HDDS-8780. Leak of ManagedChannel in HASecurityUtils #4850

duongkame · 2023-06-08T00:30:00Z

What changes were proposed in this pull request?

ManagedChannel leak. This is not caught in master because there's no integration test with secure MiniOzoneHAClusterImpl.

Jun 07, 2023 4:29:35 PM org.apache.ratis.thirdparty.io.grpc.internal.ManagedChannelOrphanWrapper$ManagedChannelReference cleanQueue
SEVERE: *~*~*~ Previous channel ManagedChannelImpl{logId=538, target=localhost:65138} was not shutdown properly!!! ~*~*~*
    Make sure to call shutdown()/shutdownNow() and wait until awaitTermination() returns true.
java.lang.RuntimeException: ManagedChannel allocation site
    at org.apache.ratis.thirdparty.io.grpc.internal.ManagedChannelOrphanWrapper$ManagedChannelReference.<init>(ManagedChannelOrphanWrapper.java:100)
    at org.apache.ratis.thirdparty.io.grpc.internal.ManagedChannelOrphanWrapper.<init>(ManagedChannelOrphanWrapper.java:60)
    at org.apache.ratis.thirdparty.io.grpc.internal.ManagedChannelOrphanWrapper.<init>(ManagedChannelOrphanWrapper.java:51)
    at org.apache.ratis.thirdparty.io.grpc.internal.ManagedChannelImplBuilder.build(ManagedChannelImplBuilder.java:631)
    at org.apache.ratis.thirdparty.io.grpc.internal.AbstractManagedChannelImplBuilder.build(AbstractManagedChannelImplBuilder.java:297)
    at org.apache.ratis.grpc.client.GrpcClientProtocolClient.buildChannel(GrpcClientProtocolClient.java:151)
    at org.apache.ratis.grpc.client.GrpcClientProtocolClient.<init>(GrpcClientProtocolClient.java:113)
    at org.apache.ratis.grpc.client.GrpcClientRpc.lambda$new$0(GrpcClientRpc.java:59)
    at org.apache.ratis.util.PeerProxyMap$PeerAndProxy.lambda$getProxy$0(PeerProxyMap.java:64)
    at org.apache.ratis.util.LifeCycle.startAndTransition(LifeCycle.java:270)
    at org.apache.ratis.util.PeerProxyMap$PeerAndProxy.getProxy(PeerProxyMap.java:63)
    at org.apache.ratis.util.PeerProxyMap.getProxy(PeerProxyMap.java:115)
    at org.apache.ratis.grpc.client.GrpcClientRpc.sendRequestAsync(GrpcClientRpc.java:69)
    at org.apache.ratis.client.impl.OrderedAsync.sendRequest(OrderedAsync.java:245)
    at org.apache.ratis.client.impl.OrderedAsync.sendRequestWithRetry(OrderedAsync.java:198)
    at org.apache.ratis.util.SlidingWindow$Client.sendOrDelayRequest(SlidingWindow.java:312)
    at org.apache.ratis.util.SlidingWindow$Client.submitNewRequest(SlidingWindow.java:291)
    at org.apache.ratis.client.impl.OrderedAsync.send(OrderedAsync.java:170)
    at org.apache.ratis.client.impl.OrderedAsync.newInstance(OrderedAsync.java:118)
    at org.apache.ratis.client.impl.RaftClientImpl.lambda$new$1(RaftClientImpl.java:166)
    at org.apache.ratis.util.MemoizedSupplier.get(MemoizedSupplier.java:62)
    at org.apache.ratis.client.impl.RaftClientImpl.getOrderedAsync(RaftClientImpl.java:235)
    at org.apache.ratis.client.impl.AsyncImpl.send(AsyncImpl.java:41)
    at org.apache.ratis.client.impl.AsyncImpl.send(AsyncImpl.java:46)
    at org.apache.hadoop.hdds.scm.ha.HASecurityUtils.submitScmCertsToRatis(HASecurityUtils.java:357)
    at org.apache.hadoop.hdds.scm.ha.SCMHAInvocationHandler.invokeRatis(SCMHAInvocationHandler.java:109)
    at org.apache.hadoop.hdds.scm.ha.SCMHAInvocationHandler.invoke(SCMHAInvocationHandler.java:71)
    at com.sun.proxy.$Proxy34.storeValidCertificate(Unknown Source)
    at org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.signAndStoreCertificate(DefaultCAServer.java:300)
    at org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.requestCertificate(DefaultCAServer.java:260)
    at org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.requestCertificate(DefaultCAServer.java:315)
    at org.apache.hadoop.hdds.scm.server.SCMSecurityProtocolServer.getEncodedCertToString(SCMSecurityProtocolServer.java:288)
    at org.apache.hadoop.hdds.scm.server.SCMSecurityProtocolServer.getSCMCertificate(SCMSecurityProtocolServer.java:274)
    at org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB.getSCMCertificate(SCMSecurityProtocolServerSideTranslatorPB.java:252)
    at org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB.processRequest(SCMSecurityProtocolServerSideTranslatorPB.java:124)
    at org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher.processRequest(OzoneProtocolMessageDispatcher.java:87)
    at org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB.submitRequest(SCMSecurityProtocolServerSideTranslatorPB.java:94)
    at org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos$SCMSecurityProtocolService$2.callBlockingMethod(SCMSecurityProtocolProtos.java:16080)
    at org.apache.hadoop.ipc.ProtobufRpcEngine$Server.processCall(ProtobufRpcEngine.java:484)
    at org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:595)
    at org.apache.hadoop.ipc.ProtobufRpcEngine2$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine2.java:573)
    at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1213)
    at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1089)
    at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:1012)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1899)
    at org.apache.hadoop.ipc.Server$Handler.run(Server.java:3026)

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-8780

How was this patch tested?

Existing tests.

adoroszlai

Thanks @duongkame for fixing this.

* master: (73 commits) HDDS-8587. Test that CertificateClient can store multiple rootCA certificates (apache#4852) HDDS-8801. ReplicationManager: Add metric to count how often replication is throttled (apache#4864) HDDS-8477. Unit test for Snapdiff using tombstone entries (apache#4678) HDDS-7507. [Snapshot] Implement List Snapshot API Pagination (apache#4065) (apache#4861) HDDS-8373. Document that setquota doesn't accept decimals (apache#4856) HDDS-8779. Recon - Expose flag for enable/disable of heatmap. (apache#4845) HDDS-8677. Ozone admin OM CLI command for block tokens (apache#4760) HDDS-8164. Authorize secret key APIs (apache#4597) HDDS-7945. Integrate secret keys to SCM snapshot (apache#4549) HDDS-8003. E2E integration test cases for block tokens (apache#4547) HDDS-7831. Use symmetric secret key to sign and verify token (apache#4417) HDDS-7830. SCM API for OM and Datanode to get secret keys (apache#4345) HDDS-7734. Implement symmetric SecretKeys lifescycle management in SCM (apache#4194) HDDS-8679. Add dedicated, configurable thread pool for OM gRPC server (apache#4771) HDDS-8790. Split EC acceptance tests (apache#4855) HDDS-8714. TestScmHAFinalization: mark testFinalizationWithRestart as flaky, enable other test cases HDDS-8787. Reduce ozone sh calls in robot tests (apache#4854) HDDS-8774. Log allocation stack trace for leaked CodecBuffer (apache#4840) HDDS-8729. Add metric for count of blocks pending deletion on datanode (apache#4800) HDDS-8780. Leak of ManagedChannel in HASecurityUtils (apache#4850) ...

* tmp-dir-refactor: (73 commits) HDDS-8587. Test that CertificateClient can store multiple rootCA certificates (apache#4852) HDDS-8801. ReplicationManager: Add metric to count how often replication is throttled (apache#4864) HDDS-8477. Unit test for Snapdiff using tombstone entries (apache#4678) HDDS-7507. [Snapshot] Implement List Snapshot API Pagination (apache#4065) (apache#4861) HDDS-8373. Document that setquota doesn't accept decimals (apache#4856) HDDS-8779. Recon - Expose flag for enable/disable of heatmap. (apache#4845) HDDS-8677. Ozone admin OM CLI command for block tokens (apache#4760) HDDS-8164. Authorize secret key APIs (apache#4597) HDDS-7945. Integrate secret keys to SCM snapshot (apache#4549) HDDS-8003. E2E integration test cases for block tokens (apache#4547) HDDS-7831. Use symmetric secret key to sign and verify token (apache#4417) HDDS-7830. SCM API for OM and Datanode to get secret keys (apache#4345) HDDS-7734. Implement symmetric SecretKeys lifescycle management in SCM (apache#4194) HDDS-8679. Add dedicated, configurable thread pool for OM gRPC server (apache#4771) HDDS-8790. Split EC acceptance tests (apache#4855) HDDS-8714. TestScmHAFinalization: mark testFinalizationWithRestart as flaky, enable other test cases HDDS-8787. Reduce ozone sh calls in robot tests (apache#4854) HDDS-8774. Log allocation stack trace for leaked CodecBuffer (apache#4840) HDDS-8729. Add metric for count of blocks pending deletion on datanode (apache#4800) HDDS-8780. Leak of ManagedChannel in HASecurityUtils (apache#4850) ...

duongkame added 2 commits June 7, 2023 17:24

HDDS-8780. Leak of ManagedChannel in HASecurityUtils

87d8892

simplify.

7a06e65

duongkame marked this pull request as ready for review June 8, 2023 00:31

duongkame requested review from adoroszlai and fapifta June 8, 2023 00:32

checkstyle.

6ed9971

adoroszlai approved these changes Jun 8, 2023

View reviewed changes

duongkame merged commit 012a301 into apache:master Jun 8, 2023
27 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HDDS-8780. Leak of ManagedChannel in HASecurityUtils #4850

HDDS-8780. Leak of ManagedChannel in HASecurityUtils #4850

duongkame commented Jun 8, 2023

adoroszlai left a comment

HDDS-8780. Leak of ManagedChannel in HASecurityUtils #4850

HDDS-8780. Leak of ManagedChannel in HASecurityUtils #4850

Conversation

duongkame commented Jun 8, 2023

What changes were proposed in this pull request?

What is the link to the Apache JIRA

How was this patch tested?

adoroszlai left a comment

Choose a reason for hiding this comment