xBis7 opened a new pull request, #3948: URL: https://github.com/apache/ozone/pull/3948
## What changes were proposed in this pull request? In a secure cluster, if `ozone.metadata.dirs` are not specified then SCM will fallback to `hdds.datanode.dir` and will end up storing its certificates under the datanode path. It's preferable to let the system crash, rather than storing scm data under the datanode disk. Also, the datanodes crash if `ozone.metadata.dirs` aren't specified, so it makes sense to not have a fallback. from `master` under `compose/ozonesecure`, edit `docker-config` ``` # OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata OZONE-SITE.XML_ozone.om.ratis.storage.dir=/data/om/ratis OZONE-SITE.XML_ozone.om.db.dirs=/data/om/db OZONE-SITE.XML_ozone.om.ratis.snapshot.dir=/data/om/ratis-snap OZONE-SITE.XML_ozone.scm.ha.ratis.storage.dir=/data/scm/ratis OZONE-SITE.XML_ozone.scm.db.dirs=/data/scm/db OZONE-SITE.XML_ozone.recon.db.dir=/data/recon/db OZONE-SITE.XML_ozone.recon.om.db.dir=/data/recon/om-db OZONE-SITE.XML_ozone.recon.scm.db.dirs=/data/recon/scm-db OZONE-SITE.XML_dfs.container.ratis.datanode.storage.dir=/data/dn/ratis ... ... OZONE-SITE.XML_hdds.datanode.dir=/data/hdds ``` connect to scm and check files under `/data/hdds` ``` > docker-compose up --scale datanode=3 -d > docker exec -it ozonesecure_scm_1 bash bash-4.2$ ls -lah /data/hdds/scm/sub-ca/certs total 20K drwxr-xr-x 2 hadoop hadoop 4.0K Nov 10 19:03 . drwxr-xr-x 4 hadoop hadoop 4.0K Nov 10 19:03 .. -rwx------ 1 hadoop hadoop 1.3K Nov 10 19:03 36633700951438.crt -rwx------ 1 hadoop hadoop 1.3K Nov 10 19:03 CA-1.crt -rwx------ 1 hadoop hadoop 1.3K Nov 10 19:03 certificate.crt ``` ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-7476 ## How was this patch tested? This patch was tested manually in a docker cluster. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
