Skip to content

HADOOP-18922: Race condition in ZKDelegationTokenSecretManager creating znode #6150

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 12, 2023
Merged

HADOOP-18922: Race condition in ZKDelegationTokenSecretManager creating znode #6150

merged 4 commits into from
Oct 12, 2023

Conversation

risdenk
Copy link
Contributor

@risdenk risdenk commented Oct 5, 2023

Description of PR

Fixes race condition in ZKDelegationTokenSecretManager creating znode

How was this patch tested?

Confirmed that this avoids issue w/ Apache Solr in apache/solr#1743

For code changes:

  • Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?

@risdenk risdenk mentioned this pull request Oct 5, 2023
Merged
1 task
@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 27s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ trunk Compile Tests _
+1 💚 mvninstall 33m 4s trunk passed
+1 💚 compile 10m 44s trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 compile 9m 31s trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 checkstyle 0m 52s trunk passed
+1 💚 mvnsite 1m 9s trunk passed
+1 💚 javadoc 0m 59s trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javadoc 0m 41s trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 spotbugs 1m 41s trunk passed
+1 💚 shadedclient 22m 23s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 0m 38s the patch passed
+1 💚 compile 10m 3s the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javac 10m 3s the patch passed
+1 💚 compile 9m 30s the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 javac 9m 30s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
-0 ⚠️ checkstyle 0m 51s /results-checkstyle-hadoop-common-project_hadoop-common.txt hadoop-common-project/hadoop-common: The patch generated 1 new + 3 unchanged - 0 fixed = 4 total (was 3)
+1 💚 mvnsite 1m 11s the patch passed
+1 💚 javadoc 0m 52s the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javadoc 0m 42s the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 spotbugs 1m 44s the patch passed
+1 💚 shadedclient 22m 18s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 16m 23s hadoop-common in the patch passed.
+1 💚 asflicense 0m 49s The patch does not generate ASF License warnings.
149m 25s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/1/artifact/out/Dockerfile
GITHUB PR #6150
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname Linux 974e735865ff 4.15.0-212-generic #223-Ubuntu SMP Tue May 23 13:09:22 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / b21a4fd
Default Java Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/1/testReport/
Max. process+thread count 1613 (vs. ulimit of 5500)
modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/1/console
versions git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@hadoop-yetus
Copy link

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 28s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
+1 💚 test4tests 0m 0s The patch appears to include 1 new or modified test files.
_ trunk Compile Tests _
+1 💚 mvninstall 32m 17s trunk passed
+1 💚 compile 10m 53s trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 compile 9m 34s trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 checkstyle 0m 54s trunk passed
+1 💚 mvnsite 1m 10s trunk passed
+1 💚 javadoc 0m 58s trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javadoc 0m 44s trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 spotbugs 1m 42s trunk passed
+1 💚 shadedclient 22m 29s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 0m 38s the patch passed
+1 💚 compile 9m 51s the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javac 9m 51s the patch passed
+1 💚 compile 9m 33s the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 javac 9m 33s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
-0 ⚠️ checkstyle 0m 48s /results-checkstyle-hadoop-common-project_hadoop-common.txt hadoop-common-project/hadoop-common: The patch generated 1 new + 23 unchanged - 0 fixed = 24 total (was 23)
+1 💚 mvnsite 1m 10s the patch passed
+1 💚 javadoc 0m 55s the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javadoc 0m 42s the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 spotbugs 1m 45s the patch passed
+1 💚 shadedclient 23m 53s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 16m 21s hadoop-common in the patch passed.
+1 💚 asflicense 0m 50s The patch does not generate ASF License warnings.
150m 48s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/2/artifact/out/Dockerfile
GITHUB PR #6150
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname Linux 95371e7361c6 4.15.0-212-generic #223-Ubuntu SMP Tue May 23 13:09:22 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 8c39d70
Default Java Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/2/testReport/
Max. process+thread count 1276 (vs. ulimit of 5500)
modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/2/console
versions git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@hadoop-yetus
Copy link

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 29s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 1s codespell was not available.
+0 🆗 detsecrets 0m 1s detect-secrets was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
+1 💚 test4tests 0m 0s The patch appears to include 1 new or modified test files.
_ trunk Compile Tests _
+1 💚 mvninstall 31m 50s trunk passed
+1 💚 compile 10m 48s trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 compile 9m 38s trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 checkstyle 0m 51s trunk passed
+1 💚 mvnsite 1m 11s trunk passed
+1 💚 javadoc 0m 59s trunk passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javadoc 0m 42s trunk passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 spotbugs 1m 41s trunk passed
+1 💚 shadedclient 22m 17s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 0m 39s the patch passed
+1 💚 compile 9m 46s the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javac 9m 46s the patch passed
+1 💚 compile 9m 50s the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 javac 9m 50s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 checkstyle 0m 48s the patch passed
+1 💚 mvnsite 1m 10s the patch passed
+1 💚 javadoc 0m 54s the patch passed with JDK Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04
+1 💚 javadoc 0m 42s the patch passed with JDK Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
+1 💚 spotbugs 1m 42s the patch passed
+1 💚 shadedclient 26m 30s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 16m 23s hadoop-common in the patch passed.
+1 💚 asflicense 0m 49s The patch does not generate ASF License warnings.
152m 34s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/3/artifact/out/Dockerfile
GITHUB PR #6150
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname Linux e37a8037cacb 4.15.0-212-generic #223-Ubuntu SMP Tue May 23 13:09:22 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 26c2333
Default Java Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.20.1+1-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_382-8u382-ga-1~20.04.1-b05
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/3/testReport/
Max. process+thread count 1276 (vs. ulimit of 5500)
modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6150/3/console
versions git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

Hexiaoqiao
Hexiaoqiao approved these changes Oct 9, 2023
View reviewed changes
Copy link
Contributor

@Hexiaoqiao Hexiaoqiao left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch. LGTM. +1 from my side.

Confirmed that this avoids issue w/ Apache Solr in apache/solr#1743

One nit comment, I am confused the relationship with apache/solr#1743 from the description of PR.

@risdenk
Copy link
Contributor Author

risdenk commented Oct 9, 2023

One nit comment, I am confused the relationship with apache/solr#1743 from the description of PR.

Apache Solr spins up multiple nodes and uses Hadoop authentication framework for testing. apache/solr#1743 upgraded to Hadoop 3.3.6. This found the race condition. I tested replacing ZKDelegationTokenSecretManager in Apache Solr to make sure this would address the issue. Apache Solr doesn't want to ship modified Hadoop jars so I reverted those changes and put in a workaround to create the necessary znodes before getting to ZKDelegationTokenSecretManager. I would remove the creation of the znode introduced in apache/solr#1743 once a Hadoop release happens with a fix for this.

@Hexiaoqiao
Copy link
Contributor

Got it. Make sense to me. Will commit while no more comment for two workdays. Thanks.

@Hexiaoqiao Hexiaoqiao merged commit 5c22934 into apache:trunk Oct 12, 2023
@Hexiaoqiao
Copy link
Contributor

Committed to trunk. Thanks @risdenk for your contribution!

@risdenk risdenk mentioned this pull request Oct 12, 2023
Merged
risdenk added a commit to risdenk/hadoop that referenced this pull request Oct 12, 2023
@risdenk
HADOOP-18922. Race condition in ZKDelegationTokenSecretManager creati…
a149750 
…ng znode (apache#6150). Contributed by Kevin Risden.

Signed-off-by: He Xiaoqiao <hexiaoqiao@apache.org>
@risdenk risdenk deleted the HADOOP-18922 branch October 12, 2023 16:12
@risdenk
Copy link
Contributor Author

risdenk commented Oct 12, 2023

Thanks @Hexiaoqiao backport to branch-3.3 PR - #6179

Hexiaoqiao pushed a commit that referenced this pull request Oct 17, 2023
@risdenk
HADOOP-18922. Race condition in ZKDelegationTokenSecretManager creati…
78fc23e 
…ng znode (#6150). Contributed by Kevin Risden. (#6179)

Signed-off-by: He Xiaoqiao <hexiaoqiao@apache.org>
jiajunmao pushed a commit to jiajunmao/hadoop-MLEC that referenced this pull request Feb 6, 2024
@risdenk @jiajunmao
HADOOP-18922. Race condition in ZKDelegationTokenSecretManager creati…
6535147 
…ng znode (apache#6150). Contributed by Kevin Risden.

Signed-off-by: He Xiaoqiao <hexiaoqiao@apache.org>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@Hexiaoqiao Hexiaoqiao Hexiaoqiao approved these changes

Assignees
No one assigned
Labels
Common trunk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@risdenk @hadoop-yetus @Hexiaoqiao