You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Andrew Kyle Purtell (Jira)" <ji...@apache.org> on 2022/06/17 18:25:00 UTC
[jira] [Resolved] (HBASE-12578) Change TokenProvider to a SingletonCoprocessorService
[ https://issues.apache.org/jira/browse/HBASE-12578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Kyle Purtell resolved HBASE-12578.
-----------------------------------------
Resolution: Won't Fix
> Change TokenProvider to a SingletonCoprocessorService
> -----------------------------------------------------
>
> Key: HBASE-12578
> URL: https://issues.apache.org/jira/browse/HBASE-12578
> Project: HBase
> Issue Type: Improvement
> Components: security
> Reporter: Gary Helmling
> Priority: Major
>
> The {{TokenProvider}} coprocessor service, which is responsible for issuing HBase delegation tokens, currently runs a region endpoint. In the security documentation, we recommend configuring this coprocessor for all table regions, however, we only ever address delegation token requests to the META region.
> When {{TokenProvider}} was first added, region coprocessors were the only way of adding endpoints. But, since then, we've added support for endpoints for regionserver and master coprocessors. This makes loading {{TokenProvider}} on all table regions unnecessarily wasteful.
> We can reduce the overhead for {{TokenProvider}} and greatly improve it's scalability by doing the following:
> # Convert {{TokenProvider}} to a {{SingletonCoprocessorService}} that is configured to run on all regionservers. This will ensure a single instance per regionserver instead of one per region.
> # Direct delegation token requests to a random running regionserver so that we don't hotspot any single instance with requests.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)