[jira] [Commented] (KUDU-3504) Crash master on subprocess failure

Wed, 23 Aug 2023 20:37:54 -0700 


    [ 
https://issues.apache.org/jira/browse/KUDU-3504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17758329#comment-17758329
 ] 

ASF subversion and git services commented on KUDU-3504:
-------------------------------------------------------

Commit e79c1403ca2d6d2510d938c107e44568c7f3a254 in kudu's branch 
refs/heads/branch-1.17.x from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=e79c1403c ]

KUDU-3504 Crash master on subprocess death

In the past, there were several instances when the Ranger subprocess
crashed.  In these cases, the master happily went on, but failed to
authorize requests. Since there's no way to restart the subprocess
without restarting the master anyway, it's better to crash the master as
well to make sure the failure of the subprocess is detected in time and
can be addressed.

As there are multiple concurrent calls to Subprocess::DoWait() now, this
commit also changes some member variables to atomic to make sure it's
thread-safe as TSAN complained about a data race.

Change-Id: Iec516f3d684f152bd29874b60b810c526ee5a184
Reviewed-on: http://gerrit.cloudera.org:8080/20365
Tested-by: Kudu Jenkins
Reviewed-by: Marton Greber <greber...@gmail.com>
Reviewed-by: Alexey Serbin <ale...@apache.org>
(cherry picked from commit fd98e9e7331a0e8fc6b091faa2d2744a7787e6d7)
Reviewed-on: http://gerrit.cloudera.org:8080/20414
Reviewed-by: Yingchun Lai <laiyingc...@apache.org>
Tested-by: Yingchun Lai <laiyingc...@apache.org>


> Crash master on subprocess failure
> ----------------------------------
>
>                 Key: KUDU-3504
>                 URL: https://issues.apache.org/jira/browse/KUDU-3504
>             Project: Kudu
>          Issue Type: Improvement
>            Reporter: Attila Bukor
>            Assignee: Attila Bukor
>            Priority: Major
>
> If the Ranger subprocess crashes, authorization will fail, but there's no 
> other indication that the process has died. The master won't restart the 
> subprocess and there's no way to restart it manually without restarting Kudu 
> anyway. Furthermore, if the subprocess crashes, that's likely a symptom of 
> something that requires manual intervention to resolve to avoid crashing in 
> the future, so it's best if the master crashes upon the subprocess crashing 
> as well.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to