[GitHub] [ozone] kerneltime commented on a diff in pull request #5068: HDDS-9020. Datanodes fails to start up when secret key has not yet been initialized in SCM.

Fri, 14 Jul 2023 17:33:56 -0700 


kerneltime commented on code in PR #5068:
URL: https://github.com/apache/ozone/pull/5068#discussion_r1264261226


##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/symmetric/DefaultSecretKeySignerClient.java:
##########
@@ -68,13 +74,46 @@ public void refetchSecretKey() {
 
   @Override
   public void start(ConfigurationSource conf) throws IOException {
-    final ManagedSecretKey initialKey =
-        secretKeyProtocol.getCurrentSecretKey();
+    final ManagedSecretKey initialKey = loadInitialSecretKey();
+
     LOG.info("Initial secret key fetched from SCM: {}.", initialKey);
     cache.set(initialKey);
     scheduleSecretKeyPoller(conf, initialKey.getCreationTime());
   }
 
+  private ManagedSecretKey loadInitialSecretKey() throws IOException {
+    // Load initial active secret key from SCM, retries with exponential
+    // backoff when SCM has not initialized secret keys yet.
+
+    // Exponential backoff policy, 10 retries/1s will give maximum wait time
+    // around 10 min (2^9 = 512s).
+    int maxRetries = 10;

Review Comment:
   Process state != initialized. Datanode can be up indefinitely in a secure 
cluster for SCM to be initialized to return the secret keys, but the process 
need not stop.



##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/symmetric/DefaultSecretKeySignerClient.java:
##########
@@ -68,13 +74,46 @@ public void refetchSecretKey() {
 
   @Override
   public void start(ConfigurationSource conf) throws IOException {
-    final ManagedSecretKey initialKey =
-        secretKeyProtocol.getCurrentSecretKey();
+    final ManagedSecretKey initialKey = loadInitialSecretKey();

Review Comment:
   What should happen if block tokens are not enabled? Maybe Datanode should 
not wait for SCM to start up.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to