I can presently
tell). However, if users rely on the getting the same connection every time (the pre-PHOENIX-3126),
they will saturate their local JVM with connections and crash.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message