Release Notes
2.10.0-2.6
The Alluxio Enterprise 2.10.0-2.6 patch improves worker behavior with respect to pinned files and recovery from potential corruption during process crashes.
Changelog
- Set min replication when TTL expires to free a file
- Fix potential code injection vulnerability
- Fix data corrupted issue when loading from UFS
Configuration changes
None
2.10.0-2.5
The Alluxio Enterprise 2.10.0-2.5 patch adds security configurations, improves metadata sync throttling, and tracks Netty memory usage.
Changelog
- Add a config to distinguish the tls configs for data and HA journal
- Improve metadata sync throttling
- Add the metrics to record the direct memory used by Netty
- Specify explicit the server uri if delegation token is enabled
Configuration changes
Property keys added and their default values
- alluxio.network.journal.tls.enabled=true
- alluxio.network.tls.use.system.trusstore= false
- alluxio.network.tls.client.no.endpoint.identification=false
- alluxio.security.authentication.delegation.token.server.uri.match=””
2.10.0-2.4
The Alluxio Enterprise 2.10.0-2.4 patch adds a whitelist for transparent URI and force bypass filesystem to use s3a instead of deprecated s3 or s3n clients.
Changelog
- Fix configuration for shimfs to use a non-default config
- Add allowlist (whitelist) to transparent uri
- Add Regex support to direct access
- Use s3a for all s3 compatible scheme when bypass is used
- Add Insecure ssl
Configuration changes
Property keys added and their default values
- alluxio.user.shimfs.allow.list=””
2.10.0-2.3
The Alluxio Enterprise 2.10.0-2.3 patch includes configurable improvements to UFS read and metadata sync behaviors
as well as improvements to the S3 API.
It is recommended to set the newly added property alluxio.underfs.read.chunk.size
to higher value, such as 4MB
, for improved UFS read performance.
If a user has an object store as UFS and does not rely on inode permissions in Alluxio for access control,
setting alluxio.master.metadata.sync.recursive.load.parent.dirs=false
will improve metadata sync performance.
This is especially helpful when the UFS does not have a definition of directory, such as Alibaba OSS.
Changelog
- Fix ufs read timeout
- Add an option to skip persist/check parent dirs in metadata sync
- Fix monitor process if delegation token enabled
- Respond with unsupported message when GetBucketLocation
- Load content hash as the etag of the object when the UFS is S3
Configuration changes
Property keys added and their default values
- alluxio.master.metadata.sync.recursive.load.parent.dirs=true
- alluxio.underfs.read.chunk.size=8KB
2.10.0-2.2
The Alluxio Enterprise 2.10.0-2.2 patch includes improvements to file permissions and a feature to avoid accessing the cache for paths specified in configuration.
Changelog
- Add direct access option to avoid caching certain paths
- Get User/Group/Permission of existed objects in OSS ufs
- Support Mkdir/CreateFile with configured default umask in HDFS API
- Add worker vCPU info to fsadmin report capacity command
Configuration changes
Property keys added and their default values
- alluxio.underfs.oss.default.mode=0700
- alluxio.underfs.oss.owner.id.to.username.mapping=””
- alluxio.user.file.direct.access=””
Property keys removed
None
Property keys with modified default values
None
2.10.0-2.1
The Alluxio Enterprise 2.10.0-2.1 patch includes fixes in the areas of the proxy service, S3 API multipart uploads, and pinned files.
Several new capabilities can be enabled via configuration or flags:
- Add an option to deny permissions in the case where the requested path is not defined by any Ranger policy
- Support configuring multiple independent KDCs
For the CLI commands bin/alluxio fs ls
and bin/alluxio fs loadMetadata
, there will be a limit of 1 million files imposed on the operation.
To ignore this limit, add the -n
flag. This restores the previous behavior but is not recommended.
To set a different limit, set -Dalluxio.user.file.metadata.sync.limit=<newLimit>
when executing the bin/alluxio
command.
Changelog
- Avoid copying properties in HdfsUnderFileSystem
- Alluxio talks to multiple independent KDCs in the same cluster.
- Enhance Ranger policy by Implicit deny for requests to paths not covered by Ranger ACL policies
- Fix key distribution for proxy
- Replication Checker shall remove pinned file if not found in UFS
- Alluxio S3 API “list-multipart-uploads” returns no results with “multipart.upload.write.through” enabled
- Trino client stuck on acquiring a lock for getting the worker lists from the master node
- Add limits to ls -R operations
Configuration changes
Property keys added and their default values
- alluxio.security.authorization.capability.threadpool.size=1
- alluxio.security.authorization.default.deny=false
- alluxio.security.kerberos.min.seconds.before.relogin=1min
- alluxio.security.underfs.hdfs.kerberos.login.per.instance=false
- alluxio.security.user.information.executor.min.thread.number=1
- alluxio.security.user.information.executor.schedule.interval=1min
- alluxio.user.file.metadata.sync.limit=1000000
Property keys removed
- alluxio.master.persistence.checker.interval
- alluxio.master.persistence.initial.interval
- alluxio.master.persistence.max.interval
- alluxio.master.persistence.max.total.wait.time
- alluxio.master.persistence.scheduler.interval
- alluxio.user.file.replication.durable
- alluxio.user.file.ufs.tier.enabled
Property keys with modified default values
None
2.10.0-2.0
The Alluxio Enterprise 2.10.0-2.0 patch introduces bug fixes and improvements in the areas of metadata sync and graceful shutdown of worker process.
Changelog
- Fix a bug that creates 0 byte block file mistakenly
- Fix corrupted block causing reads to fail
- Fix s3 force path style
- Implement metadata sync V2
- Fix FileSystemMergeJournalContext related
- Make capacity command show worker state
- Support gracefully shutdown worker
- Improve proxy register functionality and command
2.10.0-1.0
We are thrilled to announce the release of Alluxio 2.10.0! This is the first release on the Alluxio 2.10.X line. This release introduces significant improvements in handling journal snapshots to reduce the duration of master failovers. Multiple improvements and fixes were also made for the S3 API, metadata sync, as well as the Kubernetes helm chart and operator.
Highlights
Journal snapshot
The embedded journal relies on the snapshot mechanism to keep each master’s journal from growing unbounded and to enable fast recovery on failovers and crashes. The implementation has been modified to increase generation and recovery performance by 95%. These changes will greatly contribute to decreasing the duration of master unresponsiveness in the case of a failover event. See the pull request for more details.
Proxy server refactor for improved S3 API
The proxy server now offers a beefier request handling framework, separating high vs low latency requests to resolve the noisy neighbor problem in flow control.
This refactor of the proxy server results in better control over various scenarios to allow Alluxio to respond more accurately according to the S3 API specification.
By decoupling the dependence on Jetty, there is more control on handling the I/O from ingress and egress through the HTTP connection.
The new version of the proxy server can be enabled by setting the property value alluxio.proxy.s3.v2.version.enabled
to be true
.
See the pull request for more information.
[EE] S3 API OIDC authentication integration with OPA
The proxy server will pass the OIDC token (JWT token) to OPA if the user sends the token as part of the S3 API request and OPA authorization is enabled in Alluxio. The user then can add logic in their OPA policy to utilize the JWT token to interface with authorization providers external to Alluxio. This feature enables the user to add or remove any fields in the JWT token without modifying Alluxio and validate the fields independently. See the documentation for more information.
[EE] K8s helm chart and operator enhancements
Different sets of configuration files for deploying Alluxio on Kubernetes are provided with helm charts. With the new sets of default configurations, the Alluxio cluster has better scalability and performance on certain analytical queries. Configurable pod status check is now enabled on the Kubernetes operator. Using built-in probes, Kubernetes will periodically check the health of the pods in the cluster.
Improvements and fixes
Notable configuration property updates
Property key | Old 2.9.0-1.0 value | New 2.10.0-1.0 values | PR |
---|---|---|---|
alluxio.job.request.batch.size | 20 | 1 | #16802 |
alluxio.master.filesystem.merge.inode.journals | true | false | EE only |
alluxio.master.journal.request.info.timeout | 20000 | 10000 | #16998 |
alluxio.proxy.s3.multipart.upload.cleaner.enabled | true | false | #16937 |
alluxio.underfs.eventual.consistency.retry.max.num | 20 | 0 | #16887 |
alluxio.user.file.create.ttl.action | DELETE | FREE | #17039 |
alluxio.worker.fuse.mount.options | direct_io | attr_timeout=600,entry_timeout=600 | #16579 |
Changelog since 2.9.3
Refer to previous release notes for recent open source releases:
Benchmark
Journal and Metastore
- Fix Rocksdb thread safety using refcount(no lock) (#17171) (9f152c)
- Enhance embedded journal checkpointing significantly (#16998) (8cbcbc)
Master
- Support cron timer to arrange the period heartbeat executor invoke time (#16900) (fd19fb)
- Avoid getting meta sync lock if no need (#17172) (875f3f)
S3 API and Proxy
- Enable bucket cache in v2 s3 proxy (#17022) (46270b)
- Fix CopyObject writetype and unclosed outstream in InitiateMPUpload (#17164) (01bfec)
CLI
- Skip ssh for localhost (#17167) (5f1704)
- Show master versions in fsadmin report command (#17177) (9a4e15)
- Support executing runTests on specific workers (#17170) (aee3c5)
- Fix the issue where runTest ignores arguments (#17068) (db9a76)
UFS
Worker
Enterprise changelog since 2.9.0-2.0
Refer to previous release notes for recent enterprise releases:
Changelog
- Add distributed copy command line (37418f61da)
- Fix shading for ByteBuddy (8d388061c5)
- Add region for AWS security token service client (5a33b7714b)
- Handle more methods from FSDataInputStream in ShimHdfsDataInputStream (7b348fcb35)
- Fix taking wrong metrics in collectUtilization command (e2fc04f916)
- Add collectUtilization command (c967539c57)
- Fix FileInfo tokenBag NPE (8cba187570)
- Add path based policy for PDDM (d9c92d348f)
- Turn off merge inode journals property (a7b8ae3133)