[GitHub] [ozone] xiaoyuyao commented on a change in pull request #2043: HDDS-4978. Ozone services should be disabled in SCM HA enabled and security enabled cluster

[GitBox <gi...@apache.org>]

xiaoyuyao commented on a change in pull request #2043:
URL: https://github.com/apache/ozone/pull/2043#discussion_r594520841



##########
File path: hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/Gateway.java
##########
@@ -54,6 +56,7 @@ public Void call() throws Exception {
     TracingUtil.initTracing("S3gateway", ozoneConfiguration);
     OzoneConfigurationHolder.setConfiguration(ozoneConfiguration);
     UserGroupInformation.setConfiguration(ozoneConfiguration);
+    checkSecurityAndSCMHAEnabled(ozoneConfiguration);

Review comment:
       S3G does not talk to SCM directly? We can skip the check here.

##########
File path: hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java
##########
@@ -308,4 +311,15 @@ public static boolean isAccessControlException(Exception ex) {
     }
     return false;
   }
+
+  public static void checkSecurityAndSCMHAEnabled(OzoneConfiguration conf) {
+    if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
+      List<SCMNodeInfo> scmNodeInfo = SCMNodeInfo.buildNodeInfo(conf);
+      if (scmNodeInfo.size() > 1) {
+        System.out.println("Ozone Services cannot be started on a secure SCM " +

Review comment:
       Should we print to System.err?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org