You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ozone.apache.org by Maxim Myskov <ma...@gmail.com> on 2022/04/25 09:49:43 UTC
[DISCUSS] HDDS-6634 datanode doesn't check cluster identity in runtime
Hi all,
I would like to discuss https://issues.apache.org/jira/browse/HDDS-6634 <https://issues.apache.org/jira/browse/HDDS-6634>.
During our internal Ozone testing, we noticed that a datanode can be connected to another cluster (not the one the datanode had been initialized with). Although the conditions needed for issue reproduction are rather special (new SCM must have the same IP as the old one), theoretically there might be cases (like DNS spoofing) to hit it in a production environment. The idea of SCM processing another cluster's datanode reports seems catastrophic to me.
Re: [DISCUSS] HDDS-6634 datanode doesn't check cluster identity in runtime
Posted by Maxim Myskov <ma...@gmail.com>.
Thanks for replying.
SCM is not moved anywhere. Let’s say we have a cluster A (datanode A, SCM A). Then we turn off master nodes of cluster A (note, that datanode A is still running) and bootstrap a new cluster B with an SCM B to be on the same IP address as SCM A was. And now we have SCM B that processes reports from datanode A.
> On 25 Apr 2022, at 19:25, Mukul Kumar Singh <mk...@gmail.com> wrote:
>
> Thanks for reporting the issue.
>
> The Datanodes can only contact the SCM with the same cluster ID. while moving the SCM, the metadata directories were also copied as well?
>
> Thanks,
>
> Mukul
>
> On 25/04/22 3:19 pm, Maxim Myskov wrote:
>> Hi all,
>> I would like to discuss https://issues.apache.org/jira/browse/HDDS-6634 <https://issues.apache.org/jira/browse/HDDS-6634>.
>> During our internal Ozone testing, we noticed that a datanode can be connected to another cluster (not the one the datanode had been initialized with). Although the conditions needed for issue reproduction are rather special (new SCM must have the same IP as the old one), theoretically there might be cases (like DNS spoofing) to hit it in a production environment. The idea of SCM processing another cluster's datanode reports seems catastrophic to me.
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ozone.apache.org
> For additional commands, e-mail: dev-help@ozone.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ozone.apache.org
For additional commands, e-mail: dev-help@ozone.apache.org
Re: [DISCUSS] HDDS-6634 datanode doesn't check cluster identity in runtime
Posted by Mukul Kumar Singh <mk...@gmail.com>.
Thanks for reporting the issue.
The Datanodes can only contact the SCM with the same cluster ID. while
moving the SCM, the metadata directories were also copied as well?
Thanks,
Mukul
On 25/04/22 3:19 pm, Maxim Myskov wrote:
> Hi all,
> I would like to discuss https://issues.apache.org/jira/browse/HDDS-6634 <https://issues.apache.org/jira/browse/HDDS-6634>.
> During our internal Ozone testing, we noticed that a datanode can be connected to another cluster (not the one the datanode had been initialized with). Although the conditions needed for issue reproduction are rather special (new SCM must have the same IP as the old one), theoretically there might be cases (like DNS spoofing) to hit it in a production environment. The idea of SCM processing another cluster's datanode reports seems catastrophic to me.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ozone.apache.org
For additional commands, e-mail: dev-help@ozone.apache.org