[
https://issues.apache.org/jira/browse/HADOOP-15650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16693399#comment-16693399
]
Steve Loughran commented on HADOOP-15650:
-----------------------------------------
aah. In HADOOP-14556 I've actually started my own provider for this; had
forgotten about the retry code there. I think I'll leave that as a separate
patch -switching to async refresh would actually be better as it'd eliminate
latencies.
As to what to do: just wrap the existing getCredentials() Call in an Invoker
with a retry policy which will only retry on throttle exceptions, fail fast on
everything else, especially network failures
> Add custom InstanceProfileCredentialsProvider with more resilience to
> throttling
> --------------------------------------------------------------------------------
>
> Key: HADOOP-15650
> URL: https://issues.apache.org/jira/browse/HADOOP-15650
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.1.0
> Reporter: Steve Loughran
> Priority: Minor
>
> Add our own InstanceProfileCredentialsProvider class which uses the AWS
> implementation to retrieve credentials from EC2's instance info, but more
> resilient to overloading.
> # pass in client config with retry logic (HADOOP-15603)
> # use Invoke.retry() to retry
> # log/measure failures
> # maybe use the Async feature of the AWS SDK class, so that credential
> renewer doesn't block IO.
> # be shared amongst all AWS auth chains which need these credentials.
> The singleton we current use for IAM auth doesn't do async, which is good as
> it ensures that we don't prematurely close it when
> {{AWSCredentialProviderList.close()}} closes its children.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
