You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Andrew Kyle Purtell (Jira)" <ji...@apache.org> on 2022/06/17 18:25:00 UTC

[jira] [Resolved] (HBASE-12578) Change TokenProvider to a SingletonCoprocessorService

     [ https://issues.apache.org/jira/browse/HBASE-12578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Kyle Purtell resolved HBASE-12578.
-----------------------------------------
    Resolution: Won't Fix

> Change TokenProvider to a SingletonCoprocessorService
> -----------------------------------------------------
>
>                 Key: HBASE-12578
>                 URL: https://issues.apache.org/jira/browse/HBASE-12578
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Gary Helmling
>            Priority: Major
>
> The {{TokenProvider}} coprocessor service, which is responsible for issuing HBase delegation tokens, currently runs a region endpoint.  In the security documentation, we recommend configuring this coprocessor for all table regions, however, we only ever address delegation token requests to the META region.
> When {{TokenProvider}} was first added, region coprocessors were the only way of adding endpoints.  But, since then, we've added support for endpoints for regionserver and master coprocessors.  This makes loading {{TokenProvider}} on all table regions unnecessarily wasteful.
> We can reduce the overhead for {{TokenProvider}} and greatly improve it's scalability by doing the following:
> # Convert {{TokenProvider}} to a {{SingletonCoprocessorService}} that is configured to run on all regionservers.  This will ensure a single instance per regionserver instead of one per region.
> # Direct delegation token requests to a random running regionserver so that we don't hotspot any single instance with requests.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)