You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2018/08/16 21:37:17 UTC
[mesos] 02/04: Added a scheduler flag for max authentication
timeout interval.
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit a526bd43e4393d635868196368f9200eab54c3db
Author: Meng Zhu <mz...@mesosphere.io>
AuthorDate: Thu Aug 16 14:35:09 2018 -0700
Added a scheduler flag for max authentication timeout interval.
`flags.authentication_timeout_max` controls the
maximum amount of time the scheduler waits before retrying
authenticating with the master after a failed attempt.
Also updated descriptions for related flags
`flags.authentication_timeout` and
`flags.authentication_backoff_factor`.
Also deprecated `flags.authentication_timeout` in favor
of `authentication_timeout_min`.
Also updated documentations regarding configuration and
authentication.
Review: https://reviews.apache.org/r/68347/
---
docs/authentication.md | 19 +++++++++++++++++++
src/sched/constants.hpp | 21 ++++++++++-----------
src/sched/flags.hpp | 32 ++++++++++++++++++++++----------
src/sched/sched.cpp | 8 ++++----
src/tests/authentication_tests.cpp | 2 +-
5 files changed, 56 insertions(+), 26 deletions(-)
diff --git a/docs/authentication.md b/docs/authentication.md
index f8fc6a9..f63b98f 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -115,6 +115,25 @@ Mesos master and agent processes. For more information, refer to the
format) of accepted credentials. This may be optional depending on the
authenticator being used.
+### Scheduler Driver
+
+* `--authenticatee` - Analog to the master's `--authenticators` option to
+ specify what module to use. Defaults to `crammd5`.
+
+* `--authentication_backoff_factor` - The scheduler will time out its
+ authentication with the master based on exponential backoff. The timeout will
+ be randomly chosen within the range `[min, min + factor*2^n]` where `n` is
+ the number of failed attempts. To tune these parameters, set the
+ `--authentication_timeout_[min|max|factor]` flags. (default: 1secs)
+
+* `--authentication_timeout_min` - The minimum amount of time the scheduler
+ waits before retrying authenticating with the master. See
+ `--authentication_backoff_factor` for more details. (default: 5secs)
+
+* `--authentication_timeout_max` - The maximum amount of time the scheduler
+ waits before retrying authenticating with the master. See
+ `--authentication_backoff_factor` for more details. (default: 1mins)
+
### Multiple HTTP Authenticators
Multiple HTTP authenticators may be loaded into the Mesos master and agent. In
diff --git a/src/sched/constants.hpp b/src/sched/constants.hpp
index 3233ef4..14f577a 100644
--- a/src/sched/constants.hpp
+++ b/src/sched/constants.hpp
@@ -38,21 +38,20 @@ constexpr Duration DEFAULT_REGISTRATION_BACKOFF_FACTOR = Seconds(2);
// registration.
constexpr Duration REGISTRATION_RETRY_INTERVAL_MAX = Minutes(1);
-// The maximum timeout used when the scheduler driver is authenticating with
-// the master.
-//
-// TODO(mzhu): Make this configurable.
-constexpr Duration AUTHENTICATION_TIMEOUT_MAX = Minutes(1);
+// Name of the default, CRAM-MD5 authenticatee.
+constexpr char DEFAULT_AUTHENTICATEE[] = "crammd5";
-// Default backoff interval used by the scheduler to wait after failed
-// authentication.
+// Default value for `--authentication_backoff_factor`. The backoff timeout
+// factor used by the scheduler when authenticating with the master.
constexpr Duration DEFAULT_AUTHENTICATION_BACKOFF_FACTOR = Seconds(1);
-// Name of the default, CRAM-MD5 authenticatee.
-constexpr char DEFAULT_AUTHENTICATEE[] = "crammd5";
+// Default value for `--authentication_timeout_min`. The minimum amount of
+// time the scheduler waits before retrying authenticating with the master.
+constexpr Duration DEFAULT_AUTHENTICATION_TIMEOUT_MIN = Seconds(5);
-// Default value for `--authentication_timeout`.
-constexpr Duration DEFAULT_AUTHENTICATION_TIMEOUT = Seconds(5);
+// Default value for `--authentication_timeout_max`. The maximum amount of
+// time the scheduler waits before retrying authenticating with the master.
+constexpr Duration DEFAULT_AUTHENTICATION_TIMEOUT_MAX = Minutes(1);
} // namespace scheduler {
} // namespace internal {
diff --git a/src/sched/flags.hpp b/src/sched/flags.hpp
index c799386..811c729 100644
--- a/src/sched/flags.hpp
+++ b/src/sched/flags.hpp
@@ -114,17 +114,28 @@ public:
"authentication_backoff_factor",
"The scheduler will time out its authentication with the master based\n"
"on exponential backoff. The timeout will be randomly chosen within\n"
- "`[authentication_timeout, authentication_timeout + factor*2^n]`\n"
- "where `n` is the number of failed attempts. The maximum timeout\n"
- "internal is capped at " + stringify(AUTHENTICATION_TIMEOUT_MAX) + ".\n"
- "To tune these parameters, set the `--authentication_timeout` and\n"
- "`--authentication_backoff_factor` flags.\n",
+ "the range `[min, min + factor*2^n]` where `n` is the number of\n"
+ "failed attempts. To tune these parameters, set the\n"
+ "`--authentication_timeout_[min|max|factor]` flags.\n",
DEFAULT_AUTHENTICATION_BACKOFF_FACTOR);
- add(&Flags::authentication_timeout,
- "authentication_timeout",
- "Timeout after which authentication will be retried.",
- DEFAULT_AUTHENTICATION_TIMEOUT);
+ add(&Flags::authentication_timeout_min,
+ "authentication_timeout_min",
+ flags::DeprecatedName("authentication_timeout"),
+ "The minimum amount of time the scheduler waits before retrying\n"
+ "authenticating with the master. See `authentication_backoff_factor`\n"
+ "for more details. NOTE: since authentication retry cancels the\n"
+ "previous authentication request, one should consider what is the\n"
+ "normal authentication delay when setting this flag to prevent\n"
+ "premature retry",
+ DEFAULT_AUTHENTICATION_TIMEOUT_MIN);
+
+ add(&Flags::authentication_timeout_max,
+ "authentication_timeout_max",
+ "The maximum amount of time the scheduler waits before retrying\n"
+ "authenticating with the master. See `authentication_backoff_factor`\n"
+ "for more details",
+ DEFAULT_AUTHENTICATION_TIMEOUT_MAX);
}
Duration authentication_backoff_factor;
@@ -132,7 +143,8 @@ public:
Option<Modules> modules;
Option<std::string> modulesDir;
std::string authenticatee;
- Duration authentication_timeout;
+ Duration authentication_timeout_min;
+ Duration authentication_timeout_max;
};
} // namespace scheduler {
diff --git a/src/sched/sched.cpp b/src/sched/sched.cpp
index c5b0595..e77a029 100644
--- a/src/sched/sched.cpp
+++ b/src/sched/sched.cpp
@@ -346,11 +346,11 @@ protected:
// TODO(adam-mesos): Consider adding an initial delay like we do for
// slave registration, to combat thundering herds on master failover.
authenticate(
- flags.authentication_timeout,
+ flags.authentication_timeout_min,
std::min(
- flags.authentication_timeout +
+ flags.authentication_timeout_min +
flags.authentication_backoff_factor * 2,
- scheduler::AUTHENTICATION_TIMEOUT_MAX));
+ flags.authentication_timeout_max));
} else {
// Proceed with registration without authentication.
LOG(INFO) << "No credentials provided."
@@ -499,7 +499,7 @@ protected:
authenticate(
currentMinTimeout,
- std::min(maxTimeout, scheduler::AUTHENTICATION_TIMEOUT_MAX));
+ std::min(maxTimeout, flags.authentication_timeout_max));
return;
}
diff --git a/src/tests/authentication_tests.cpp b/src/tests/authentication_tests.cpp
index 0e8a758..24c94fe 100644
--- a/src/tests/authentication_tests.cpp
+++ b/src/tests/authentication_tests.cpp
@@ -445,7 +445,7 @@ TEST_F(AuthenticationTest, MasterRetriedAuthenticationHandling)
Future<Nothing> exited = DROP_EXITED(authenticatee, authenticator);
Clock::advance(
- mesos::internal::scheduler::DEFAULT_AUTHENTICATION_TIMEOUT);
+ mesos::internal::scheduler::DEFAULT_AUTHENTICATION_TIMEOUT_MIN);
Clock::settle();
Clock::advance(
mesos::internal::scheduler::DEFAULT_AUTHENTICATION_BACKOFF_FACTOR * 2);