Xiaoyu Yao created HDDS-4390:
--------------------------------
Summary: Change ozone.om.db.dirs may fail OM start when security
is enabled.
Key: HDDS-4390
URL: https://issues.apache.org/jira/browse/HDDS-4390
Project: Hadoop Distributed Data Store
Issue Type: Improvement
Affects Versions: 1.0.0
Reporter: Xiaoyu Yao
Assignee: Xiaoyu Yao
When security is enabled, Ozone Manager has two metadata directories
1. *ozone.om.db.dirs*(optional) : If defined, Ozone Manager saves metadata
rocks DB and a VERSION file (cluster information, om certificate serial id when
security is enabled)
ozone.om.db.dirs=/var/lib/hadoop-ozone/om/data
2. *ozone.metadata.dirs*(required): Ozone Manager security metadata dir
(key/certs)
ozone.metadata.dirs=/var/lib/hadoop-ozone/om/ozone-metadata/
If directory 1 with VERSION file is deleted but directory 2 was not, the
mismatch between om certificate serial id from VERSION file and certs from
directory 2 will be inconsist, which fails the OM start like below. This ticket
is opened to address the problem like this.
{code:java}
2020-10-20 10:17:21,846 ERROR
org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient:
Default certificate serial id is not set. Can't locate the default certificate
for this client.
2020-10-20 10:17:21,846 INFO
org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient:
Certificate client init case: 6
2020-10-20 10:17:21,849 INFO
org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient:
Found private and public key but certificate is missing.
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: ozone-issues-h...@hadoop.apache.org
