[GitHub] [ozone] smengcl commented on a change in pull request #3047: HDDS-6273. Amend doc SecuringTDE.md

Mon, 07 Feb 2022 11:47:29 -0800 


smengcl commented on a change in pull request #3047:
URL: https://github.com/apache/ozone/pull/3047#discussion_r801000983



##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.md
##########
@@ -71,20 +71,24 @@ will be completely transparent to the clients and end users.
 
 There are two ways to create an encrypted bucket that can be accessed via S3 
Gateway.
 
-####1. Create a bucket using shell under "/s3v" volume
+#### Option 1. Create a bucket using shell under "/s3v" volume
 
   ```bash
-  ozone sh bucket create -k encKey /s3v/encryptedBucket
+  ozone sh bucket create -k encKey --layout=FILE_SYSTEM_OPTIMIZED 
/s3v/encryptedbucket
   ```
-####2. Create a link to an encrypted bucket under "/s3v" volume
+
+#### Option 2. Create a link to an encrypted bucket under "/s3v" volume
 
   ```bash
-  ozone sh bucket create -k encKey /vol/encryptedBucket
-  ozone sh bucket link  /vol/encryptedBucket /s3v/linkencryptedbucket
+  ozone sh bucket create -k encKey --layout=FILE_SYSTEM_OPTIMIZED 
/vol/encryptedbucket

Review comment:
       Good point. The default is `OBJECT_STORE` if unspecified, which 
completely rejects HCFS access:
   
   ```bash
   $ ozone fs -ls ofs://ozone1/tenant1/encrypted-bucket2/
   -ls: Bucket: encrypted-bucket2 has layout: OBJECT_STORE, which does not 
support file system semantics. Bucket Layout must be FILE_SYSTEM_OPTIMIZED or 
LEGACY.
   ```
   
   ```bash
   $ ozone fs -ls o3fs://encrypted-bucket2.tenant1.ozone1/
   22/02/07 19:46:51 WARN fs.FileSystem: Failed to initialize fileystem 
o3fs://encrypted-bucket2.tenant1.ozone1/: java.lang.IllegalArgumentException: 
Bucket: encrypted-bucket2 has layout: OBJECT_STORE, which does not support file 
system semantics. Bucket Layout must be FILE_SYSTEM_OPTIMIZED or LEGACY.
   -ls: Bucket: encrypted-bucket2 has layout: OBJECT_STORE, which does not 
support file system semantics. Bucket Layout must be FILE_SYSTEM_OPTIMIZED or 
LEGACY.
   ```
   
   Note although `LEGACY` is listed above as an option, we no longer allow 
creating buckets of that type in Ozone Shell anymore:
   
   ```bash
   $ ozone sh bucket create -k encKey2 --layout=LEGACY 
/tenant1/encrypted-bucket3
   Invalid value for option '--layout': expected one of [FILE_SYSTEM_OPTIMIZED, 
OBJECT_STORE] (case-sensitive) but was 'LEGACY'
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org

Reply via email to