You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Eugene Koifman (JIRA)" <ji...@apache.org> on 2017/10/02 19:17:03 UTC
[jira] [Updated] (HIVE-16361) Automatically kill runaway client
processes
[ https://issues.apache.org/jira/browse/HIVE-16361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Koifman updated HIVE-16361:
----------------------------------
Description:
HIVE-13249 added an enforceable limit on how many transactions can be opened concurrently where the system starts to reject new work to prevent the system getting to a point where it cannot manage the load.
Another condition to guard against is a runaway process (which would usually be some app (e.g. Storm) using Streaming Ingest API) that create a very large number of transactions very quickly all of which immediately get aborted due to some misconfiguration. This can cause large amount of metatdata to accumulate in the ACID system slowing everything down and causing instability.
Now that we have TXNS.TXN_AGENT_INFO information we could probably use that to refuse work from a client even before we open any txns if it passes some "runaway client" heuristic.
This is like an unintentional DOS attack
was:
HIVE-13249 added an enforceable limit on how many transactions can be opened concurrently where the system starts to reject new work to prevent the system getting to a point where it cannot manage the load.
Another condition to guard against is a runaway process (which would usually be some app (e.g. Storm) using Streaming Ingest API) that create a very large number of transactions very quickly all of which immediately get aborted due to some misconfiguration. This can cause large amount of metatdata to accumulate in the ACID system slowing everything down and causing instability.
Now that we have TXNS.TXN_AGENT_INFO information we could probably use that refuse work from a client even before we open any txns if it passes some "runaway client" heuristic.
This is like an unintentional DOS attack
> Automatically kill runaway client processes
> --------------------------------------------
>
> Key: HIVE-16361
> URL: https://issues.apache.org/jira/browse/HIVE-16361
> Project: Hive
> Issue Type: Improvement
> Components: Transactions
> Affects Versions: 1.0.0
> Reporter: Eugene Koifman
> Priority: Critical
>
> HIVE-13249 added an enforceable limit on how many transactions can be opened concurrently where the system starts to reject new work to prevent the system getting to a point where it cannot manage the load.
> Another condition to guard against is a runaway process (which would usually be some app (e.g. Storm) using Streaming Ingest API) that create a very large number of transactions very quickly all of which immediately get aborted due to some misconfiguration. This can cause large amount of metatdata to accumulate in the ACID system slowing everything down and causing instability.
> Now that we have TXNS.TXN_AGENT_INFO information we could probably use that to refuse work from a client even before we open any txns if it passes some "runaway client" heuristic.
> This is like an unintentional DOS attack
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)