You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@kudu.apache.org by "Dan Burkert (Code Review)" <ge...@cloudera.org> on 2017/03/03 21:51:28 UTC

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Dan Burkert has uploaded a new change for review.

  http://gerrit.cloudera.org:8080/6254

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................

KUDU-1897: disable Kerberos replay cache

Also provides an initial cut of an RPC negotiation benchmark / stress
tester.

Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
---
M src/kudu/rpc/CMakeLists.txt
A src/kudu/rpc/rpc-negotiation-bench.cc
M src/kudu/security/init.cc
3 files changed, 277 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/54/6254/1
-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has uploaded a new patch set (#2).

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................

KUDU-1897: disable Kerberos replay cache

Also provides an initial cut of an RPC negotiation benchmark / stress
tester.

Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
---
M src/kudu/rpc/CMakeLists.txt
A src/kudu/rpc/rpc-negotiation-bench.cc
M src/kudu/security/init.cc
3 files changed, 270 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/54/6254/2
-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Hello Kudu Jenkins,

I'd like you to reexamine a change.  Please visit

    http://gerrit.cloudera.org:8080/6254

to look at the new patch set (#3).

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................

KUDU-1897: disable Kerberos replay cache

Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
---
M src/kudu/security/init.cc
1 file changed, 6 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/54/6254/3
-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.

Todd Lipcon has posted comments on this change.

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................


Patch Set 3: Code-Review+2

-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change.

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................


Patch Set 2:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/6254/2/src/kudu/rpc/rpc-negotiation-bench.cc
File src/kudu/rpc/rpc-negotiation-bench.cc:

PS2, Line 130: StartTestServerWithGeneratedCode(&server_addr_)
Is it necessary to enable TLS support if running with TLS-enabled configuration?


PS2, Line 214: Acquire_Load(&should_run_)
Consider using atomic<bool> for should_run_ since atomic<int> is introduced for negotiation_count.


-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change.

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................


Patch Set 2:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/6254/2/src/kudu/rpc/rpc-negotiation-bench.cc
File src/kudu/rpc/rpc-negotiation-bench.cc:

PS2, Line 148:   friend class ClientThread;
             :   friend class ClientAsyncWorkload;
It seems these declaration are not needed.


PS2, Line 190:  
nit: off-by-one shift


PS2, Line 198:       authn_token = SignedTokenPB();
             :       security::TokenPB token;
             :       token.set_expire_unix_epoch_seconds(WallTime_Now() + validity / 2);
             :       token.mutable_authn()->set_username("client-token");
             :       ASSERT_TRUE(token.SerializeToString(authn_token->mutable_token_data()));
             :       ASSERT_OK(token_signer.SignToken(&authn_token.get()));
Consider replacing with:

SignedTokenPB authn_token;
ASSERT_OK(token_signer.GenerateAuthnToken("client-token", &authn_token));


-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has submitted this change and it was merged.

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................


KUDU-1897: disable Kerberos replay cache

Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Reviewed-on: http://gerrit.cloudera.org:8080/6254
Reviewed-by: Todd Lipcon <to...@apache.org>
Tested-by: Kudu Jenkins
---
M src/kudu/security/init.cc
1 file changed, 6 insertions(+), 0 deletions(-)

Approvals:
  Todd Lipcon: Looks good to me, approved
  Kudu Jenkins: Verified



-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.

Todd Lipcon has posted comments on this change.

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................


Patch Set 2:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/6254/2/src/kudu/rpc/rpc-negotiation-bench.cc
File src/kudu/rpc/rpc-negotiation-bench.cc:

PS2, Line 109:   // Setup the KDC once. InitKerberosForServer uses global state, so it's easier
             :   // not to create a new KDC for every test case.
             :   void SetUp() override {
I think this still sets it up for every test case, doesn't it? maybe use static void SetUpTestCase?


-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes

[kudu-CR] KUDU-1897: disable Kerberos replay cache

Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.

Dan Burkert has posted comments on this change.

Change subject: KUDU-1897: disable Kerberos replay cache
......................................................................


Patch Set 1:

(4 comments)

http://gerrit.cloudera.org:8080/#/c/6254/1/src/kudu/rpc/rpc-negotiation-bench.cc
File src/kudu/rpc/rpc-negotiation-bench.cc:

Line 55: using std::bind;
> warning: using decl 'bind' is unused [misc-unused-using-decls]
Done


Line 56: using std::shared_ptr;
> warning: using decl 'shared_ptr' is unused [misc-unused-using-decls]
Done


Line 69: using kudu::security::TokenVerifier;
> warning: using decl 'TokenVerifier' is unused [misc-unused-using-decls]
Done


Line 121:     // TODO: this initializes global state that will break if more than one test
> warning: missing username/bug in TODO [google-readability-todo]
Done


-- 
To view, visit http://gerrit.cloudera.org:8080/6254
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Ifbce55a0b12682fdf69e7b2c361c6336495db64d
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes