[0001]>>>>>>线程池与超时参数调优
# 一、问题现象与触发条件
# 1、页面报错现象
在 Ranger 中配置 Resource(例如 Hive 的 database/table)时,如果输入节奏较快,页面会弹出类似提示:
Resource lookup fail for current resource
现象特征
- 慢慢输入通常正常
- 连续快速输入(触发多次联想/下拉请求)更容易复现
- UI 侧看起来像“偶发”,日志侧通常会稳定出现 TimeoutException
# 2、典型复现场景
- 集群启用了 Kerberos
- Ranger 在做 Hive 资源联想时依赖 Hive JDBC(含 ZK serviceDiscovery)
- ZooKeeper / HiveServer2 存在轻微抖动或瞬时并发偏高
- Ranger Admin 侧 TimedExecutor 线程池较小,导致任务排队明显
# 二、日志定位:lookupResource TimeoutException
# 1、核心报错解读
日志里关键点主要是两行:
lookupResource(...) failedjava.util.concurrent.TimeoutException
意味着:Ranger Admin 在规定时间内没有拿到 lookup 的结果(可能是任务本身慢,也可能是排队时间过长导致“还没执行就超时”)。
# 2、完整日志(折叠)
点击展开:ranger-admin 完整报错日志
2026-01-16 13:01:37,783 [http-nio-6080-exec-7] ERROR [ServiceREST.java:1196] lookupResource(abc_hive, ResourceLookupContext={resourceName=database,userInput=aaaa,resources={database=[]}}) failed
java.util.concurrent.TimeoutException: null
at java.util.concurrent.FutureTask.get(FutureTask.java:205)
at org.apache.ranger.common.TimedExecutor.timedTask(TimedExecutor.java:90)
at org.apache.ranger.biz.ServiceMgr.lookupResource(ServiceMgr.java:139)
at org.apache.ranger.rest.ServiceREST.lookupResource(ServiceREST.java:1192)
at org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
at org.apache.ranger.rest.ServiceREST$$EnhancerBySpringCGLIB$$f1d41df4.lookupResource(<generated>)
at sun.reflect.GeneratedMethodAccessor254.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:582)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:212)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:156)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:181)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:156)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:337)
at org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter.doFilter(RangerSecurityContextFormationFilter.java:142)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter$ServletFilterHttpInteraction.proceed(RangerCSRFPreventionFilter.java:237)
at org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter.handleHttpInteraction(RangerCSRFPreventionFilter.java:179)
at org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter.doFilter(RangerCSRFPreventionFilter.java:192)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:384)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter.doFilter(RangerSSOAuthenticationFilter.java:283)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:166)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.session.ForceEagerSessionCreationFilter.doFilterInternal(ForceEagerSessionCreationFilter.java:45)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:181)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:156)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:494)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:682)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:639)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:932)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1695)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2026-01-16 13:01:37,784 [http-nio-6080-exec-7] INFO [RESTErrorUtil.java:64] Request failed. loginId=admin, logMessage=null
javax.ws.rs.WebApplicationException: null
at org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:57)
at org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:312)
at org.apache.ranger.rest.ServiceREST.lookupResource(ServiceREST.java:1198)
...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# 三、根因分析:TimedExecutor 排队 + Hive/ZK 链路耗时
# 1、调用链路一眼看懂
从堆栈可以直接定位到关键链路:
ServiceREST.lookupResource(...)ServiceMgr.lookupResource(...)TimedExecutor.timedTask(...)FutureTask.get(...)→ 超时抛出TimeoutException
结论
这个问题不是“UI 输入框本身坏了”,而是 Ranger Admin 的 lookup 任务在超时窗口内没有返回。 超时可能来自两类叠加:下游慢 + 任务排队。
# 2、为什么“输快了就炸”
快速输入会触发高频 lookup 请求,Ranger Admin 同时要做的事情通常包括:
| 触发项 | 发生了什么 | 影响点 |
|---|---|---|
| 高频请求 | UI 每次输入变更都会触发联想 | 并发瞬时拉高 |
| TimedExecutor 线程池偏小 | lookup/validate 等任务需要线程执行 | 队列排队时间变长 |
| Hive JDBC + ZK serviceDiscovery | 需要读取 /hiveserver2 namespace 并建立连接 | 链路一抖动就变慢 |
| Kerberos 链路开销 | 认证、票据、服务端响应慢时更明显 | 容易顶到超时上限 |
风险提醒
- 线程池盲目拉大,会把并发压力“原样”推到 HiveServer2/ZK
- 正确做法通常是:适度增大线程池 + 提高超时窗口,再结合 HS2 承载能力观察效果
# 四、优化方案一:在 Ambari Stack 暴露参数(源码级改造)
# 1、修改文件路径
新增配置项(Ambari Stack):
ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/RANGER/configuration/ranger-admin-site.xml
# 2、新增三项关键参数(示例)
<property>
<name>ranger.resource.lookup.timeout.value.in.ms</name>
<value>60000</value>
<display-name>Ranger Resource Lookup Timeout (ms)</display-name>
<description>
【TTBigdata 定制】Ranger Admin 进行资源联想/下拉检索(lookupResource)时的超时时间(毫秒)。
典型现象:在 Ranger Web 页面输入数据库/表名时,慢慢输正常,输快了就出现:
- lookupResource(...) failed
- java.util.concurrent.TimeoutException
原因:快速输入会触发高频 lookup 请求,Ranger 需要通过 Hive JDBC(ZK serviceDiscovery)
去读取 /hiveserver2 namespace 并建立到 HiveServer2 的连接;当并发升高或 ZK/HS2 偶发抖动时,
请求排队时间 + 连接耗时 > 默认超时,就会超时失败。
推荐设置:
- 小集群/环境稳定:30000
- 网络/认证链路偶发慢(Kerberos + ZK):60000
说明:该值越大,单次 lookup 容忍的等待时间越长,但也会让“真的卡住”的请求更晚返回。
</description>
<value-attributes>
<type>int</type>
<overridable>true</overridable>
<minimum>1000</minimum>
</value-attributes>
<on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.validate.config.timeout.value.in.ms</name>
<value>60000</value>
<display-name>Ranger Validate Config Timeout (ms)</display-name>
<description>
【TTBigdata 定制】Ranger Admin 在创建/编辑 Service 时执行 “Test Connection / Validate”
的超时时间(毫秒)。
该校验同样依赖后端连通性(Kerberos/JDBC/ZooKeeper/服务端口等)。
若出现 Validate/Test Connection 偶发超时,可适当调大。
推荐设置:
- 默认建议:30000
- 环境抖动明显:60000
</description>
<value-attributes>
<type>int</type>
<overridable>true</overridable>
<minimum>1000</minimum>
</value-attributes>
<on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.timed.executor.max.threadpool.size</name>
<value>50</value>
<display-name>TimedExecutor Max ThreadPool Size</display-name>
<description>
【TTBigdata 定制】Ranger Admin 内部 TimedExecutor 线程池最大线程数。
该线程池用于执行 lookup/validate 等带超时的后台任务。
典型现象:Ranger UI 输入较快时,请求并发激增,TimedExecutor 线程池过小会导致:
- 任务排队等待
- 等到超时时间到了还没轮到执行
- 最终表现为 lookupResource TimeoutException(“输快了就炸”)
推荐设置(按机器资源 HiveServer2 承载能力调整):
- 小环境:30 ~ 50(推荐先 50)
- 中等环境:80 ~ 150
注意:
- 线程池越大,并发越高,对 HiveServer2/ZK 压力越大;
- 如果 HS2 本身较弱,盲目拉大可能造成 HS2 更慢,反而更容易超时。
建议做法:先把本项提高到 50,同时把 lookup timeout 调到 30000/60000,再观察超时是否消失。
</description>
<value-attributes>
<type>int</type>
<overridable>true</overridable>
<minimum>1</minimum>
</value-attributes>
<on-ambari-upgrade add="true"/>
</property>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Make sure to add code blocks to your code group
# 3、编译发布与生效方式
- 重新编译并替换对应的 Ambari Server(或打包发布)
- 确保 Ranger Service 的配置页面出现新增项
- 修改参数并保存后 重启 Ranger Admin
注意
如果只改了 ranger-admin-site.xml 但没有让 Ambari Server 侧的 Stack 生效(例如没有替换部署),页面不会出现新增项。
# 五、优化方案二:不编译源码,直接用 custom ranger-admin-site 覆盖
# 1、在 Ambari 增加自定义项
如果不想走源码编译路线,也可以在 Ambari 的 custom ranger-admin-site 里直接新增三项配置并赋值。
建议做法
- 先加
ranger.resource.lookup.timeout.value.in.ms和ranger.timed.executor.max.threadpool.size - 再根据 Validate/Test Connection 的表现决定是否加
ranger.validate.config.timeout.value.in.ms
# 2、推荐参数值(可直接抄)
| 场景 | lookup 超时(ms) | validate 超时(ms) | TimedExecutor 线程池上限 |
|---|---|---|---|
| 小集群/链路稳定 | 30000 | 30000 | 30 ~ 50 |
| Kerberos + ZK 偶发慢 | 60000 | 60000 | 50(先从 50 起) |
| 中等规模/并发偏高 | 60000 | 60000 | 80 ~ 150(结合 HS2 承载) |
调参顺序
1)先把线程池提到 50 2)再把 lookup 超时从默认值调到 30000/60000 3)最后观察 HS2/ZK 压力与 Ranger 响应时间,再决定是否继续增大
# 3、重启与验证
配置保存后,重启 Ranger,再回到页面快速输入资源名验证:
验证要点
- UI 不再弹出 “Resource lookup fail for current resource”
- ranger-admin 日志中
lookupResource(...) failed+TimeoutException明显减少或消失
- 01
- Ambari-Web-3.0.0本地启动与二开环境搭建01-28
- 02
- 左侧 Service 数量控制原理与实现01-28
- 03
- [22212]Ambari 3.0.0 左侧服务菜单滚动条缺失修复01-28