diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-10-08 13:53:12 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-10-08 13:53:12 +0200 |
commit | 1adde2639a7c2c669b0067cfb4d27c85474be99d (patch) | |
tree | 9e9662f0057e7cda6dc372c07da4c26af2a8b27c | |
parent | 5bc1cf22f2d2c12a4bdf92f50f14a017094c4c5b (diff) |
Policy of S3 buckets in main/cd now have a fixed size
3 files changed, 23 insertions, 13 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/ArchiveService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/ArchiveService.java index 04e52c59d7a..5363e8d0150 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/ArchiveService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/ArchiveService.java @@ -5,7 +5,6 @@ import com.yahoo.config.provision.TenantName; import com.yahoo.config.provision.zone.ZoneId; import java.util.Map; -import java.util.Set; /** * Service that manages archive storage URIs for tenant nodes. @@ -15,7 +14,7 @@ import java.util.Set; */ public interface ArchiveService { - ArchiveBucket createArchiveBucketFor(ZoneId zoneId); + ArchiveBucket createArchiveBucketFor(ZoneId zoneId, boolean sharded); void updateBucketAndKeyPolicy(ZoneId zoneId, ArchiveBucket bucket, Map<TenantName, String> authorizeIamRoleByTenantName); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/MockArchiveService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/MockArchiveService.java index c8e79a84925..5c979ddfc7b 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/MockArchiveService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/archive/MockArchiveService.java @@ -16,7 +16,7 @@ public class MockArchiveService implements ArchiveService { public Map<ArchiveBucket, Map<TenantName, String>> authorizedIamRoles = new HashMap<>(); @Override - public ArchiveBucket createArchiveBucketFor(ZoneId zoneId) { + public ArchiveBucket createArchiveBucketFor(ZoneId zoneId, boolean sharded) { return new ArchiveBucket("bucketName", "keyArn"); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/archive/CuratorArchiveBucketDb.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/archive/CuratorArchiveBucketDb.java index a7555307a59..ce5869af1a0 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/archive/CuratorArchiveBucketDb.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/archive/CuratorArchiveBucketDb.java @@ -17,6 +17,7 @@ import java.net.URI; import java.util.HashSet; import java.util.Map; import java.util.Optional; +import java.util.OptionalInt; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.stream.Collectors; @@ -29,14 +30,6 @@ import java.util.stream.Collectors; public class CuratorArchiveBucketDb { /** - * Due to policy limits, we can't put data for more than this many tenants in a bucket. - * Policy size limit is 20kb, about 550 bytes for non-tenant related policies. Each tenant - * needs about 500 + len(role_arn) bytes, we limit role_arn to 100 characters, so we can - * fit about (20k - 550) / 600 ~ 32 tenants per bucket. - */ - private final static int TENANTS_PER_BUCKET = 30; - - /** * Archive URIs are often requested because they are returned in /application/v4 API. Since they * never change, it's safe to cache them and only update on misses */ @@ -84,7 +77,7 @@ public class CuratorArchiveBucketDb { .orElseGet(() -> { // If not, find an existing bucket with space Optional<ArchiveBucket> unfilledBucket = zoneBuckets.stream() - .filter(bucket -> bucket.tenants().size() < TENANTS_PER_BUCKET) + .filter(bucket -> bucket.tenants().size() < tenantsPerBucket().orElse(Integer.MAX_VALUE)) .findAny(); // And place the tenant in that bucket. @@ -99,7 +92,8 @@ public class CuratorArchiveBucketDb { } // We'll have to create a new bucket - var newBucket = archiveService.createArchiveBucketFor(zoneId).withTenant(tenant); + var newBucket = archiveService.createArchiveBucketFor(zoneId, tenantsPerBucket().isPresent()) + .withTenant(tenant); zoneBuckets.add(newBucket); curatorDb.writeArchiveBuckets(zoneId, zoneBuckets); updateArchiveUriCache(zoneId, zoneBuckets); @@ -121,6 +115,23 @@ public class CuratorArchiveBucketDb { return bucketName; } + private OptionalInt tenantsPerBucket() { + if (system.isPublic()) { + /* + * Due to policy limits, we can't put data for more than this many tenants in a bucket. + * Policy size limit is 20kb, about 550 bytes for non-tenant related policies. Each tenant + * needs about 500 + len(role_arn) bytes, we limit role_arn to 100 characters, so we can + * fit about (20k - 550) / 600 ~ 32 tenants per bucket. + */ + return OptionalInt.of(30); + } else { + /* + * The S3 policies in main/cd have a fixed size. + */ + return OptionalInt.empty(); + } + } + private Optional<String> getBucketNameFromCache(ZoneId zoneId, TenantName tenantName) { return Optional.ofNullable(archiveUriCache.get(zoneId)).map(map -> map.get(tenantName)); } |