this changes not just for k8s, right?

Hi @felixcheung
It's the executor used for kubernetes but It canbe called for different resource managers.
I Labeled it as K8s because it also modifies the docker images used in k8s. Not sure what would be the best component. For instance YarnCoarseGrainedExecutorBackend extends this class.

yes, that's what I mean. in case of shared class, the PR should tag all of them

Hi @felixcheung
Then this patch belongs to core and Kubernetes due to the java property in the docker image. Looking at https://spark-prs.appspot.com/ for the categories.

Hi @felixcheung any feedback?

Actually If we don't add the conditions int the for loop, it will try to get many connections, even if they are succeeding, so I fixed the other way.

Oops @jlpedrosa I meant to retain the condition in the loop, but otherwise I find the code right above simpler. However I like retaining the original exception. Just please pay attention to the style. driver = indent is off and needs to say if (i == nTries - 1)

@srowen
Fixed the indentation. Please double check.

It looks the same; did you push?

@srowen I think it's in the right place, I'm rewriting history to clean the multiple commits. I think it is in the right place...

It would be more flexible if that could be set along with networkaddress.cache.ttl via an env variable from within the entrypoint script. This way it would be configurable.
Cannot this be set via the extraJavaOptions config option of the driver or the executor using -Djava.security.networkaddress.cache.negative.ttl=value?

As I read in the docs, no those values can't be overriden via properties. It can be just replaced the whole file.
https://stackoverflow.com/questions/4521119/java-argument-to-specify-java-security-file-for-jvm
You can use this code to test.

import java.security.Security;

public class HelloWorld {

    public static void main(String[] args) {
       String prop = Security.getProperty("networkaddress.cache.negative.ttl");
       System.out.println("java.security.networkaddress.cache.negative.ttl: " + prop);
    }
}

@jlpedrosa @srowen I still find it better to be able to load your own file eg. via java.security.properties. I dont really agree with this being hardcoded, at I least I would add it to the entrypoint script and do the sed there so it is configurable.
Btw user may want to add a file to the image where he overrides the sec properties as follows:

java   -Djava.security.properties=./properties.sec HelloWorld
java.security.networkaddress.cache.negative.ttl: 12
$ cat properties.sec 
networkaddress.cache.negative.ttl=12

I find the latter more clean.

I don't think we disable negative resolution caching anywhere. It has a potential negative impact, though, don't know if on the whole it's right. I'd leave it out of this otherwise minor change.

But, isn't the property just networkaddress.cache.negative.ttl?
https://docs.oracle.com/javase/8/docs/api/java/net/InetAddress.html
At least that should be settable as a simple system property. Not sure if it's indeed different when trying to go this route.

Hi @srowen @skonto
The problem with Java and negative resolution is the moment you have ANY timeout in DNS resolution, you'll never be able to resolve that name. Which in some Kubernetes scenarios happens (pods network taking time to get fully operational). Basically no matter how many retries it will never work if you have a timeout.

Hi @jlpedrosa I voted for making it configurable and extendable ;) Should we also make a note of this eg. docs? Let's see what @srowen has to say and has the final call.

I just wouldn't make this change here.

Hi @srowen,
Ok, then you'd you be ok to do the approach proposed by @skonto and have it as config option in the entrypoint script for the docker image?

I'm neutral on that. It seems like a non-trivial change to the whole JVM to work around an env-specific DNS issue.

Hi @srowen @skonto

I've added the option as you considered it was acceptable. Please have a look and let me know what you think. This at least would enable to set it up via spark operator, but I can open a different PR if you want that I modify the code to manage that env variable in the scala side as a managed option for 2.4. In 3.0 it can be handled via pod templates, have not tested it, but I think all scala is doing append variables, so defining that variable in a template could enable it

I don't think we disable negative resolution caching anywhere. It has a potential negative impact, though, don't know if on the whole it's right. I'd leave it out of this otherwise minor change.

But, isn't the property just networkaddress.cache.negative.ttl?
https://docs.oracle.com/javase/8/docs/api/java/net/InetAddress.html
At least that should be settable as a simple system property. Not sure if it's indeed different when trying to go this route.

Oops @jlpedrosa I meant to retain the condition in the loop, but otherwise I find the code right above simpler. However I like retaining the original exception. Just please pay attention to the style. driver = indent is off and needs to say if (i == nTries - 1)

I just wouldn't make this change here.

Nit: -1 => - 1 (I think this might fail the style checker)

Hi @srowen Ah, Ok. Didn't saw that space, if there's a way to run the style checker would be excelent! I followed the official docs but that tried to refactor hundreds of files. I've pushed the change you requested.

Run ./dev/lint-scala to just run the checks

The indent is too deep; can it just do on the previous line? if not continuation indent is at most 4 spaces

Hi @srowen
I thought the line length was limited too. Pushed the fix.

Again, I just wouldn't do this here. It's pretty unrelated. I am neutral on adding another flag for this. You're really working around a pretty specific failure mode here on the JVM side.

@srowen @skonto
I am afraid I am not following you. @skonto pointed out that he preferred the fix instead on Docker file, in the entrypoint.sh script with a configurable variable (which is also specific for k8s) so this is what this patch has. As you said "I wouldn't do this here" I though you also meant the Dockerfile and you agreed.

So I am not sure what do you mean by "wouldn't do this here", where is here and where is the place where you want it?

I mean that a) I'm not sure we should make this change but if we do, it's b) not directly related to the JIRA/PR purpose, which is just to introduce retries. I think you're saying there is not much point in retrying unless this change happens too?

hi @srowen

Now I understand what you mean, "here" means this PR or jira ticket (please correct me if I miss understood you). Then no worries, I'll keep the retries only in this one and then start a new PR/Jira process to discuss the DNS, and see what and where we can do.
In my opinion retries make sense, avoid rescheduling something for a transient error that is recoverable is helpful, this is not multi layered system so it can't storm out.

I've re-written history into a single commit to make it cleaner.

JL

Arg, the line is too long and fails Java style checks. I'll fix. I don't see why the last test run didn't catch it ... the 'does not merge' message isn't related.