You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Sravya Tirukkovalur (JIRA)" <ji...@apache.org> on 2015/09/23 22:48:06 UTC

[jira] [Comment Edited] (SENTRY-893) Synchronize calls in SentryClient

    [ https://issues.apache.org/jira/browse/SENTRY-893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14905198#comment-14905198 ] 

Sravya Tirukkovalur edited comment on SENTRY-893 at 9/23/15 8:47 PM:
---------------------------------------------------------------------

I made a few more changes.

Sentry client is an instance variable of SimpleDBProviderBackend and hence it is still possible that a thread is trying to access a sentry client with previously broken/misaligned socket as the new thread is just blocked on the synchronized call but still has a handle for the old client. For this reason I think it is best to recreate a sentry client for each request. Updated the patch to achieve thread safety by making sentry client a local variable. This should not be a problem with pooled connection factory as we invalidate the broken clients from the pool and provide only good clients.


was (Author: sravya):
I made a few more changes.

Right now, there is just one sentry client per HMS instance as (Sentry Client): (SimpleDBProviderBackend) : (PolicyEngine): (AuthorizationProvider): (HiveAuthzBinding):  (MetaStoreAuthzBinding) = 1:1:1:1:1. And Sentry client is an instance variable of SimpleDBProviderBackend and hence it is still possible that a thread is trying to access a sentry client with previously broken/misaligned socket as the new thread is just blocked on the synchronized call but still has a handle for the old client. For this reason I think it is best to recreate a sentry client for each request. Updated the patch to achieve thread safety by making sentry client a local variable. This should not be a problem with pooled connection factory as we invalidate the broken clients from the pool and provide only good clients.

> Synchronize calls in SentryClient
> ---------------------------------
>
>                 Key: SENTRY-893
>                 URL: https://issues.apache.org/jira/browse/SENTRY-893
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.4.0
>            Reporter: Sravya Tirukkovalur
>            Assignee: Sravya Tirukkovalur
>             Fix For: 1.7.0
>
>         Attachments: SENTRY-893.1.patch, SENTRY-893.patch
>
>
> We periodically see "out of sequence response" error from thrift layer as thrift itself is not thread safe and lets mutliple clients read each other's sockets. See http://mail-archives.apache.org/mod_mbox/thrift-user/201208.mbox/%3CA0F963DCF29346458CDF2969683DF6CC70F90B3A@SC-MBX01-2.TheFacebook.com%3E
> bq. Caused by: sentry.org.apache.thrift.TApplicationException: list_sentry_privileges_for_provider failed: out of sequence response at sentry.org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:76) 
> Would be best to synchronize the calls on client side to avoid this situation. We might follow up to allow locking just the transport.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)