[
https://issues.apache.org/jira/browse/HDDS-9366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771192#comment-17771192
]
Ritesh Shukla commented on HDDS-9366:
-------------------------------------
I think this needs to be split into multiple jiras.
1. OM should check ACL before submitting a request to quorum (in HA mode) and
OM follower should not check ACL.
2. Datanode for write chunk and put block API should validate token only once
on the leader.
> Only the Ratis leader DataNode should verify ACL and block token
> -----------------------------------------------------------------
>
> Key: HDDS-9366
> URL: https://issues.apache.org/jira/browse/HDDS-9366
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Assignee: Duong
> Priority: Major
>
> Today the DataNode perform ACL check and block token verification on each
> DataNodes.
>
> This is wrong, as DataNode can diverge in state. Only leader DN should decide
> to accept a request or not. I have seen a case where the follower reject a
> request because its block token expired, but the leader accepted the request.
> State diverged.
>
> cc: [~szetszwo] [~duongnguyen] [~ritesh]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
