In secure mode, Ozone issues tokens to authorize each block (and container) access. Each token is signed by Ozone (OM or SCM) using its RSA private keys and verified by datanodes using a public key and certificate. With the RSA private key size of 2048, the sign operation is very costly and contributes more than 80% to the latency of read/write operations in Ozone Manager.
This feature branch contains the implementation to replace RSA token signing with symmetric keys and thus greatly boosts OM performance.
1. builds/intermittent test failures
The feature branch has introduced no additional flaky tests.
3. design, attached the docs
Design document can be found here (can be found in the epic JIRA).
4. s3 compatibility
This feature branch doesn't break any S3 feature.
5. docker-compose / acceptance tests
Block/container tokens are already tested well by the existing acceptance tests.
6. support of containers / Kubernetes:
No addition yet.
7. coverage/code quality:
8. build time
No significant change
9. possible incompatible changes/used feature flag:
There is no incompatible change introduced with this feature.
10. third party dependencies/licence changes:
No new dependency is added.