You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Xiaoyu Yao (Jira)" <ji...@apache.org> on 2020/10/23 16:58:00 UTC

[jira] [Created] (HDDS-4390) Change ozone.om.db.dirs may fail OM start when security is enabled.

Xiaoyu Yao created HDDS-4390:
--------------------------------

             Summary: Change ozone.om.db.dirs may fail OM start when security is enabled.  
                 Key: HDDS-4390
                 URL: https://issues.apache.org/jira/browse/HDDS-4390
             Project: Hadoop Distributed Data Store
          Issue Type: Improvement
    Affects Versions: 1.0.0
            Reporter: Xiaoyu Yao
            Assignee: Xiaoyu Yao


When security is enabled, Ozone Manager has two metadata directories

1. *ozone.om.db.dirs*(optional) : If defined, Ozone Manager saves metadata rocks DB and a VERSION file (cluster information, om certificate serial id when security is enabled)

ozone.om.db.dirs=/var/lib/hadoop-ozone/om/data

2. *ozone.metadata.dirs*(required): Ozone Manager security metadata dir (key/certs)

ozone.metadata.dirs=/var/lib/hadoop-ozone/om/ozone-metadata/

 If directory 1 with VERSION file is deleted but directory 2 was not, the mismatch between om certificate serial id from VERSION file and certs from directory 2 will be inconsist, which fails the OM start like below. This ticket is opened to address the problem like this. 



{code:java}
2020-10-20 10:17:21,846 ERROR org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient: Default certificate serial id is not set. Can't locate the default certificate for this client.
2020-10-20 10:17:21,846 INFO org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient: Certificate client init case: 6
2020-10-20 10:17:21,849 INFO org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient: Found private and public key but certificate is missing.
{code}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org