You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@uniffle.apache.org by "leixm (via GitHub)" <gi...@apache.org> on 2023/03/28 11:48:28 UTC

[GitHub] [incubator-uniffle] leixm commented on a diff in pull request #773: [#772] fix(kerberos): cache proxy user ugi to avoid memory leak

leixm commented on code in PR #773:
URL: https://github.com/apache/incubator-uniffle/pull/773#discussion_r1150091034


##########
common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java:
##########
@@ -94,8 +98,10 @@ public <T> T runSecured(String user, Callable<T> securedCallable) throws Excepti
 
     // Run with the proxy user.
     if (!user.equals(loginUgi.getShortUserName())) {
+      UserGroupInformation proxyUserUgi =

Review Comment:
   Can we add some comments here to explain why we need cache.



##########
common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java:
##########
@@ -38,6 +40,7 @@ public class HadoopSecurityContext implements SecurityContext {
 
   private UserGroupInformation loginUgi;
   private ScheduledExecutorService refreshScheduledExecutor;
+  private Map<String, UserGroupInformation> proxyUserUgiPool;

Review Comment:
   Normally, this map is sufficient. In our production environment, the maximum size of the FileSystem cache map will not exceed 10w.



##########
common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java:
##########
@@ -38,6 +40,7 @@ public class HadoopSecurityContext implements SecurityContext {
 
   private UserGroupInformation loginUgi;
   private ScheduledExecutorService refreshScheduledExecutor;
+  private Map<String, UserGroupInformation> proxyUserUgiPool;

Review Comment:
   LRU Cache cannot solve the problem, because there is still a map in FileSystem, which will still cause leaks.



##########
common/src/main/java/org/apache/uniffle/common/security/HadoopSecurityContext.java:
##########
@@ -38,6 +40,7 @@ public class HadoopSecurityContext implements SecurityContext {
 
   private UserGroupInformation loginUgi;
   private ScheduledExecutorService refreshScheduledExecutor;
+  private Map<String, UserGroupInformation> proxyUserUgiPool;

Review Comment:
   > Not necessary, the number of hadoop user is limited.
   
   +1.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@uniffle.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@uniffle.apache.org
For additional commands, e-mail: issues-help@uniffle.apache.org