HADOOP-12825. Log slow name resolutions. (Sidharta Seethana via stevel)

This commit is contained in:
Steve Loughran 2016-02-27 20:05:35 +00:00
parent d55863de0f
commit 6218008591
4 changed files with 74 additions and 3 deletions

View File

@ -432,6 +432,9 @@ Release 2.8.0 - UNRELEASED
HADOOP-12711. Remove dependency on commons-httpclient for ServletUtil
(Wei-Chiu Chuang via iwasakims)
HADOOP-12825. Log slow name resolutions.
(Sidharta Seethana via stevel)
OPTIMIZATIONS
HADOOP-11785. Reduce the number of listStatus operation in distcp

View File

@ -188,7 +188,19 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic {
"hadoop.security.token.service.use_ip";
public static final boolean HADOOP_SECURITY_TOKEN_SERVICE_USE_IP_DEFAULT =
true;
/** See <a href="{@docRoot}/../core-default.html">core-default.xml .</a> */
public static final String HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY =
"hadoop.security.dns.log-slow-lookups.enabled";
public static final boolean
HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT = false;
/** See <a href="{@docRoot}/../core-default.html">core-default.xml .</a> */
public static final String
HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY =
"hadoop.security.dns.log-slow-lookups.threshold.ms";
public static final int
HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT = 1000;
/**
* HA health monitor and failover controller.
*/

View File

@ -30,6 +30,7 @@ import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.List;
import java.util.ServiceLoader;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.security.auth.kerberos.KerberosPrincipal;
@ -47,6 +48,7 @@ import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenInfo;
import org.apache.hadoop.util.StopWatch;
import org.apache.hadoop.util.StringUtils;
@ -79,6 +81,9 @@ public class SecurityUtil {
setTokenServiceUseIp(useIp);
}
private static boolean logSlowLookups = getLogSlowLookupsEnabled();
private static int slowLookupThresholdMs = getSlowLookupThresholdMs();
/**
* For use only by tests and initialization
*/
@ -480,9 +485,27 @@ public class SecurityUtil {
}
}
private static boolean getLogSlowLookupsEnabled() {
Configuration conf = new Configuration();
return conf.getBoolean(CommonConfigurationKeys
.HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY,
CommonConfigurationKeys
.HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT);
}
private static int getSlowLookupThresholdMs() {
Configuration conf = new Configuration();
return conf.getInt(CommonConfigurationKeys
.HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY,
CommonConfigurationKeys
.HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT);
}
/**
* Resolves a host subject to the security requirements determined by
* hadoop.security.token.service.use_ip.
* hadoop.security.token.service.use_ip. Optionally logs slow resolutions.
*
* @param hostname host or ip to resolve
* @return a resolved host
@ -491,7 +514,22 @@ public class SecurityUtil {
@InterfaceAudience.Private
public static
InetAddress getByName(String hostname) throws UnknownHostException {
return hostResolver.getByName(hostname);
if (logSlowLookups || LOG.isTraceEnabled()) {
StopWatch lookupTimer = new StopWatch().start();
InetAddress result = hostResolver.getByName(hostname);
long elapsedMs = lookupTimer.stop().now(TimeUnit.MILLISECONDS);
if (elapsedMs >= slowLookupThresholdMs) {
LOG.warn("Slow name lookup for " + hostname + ". Took " + elapsedMs +
" ms.");
} else if (LOG.isTraceEnabled()) {
LOG.trace("Name lookup for " + hostname + " took " + elapsedMs +
" ms.");
}
return result;
} else {
return hostResolver.getByName(hostname);
}
}
interface HostResolver {

View File

@ -122,6 +122,24 @@
</description>
</property>
<property>
<name>hadoop.security.dns.log-slow-lookups.enabled</name>
<value>false</value>
<description>
Time name lookups (via SecurityUtil) and log them if they exceed the
configured threshold.
</description>
</property>
<property>
<name>hadoop.security.dns.log-slow-lookups.threshold.ms</name>
<value>1000</value>
<description>
If slow lookup logging is enabled, this threshold is used to decide if a
lookup is considered slow enough to be logged.
</description>
</property>
<!--
=== Multiple group mapping providers configuration sample ===
This sample illustrates a typical use case for CompositeGroupsMapping where