Galsza commented on code in PR #4681: URL: https://github.com/apache/ozone/pull/4681#discussion_r1189495830
########## hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config: ########## @@ -41,6 +41,12 @@ OZONE-SITE.XML_ozone.scm.client.address=scm OZONE-SITE.XML_hdds.block.token.enabled=true OZONE-SITE.XML_hdds.container.token.enabled=true OZONE-SITE.XML_hdds.grpc.tls.enabled=true + +OZONE-SITE.XML_hdds.x509.default.duration=PT40s +OZONE-SITE.XML_hdds.x509.renew.grace.duration=PT30s +OZONE-SITE.XML_hdds.block.token.expiry.time=15s +OZONE-SITE.XML_ozone.manager.delegation.token.max-lifetime=15s Review Comment: It does not matter directly, but we have a sanity check in [StorageContainerManager](https://github.com/apache/ozone/blob/e8fb1744e63b0f87379f7cb0eb1cb8a98520bd95/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java#L951) checking if the block token expiry time is shorter than the certificate renew grace duration, therefore we need to also change it here. I'm not sure how to avoid flakiness here other than increasing the token expiry time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
