[
https://issues.apache.org/jira/browse/HDDS-7454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17635451#comment-17635451
]
Sumit Agrawal commented on HDDS-7454:
-------------------------------------
*[~pifta] [~NeilJoshi]*
*Current flow:*
Client --getBock --> OM -- allocateBlock --> SCM This gets open container of
pipeline
<----- <-- container block <-- and return pipeline
related DNs
pipeline, DNs
Client --put blocks---> DN
client -- commit -----> OM
DN --ICR/FCR----> SCM (ICR only if new container, FCR every 1 hour)
*If SCM trigger deleteBlock?*
1. Need +add ICR+ for blocks addition (New ICR) reported in next heart beat
(30sec delay) for every block ... +add a lot of load on SCM+
2. SCM can give command to delete block as event,
3) At DN it {+}marks block for deletion with delay{+}, But does not stop
writting to block
*If SCM returns Failure to client for commit Block?*
1. commitBlocks need add call from +OM to SCM to verify+ correctness of block
written
2. SCM need +wait for 1 minute or more to get update from DN+ -- This will
delay commit and more failure due to load on SCM
*So currently there is no proper solution in existing design, even we try to
restrict using SCM.*
*Additionally Security requirement,*
- *Token is added for security, i.e. authorization* of resources Client can
access. Here, pipeline and DNs are part of resources. But we are not verifying
this.
- Impact is high as can cause write to multiple DNs and can cause above issues
for disk filling up.
So Security will not satisfy as having high impact for resource access not
verified.
> OM to DN token verification should include Pipeline
> ---------------------------------------------------
>
> Key: HDDS-7454
> URL: https://issues.apache.org/jira/browse/HDDS-7454
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Sumit Agrawal
> Assignee: Sumit Agrawal
> Priority: Minor
> Labels: pull-request-available
>
> Client will request for block information to be used to write data, In this
> process,
> - OM call allocateBlock to SCM, SCM will provide block information, pipeline
> and related DN
> - OM also create token (when security enabled) with block information
> - Client will pass this information to DN
> - DN will verify token for block information and start write block
> Here, pipeline information is not verified for which request is created. As
> security, this also needs to be verified.
> Pipeline and DN mapping is shared to DN which Pipeline command from SCM to
> DNs, CreatePipelineCommand
> Impact (If client is not trustable):
> 1. Client can forward request with token to different DN with different
> pipeline information.
> So DN since do not have information about SMC mapping of container to
> pipeline, that DN can start operating over that.
> Having pipeline in token verification, it will ensure,
> - block write is done with correct pipeline (DNs)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
