You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Alex Stiff (Jira)" <ji...@apache.org> on 2022/04/21 12:42:00 UTC

[jira] [Created] (RANGER-3726) Auditor role causes usersync and login to gradually slow down

Alex Stiff created RANGER-3726:
----------------------------------

             Summary: Auditor role causes usersync and login to gradually slow down
                 Key: RANGER-3726
                 URL: https://issues.apache.org/jira/browse/RANGER-3726
             Project: Ranger
          Issue Type: Bug
          Components: audit, usersync
    Affects Versions: 1.2.0
            Reporter: Alex Stiff


When configuring a user with a group based role assignment to the ROLE_ADMIN_AUDITOR role, running the usersync process causes a malformed user permission to be assigned to that user. Each time usersync is run this adds more user permissions, until eventually there are enough that the usersync and login processes take several minutes to complete.

*Configuration*

I have this configured in ranger-ugsync-site.xml:
{code:java}
<property>
  <name>ranger.usersync.group.based.role.assignment.rules</name>
  <value>ROLE_ADMIN_AUDITOR:u:myusername</value>
</property>{code}
And the usersync process is being invoked with:
{code:java}
/usr/bin/java -Dproc_rangerusersync -Dlog4j.configuration=file:/etc/ranger/conf/log4j.properties -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx1g -Xms1g -Duser=ranger -Dhostname=<redacted> -Dlogdir=/var/log/ranger/usersync -cp /usr/local/ranger-usersync/dist/*:/usr/local/ranger-usersync/lib/*:/usr/local/ranger-usersync/conf: org.apache.ranger.authentication.UnixAuthenticationService -enableUnixAuth {code}
*Observations*

Upon the usersync process restarting, the x_user_module_perm table in the ranger database has new rows added to it. These all have "module_id" set to [null]. These rows are never removed or updated. During login, this causes the call to /service/users/profile to take longer and longer. In production, 15,000 rows in this table for a single user caused the login to take 2.5 minutes.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)