HADOOP-14003. Make additional KMS tomcat settings configurable. Contributed by Andrew Wang.

hadoop-common-project/hadoop-kms/src/main/conf/kms-env.sh

@@ -36,10 +36,32 @@
 #
 # export KMS_ADMIN_PORT=`expr ${KMS_HTTP_PORT} + 1`
 
+# The Tomcat protocol to use for handling requests.
+# The default HTTP/1.1 handler is thread-per-request.
+# The NIO handler multiplexes multiple requests per thread.
+#
+# export KMS_PROTOCOL="HTTP/1.1"
+# export KMS_PROTOCOL="org.apache.coyote.http11.Http11NioProtocol"
+
 # The maximum number of Tomcat handler threads
 #
 # export KMS_MAX_THREADS=1000
 
+# The maximum queue length for incoming connection requests when all possible
+# request processing threads are in use. Any requests received when the queue
+# is full will be refused.
+#
+# export KMS_ACCEPT_COUNT=500
+
+# The number of threads to be used to accept connections. Increase this value
+# on a multi CPU machine, although you would never really need more than 2.
+# Also, with a lot of non keep alive connections, you might want to increase
+# this value as well.
+#
+# Increasing this has no effect unless using the NIO protocol.
+#
+# export KMS_ACCEPTOR_THREAD_COUNT=1
+
 # The maximum size of Tomcat HTTP header
 #
 # export KMS_MAX_HTTP_HEADER_SIZE=65536

hadoop-common-project/hadoop-kms/src/main/libexec/kms-config.sh

@@ -136,6 +136,13 @@ else
   print "Using   KMS_ADMIN_PORT:     ${KMS_ADMIN_PORT}"
 fi
 
+if [ "${KMS_PROTOCOL}" = "" ]; then
+  export KMS_PROTOCOL="HTTP/1.1"
+  print "Setting KMS_PROTOCOL:     ${KMS_PROTOCOL}"
+else
+  print "Using   KMS_PROTOCOL:     ${KMS_PROTOCOL}"
+fi
+
 if [ "${KMS_MAX_THREADS}" = "" ]; then
   export KMS_MAX_THREADS=1000
   print "Setting KMS_MAX_THREADS:     ${KMS_MAX_THREADS}"
@@ -143,6 +150,20 @@ else
   print "Using   KMS_MAX_THREADS:     ${KMS_MAX_THREADS}"
 fi
 
+if [ "${KMS_ACCEPT_COUNT}" = "" ]; then
+  export KMS_ACCEPT_COUNT=500
+  print "Setting KMS_ACCEPT_COUNT:     ${KMS_ACCEPT_COUNT}"
+else
+  print "Using   KMS_ACCEPT_COUNT:     ${KMS_ACCEPT_COUNT}"
+fi
+
+if [ "${KMS_ACCEPTOR_THREAD_COUNT}" = "" ]; then
+  export KMS_ACCEPTOR_THREAD_COUNT=1
+  print "Setting KMS_ACCEPTOR_THREAD_COUNT:     ${KMS_ACCEPTOR_THREAD_COUNT}"
+else
+  print "Using   KMS_ACCEPTOR_THREAD_COUNT:     ${KMS_ACCEPTOR_THREAD_COUNT}"
+fi
+
 if [ "${KMS_MAX_HTTP_HEADER_SIZE}" = "" ]; then
   export KMS_MAX_HTTP_HEADER_SIZE=65536
   print "Setting KMS_MAX_HTTP_HEADER_SIZE:     ${KMS_MAX_HTTP_HEADER_SIZE}"

hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh

@@ -64,7 +64,10 @@ catalina_opts="${catalina_opts} -Dkms.log.dir=${KMS_LOG}";
 catalina_opts="${catalina_opts} -Dkms.temp.dir=${KMS_TEMP}";
 catalina_opts="${catalina_opts} -Dkms.admin.port=${KMS_ADMIN_PORT}";
 catalina_opts="${catalina_opts} -Dkms.http.port=${KMS_HTTP_PORT}";
+catalina_opts="${catalina_opts} -Dkms.protocol=${KMS_PROTOCOL}";
 catalina_opts="${catalina_opts} -Dkms.max.threads=${KMS_MAX_THREADS}";
+catalina_opts="${catalina_opts} -Dkms.accept.count=${KMS_ACCEPT_COUNT}";
+catalina_opts="${catalina_opts} -Dkms.acceptor.thread.count=${KMS_ACCEPTOR_THREAD_COUNT}";
 catalina_opts="${catalina_opts} -Dkms.max.http.header.size=${KMS_MAX_HTTP_HEADER_SIZE}";
 catalina_opts="${catalina_opts} -Dkms.ssl.keystore.file=${KMS_SSL_KEYSTORE_FILE}";
 catalina_opts="${catalina_opts} -Djava.library.path=${JAVA_LIBRARY_PATH}";

hadoop-common-project/hadoop-kms/src/main/tomcat/server.xml

@@ -72,8 +72,10 @@
          APR (HTTP/AJP) Connector: /docs/apr.html
          Define a non-SSL HTTP/1.1 Connector on port ${kms.http.port}
     -->
-    <Connector port="${kms.http.port}" protocol="HTTP/1.1"
+    <Connector port="${kms.http.port}" protocol="${kms.protocol}"
                maxThreads="${kms.max.threads}"
+               acceptCount="${kms.accept.count}"
+               acceptorThreadCount="${kms.acceptor.thread.count}"
                connectionTimeout="20000"
                redirectPort="8443"
                maxHttpHeaderSize="${kms.max.http.header.size}"/>

hadoop-common-project/hadoop-kms/src/main/tomcat/ssl-server.xml.conf

@@ -68,8 +68,10 @@
          This connector uses the JSSE configuration, when using APR, the
          connector should be using the OpenSSL style configuration
          described in the APR documentation -->
-    <Connector port="${kms.http.port}" protocol="HTTP/1.1" SSLEnabled="true"
+    <Connector port="${kms.http.port}" protocol="${kms.protocol}" SSLEnabled="true"
                maxThreads="${kms.max.threads}" scheme="https" secure="true"
+               acceptCount="${kms.accept.count}"
+               acceptorThreadCount="${kms.acceptor.thread.count}"
                maxHttpHeaderSize="${kms.max.http.header.size}"
                clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
                truststorePass="_kms_ssl_truststore_pass_"

hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm

@@ -200,7 +200,10 @@ The following environment variables (which can be set in KMS's `etc/hadoop/kms-e
 
 * KMS_HTTP_PORT
 * KMS_ADMIN_PORT
+* KMS_PROTOCOL
 * KMS_MAX_THREADS
+* KMS_ACCEPT_COUNT
+* KMS_ACCEPTOR_THREAD_COUNT
 * KMS_MAX_HTTP_HEADER_SIZE
 * KMS_LOGNOTE: You need to restart the KMS for the configuration changes to take effect.