You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Sravya Tirukkovalur (JIRA)" <ji...@apache.org> on 2015/09/23 22:48:06 UTC
[jira] [Comment Edited] (SENTRY-893) Synchronize calls in
SentryClient
[ https://issues.apache.org/jira/browse/SENTRY-893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14905198#comment-14905198 ]
Sravya Tirukkovalur edited comment on SENTRY-893 at 9/23/15 8:47 PM:
---------------------------------------------------------------------
I made a few more changes.
Sentry client is an instance variable of SimpleDBProviderBackend and hence it is still possible that a thread is trying to access a sentry client with previously broken/misaligned socket as the new thread is just blocked on the synchronized call but still has a handle for the old client. For this reason I think it is best to recreate a sentry client for each request. Updated the patch to achieve thread safety by making sentry client a local variable. This should not be a problem with pooled connection factory as we invalidate the broken clients from the pool and provide only good clients.
was (Author: sravya):
I made a few more changes.
Right now, there is just one sentry client per HMS instance as (Sentry Client): (SimpleDBProviderBackend) : (PolicyEngine): (AuthorizationProvider): (HiveAuthzBinding): (MetaStoreAuthzBinding) = 1:1:1:1:1. And Sentry client is an instance variable of SimpleDBProviderBackend and hence it is still possible that a thread is trying to access a sentry client with previously broken/misaligned socket as the new thread is just blocked on the synchronized call but still has a handle for the old client. For this reason I think it is best to recreate a sentry client for each request. Updated the patch to achieve thread safety by making sentry client a local variable. This should not be a problem with pooled connection factory as we invalidate the broken clients from the pool and provide only good clients.
> Synchronize calls in SentryClient
> ---------------------------------
>
> Key: SENTRY-893
> URL: https://issues.apache.org/jira/browse/SENTRY-893
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.4.0
> Reporter: Sravya Tirukkovalur
> Assignee: Sravya Tirukkovalur
> Fix For: 1.7.0
>
> Attachments: SENTRY-893.1.patch, SENTRY-893.patch
>
>
> We periodically see "out of sequence response" error from thrift layer as thrift itself is not thread safe and lets mutliple clients read each other's sockets. See http://mail-archives.apache.org/mod_mbox/thrift-user/201208.mbox/%3CA0F963DCF29346458CDF2969683DF6CC70F90B3A@SC-MBX01-2.TheFacebook.com%3E
> bq. Caused by: sentry.org.apache.thrift.TApplicationException: list_sentry_privileges_for_provider failed: out of sequence response at sentry.org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:76)
> Would be best to synchronize the calls on client side to avoid this situation. We might follow up to allow locking just the transport.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)