You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Madhan Neethiraj (Jira)" <ji...@apache.org> on 2022/10/11 07:30:00 UTC
[jira] [Resolved] (RANGER-3900) Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
[ https://issues.apache.org/jira/browse/RANGER-3900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Madhan Neethiraj resolved RANGER-3900.
--------------------------------------
Fix Version/s: 3.0.0
2.4.0
Resolution: Fixed
[~ramackri] - thank you for the patch. The patch has been committed in the following branches:
{noformat}
commit 017c7402773f069ff576785a1d51ac790d63e2c7 (HEAD -> master, origin/master, origin/HEAD)
Author: Ramachandran Krishnan <ra...@gmail.com>
Date: Tue Oct 11 08:58:53 2022 +0530
RANGER-3900: performance improvement in roles deletion
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
{noformat}
{noformat}
commit 9b81ac05d75596f92b12183fda452a871c959f62 (HEAD -> ranger-2.4, origin/ranger-2.4)
Author: Ramachandran Krishnan <ra...@gmail.com>
Date: Tue Oct 11 08:58:53 2022 +0530
RANGER-3900: performance improvement in roles deletion
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
(cherry picked from commit 017c7402773f069ff576785a1d51ac790d63e2c7)
{noformat}
> Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
> ---------------------------------------------------------------------------------
>
> Key: RANGER-3900
> URL: https://issues.apache.org/jira/browse/RANGER-3900
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Affects Versions: 3.0.0
> Reporter: Ramachandran
> Assignee: Ramachandran
> Priority: Major
> Fix For: 3.0.0, 2.4.0
>
>
> *{color:#0000ff}Role Deletion Steps in Apache Ranger:{color}*{color:#0000ff} {color}
>
> {code:java}
>
> 1. Getting XXRole by roleName:
> XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName); → 1DB Read call
> 2. Ensuring role is not in policy
> Long roleRefPolicyCount = daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(roleName); → 1DB Read call
> 3. Ensuring role is not in another role
> Long roleRefRoleCount = daoMgr.getXXRoleRefRole().findRoleRefRoleCount(roleName);→ 1DB Read call
> 4. Fetching RangerRole by id
> RangerRole role = roleService.read(xxRole.getId()); → 1DB Read call
> 5. Dereferencing all the users from the role.
> for (XXRoleRefUser xxRoleRefUser : xRoleUserDao.findByRoleId(roleId)) { → 1DB Read call
> xRoleUserDao.remove(xxRoleRefUser); → 1DB Write call for each xxRoleRefUser
> }
> 6. Dereferencing all the groups from the role
> for (XXRoleRefGroup xxRoleRefGroup : xRoleGroupDao.findByRoleId(roleId)) { → 1DB Read call
> xRoleGroupDao.remove(xxRoleRefGroup); → 1DB Write call for each xxRoleRefGroup
> }
> 7. Dereferencing all other roles from the role.
> for (XXRoleRefRole xxRoleRefRole : xRoleRoleDao.findByRoleId(roleId)) {→ 1DB Read call
> xRoleRoleDao.remove(xxRoleRefRole);→ 1DB Write call for each xxRoleRefRole
> }
> 8. Delete the rangerRole in DB
> roleService.delete(role); → 1DB Write call
> 9. Create TrxLog
> bizUtil.createTrxLog(trxLogList) → 1DB Write call
>
> {code}
>
> *{color:#0000ff}Total number of DB calls involved for the below role deletion in Apache Ranger:{color}*
>
> *Deleting the role which contains more users:*
> 1. role contains 100 users
> ||DB Write count||DB Read count||DB Batch Write count||Time is taken to delete the role||
> |102|6|0|1.01 seconds|
>
> 1 role contains 500 users
> ||DB Write count||DB Read count||DB Batch Write count||Time is taken to delete the role||
> |502|6|0| 2.241 seconds|
> 1 role contains 1000 users
> ||DB Write count||DB Read count||DB Batch Write count||Time is taken to delete the role||
> |1002|6|0|3.14 seconds|
>
> 1 role contains 1000 users ,1000 roles,1000 groups
> ||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
> |3002|6|0|11.577 seconds|
>
> {color:#ff0000}Proposal{color}:
> {color:#ff0000}We can try a DB batch write call instead of 1 DB write call for every user deference{color}
>
> After Fix
> 1 role contains 500 users
> ||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
> |3|6|0|0.666 seconds |
> 1 role contains 1000 users
> ||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
> |3|6|0|0.835 seconds|
>
> 1 role contains 1000 users ,1000 roles,1000 groups
> ||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
> |5|6|0|1.021 seconds|
> {color:#ff0000}Recommendation :{color}
> When we reduce the number of users added to the role -→ Total number of DB calls will be reduced
> Instead of adding roles to the users, can we add those users into the group. And then link that group to the role
> if we use groups instead of directly adding users into the role, the total number of DB write calls will be reduced to 2 from 1002 for 1k users
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)