morningman opened a new pull request, #48655:
URL: https://github.com/apache/doris/pull/48655
### What problem does this PR solve?
Related PR: #47299
Problem Summary:
In PR #47299, we use ticket cache to login kerberos.
But the `hdfsFs` object and `hdfsFile` object on the BE side have caches,
the ticket in the cache will not be updated,
so the cache must be cleaned and reconnected before the ticket expires to
ensure that the authentication is not invalid.
So there are some parameters here that need to be linked with the kerberos
ticket life cycle.
- `kerberos_refresh_interval_second`
- Default: 12h
- The refresh interval for each ticket cache in Doris. This interval
should be less than `ticket_lifetime` in `krb5.conf`.
- It cannot be less than 5 seconds, because the minimum interval of the
periodic polling thread is 5 seconds.
- `max_hdfs_file_handle_cache_time_sec`
- Default: 8h
- The maximum time for the Hdfs file handle cache. The cache that
exceeds this time will be cleaned.
- It should be smaller than `kerberos_refresh_interval_second` and
greater than 1 second.
- hdfsFs cache cleanup logic
- hdfsFs cleanup logic is divided into two categories.
1. hdfsFs without kerberos authentication, will be cleared 24 hours
after the last access.
2. hdfsFs with kerberos authentication will be cleared after half of
the ticket lifecycle since creation.
In summary:
`ticket_lifetime` > `kerberos_refresh_interval_second` >
`max_hdfs_file_handle_cache_time_sec`
### Release note
None
### Check List (For Author)
- Test <!-- At least one of them must be included. -->
- [ ] Regression test
- [ ] Unit Test
- [ ] Manual test (add detailed scripts or steps below)
- [ ] No need to test or manual test. Explain why:
- [ ] This is a refactor/code format and no logic has been changed.
- [ ] Previous test can cover this change.
- [ ] No code files have been changed.
- [ ] Other reason <!-- Add your reason? -->
- Behavior changed:
- [ ] No.
- [ ] Yes. <!-- Explain the behavior change -->
- Does this need documentation?
- [ ] No.
- [ ] Yes. <!-- Add document PR link here. eg:
https://github.com/apache/doris-website/pull/1214 -->
### Check List (For Reviewer who merge this PR)
- [ ] Confirm the release note
- [ ] Confirm test cases
- [ ] Confirm document
- [ ] Add branch pick label <!-- Add branch pick label that this PR should
merge into -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
