smengcl commented on a change in pull request #3047:
URL: https://github.com/apache/ozone/pull/3047#discussion_r801000983
##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.md
##########
@@ -71,20 +71,24 @@ will be completely transparent to the clients and end users.
There are two ways to create an encrypted bucket that can be accessed via S3
Gateway.
-####1. Create a bucket using shell under "/s3v" volume
+#### Option 1. Create a bucket using shell under "/s3v" volume
```bash
- ozone sh bucket create -k encKey /s3v/encryptedBucket
+ ozone sh bucket create -k encKey --layout=FILE_SYSTEM_OPTIMIZED
/s3v/encryptedbucket
```
-####2. Create a link to an encrypted bucket under "/s3v" volume
+
+#### Option 2. Create a link to an encrypted bucket under "/s3v" volume
```bash
- ozone sh bucket create -k encKey /vol/encryptedBucket
- ozone sh bucket link /vol/encryptedBucket /s3v/linkencryptedbucket
+ ozone sh bucket create -k encKey --layout=FILE_SYSTEM_OPTIMIZED
/vol/encryptedbucket
Review comment:
Good point. The default is `OBJECT_STORE` is unspecified, and completely
rejects HCFS access.
```bash
$ ozone fs -ls ofs://ozone1/tenant1/encrypted-bucket2/
-ls: Bucket: encrypted-bucket2 has layout: OBJECT_STORE, which does not
support file system semantics. Bucket Layout must be FILE_SYSTEM_OPTIMIZED or
LEGACY.
```
Note although `LEGACY` is listed above as an option, we no longer allow
creating bucket with those types in Ozone Shell anymore.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
