You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Josh McKenzie (Jira)" <ji...@apache.org> on 2022/01/11 17:19:00 UTC

[jira] [Commented] (CASSANDRA-16958) Prewarm role and credentials caches to avoid timeouts at startup

    [ https://issues.apache.org/jira/browse/CASSANDRA-16958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17472961#comment-17472961 ] 

Josh McKenzie commented on CASSANDRA-16958:
-------------------------------------------

Well that ended up being a more interesting rebase than expected after CASSANDRA-17027.

I ended up changing some of the implementation to try and better tie together various AuthCache implementers initialization since that was the long pole of complexity on getting this rebase to behave and wired it up in CQLTester.

I've now tied the starting of all "static" caches to {{AuthCacheService.initializeAndRegisterCaches}} and left a bread crumb there pointing to the current member initialization and registration happening in {{{}PasswordAuthenticator.setup{}}}, as well as left {{@link}} breadcrumbs on the various init methods indicating they shouldn't be used directly.

Any work locally on that code should both 1) provide immediate context about the relationships between the various caches, the service, and initialization, and 2) automatically be picked up by IDE's doing a rename or other refactor.

So all that said, here's our links:
||Item|Link|
||PR|[Link|https://github.com/apache/cassandra/pull/1205]|
||JDK8 tests|[Link|https://app.circleci.com/pipelines/github/josh-mckenzie/cassandra/163/workflows/b2d1f937-80cd-4ac0-a2a6-b0587fd7cc92]|
||JDK11 tests|[Link|https://app.circleci.com/pipelines/github/josh-mckenzie/cassandra/163/workflows/d9bf9c91-1e31-4480-9078-bff7440cd601]|

Lastly of note: I reged replaced git: with https: as per CASSANDRA-17255; will revert that bit in favor of that other commit once CI is done.

> Prewarm role and credentials caches to avoid timeouts at startup
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-16958
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16958
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Authorization
>            Reporter: Josh McKenzie
>            Assignee: Josh McKenzie
>            Priority: Normal
>             Fix For: 4.x
>
>
> With our current auth querying setup, you can end up with a thundering herd on reconnect due to delays on auth resolution.
> We should instead allow the ability to do a 'select' on all roles and pre-load the cache before turning on native transport. Notably, this could present some unacceptable delays on start with a very large count of users (thousands), or someone who uses a third party auth system rather than the built-in authorizer so this should be configurable and opt-in.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org