HDDS-1462. Fix content and format of Ozone documentation. Contributed by Elek, Marton. (#767)
This commit is contained in:
parent
5bca062d0e
commit
59816dff94
@ -2,8 +2,8 @@
|
||||
title: Bucket Commands
|
||||
menu:
|
||||
main:
|
||||
parent: Client
|
||||
weight: 3
|
||||
parent: OzoneShell
|
||||
weight: 2
|
||||
---
|
||||
<!---
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
|
@ -35,12 +35,11 @@ the ozone build command. This instruction assumes that you have all the
|
||||
dependencies to build Hadoop on your build machine. If you need instructions
|
||||
on how to build Hadoop, please look at the Apache Hadoop Website.
|
||||
|
||||
{{< highlight bash >}}
|
||||
mvn clean package -DskipTests=true -Dmaven.javadoc.skip=true -Phdds -Pdist -Dtar -DskipShade
|
||||
{{< /highlight >}}
|
||||
```bash
|
||||
mvn -f pom.ozone.xml clean package -DskipTests=true
|
||||
```
|
||||
|
||||
|
||||
This will build an ozone-\<version\>.tar.gz in your target directory.
|
||||
This will build an ozone-\<version\>.tar.gz in your `hadoop-ozone/dist/target` directory.
|
||||
|
||||
You can copy this tarball and use this instead of binary artifacts that are
|
||||
provided along with the official release.
|
||||
@ -48,7 +47,20 @@ provided along with the official release.
|
||||
## How to test the build
|
||||
You can run the acceptance tests in the hadoop-ozone directory to make sure
|
||||
that your build is functional. To launch the acceptance tests, please follow
|
||||
the instructions in the **README.md** in the
|
||||
```$hadoop_src/hadoop-ozone/acceptance-test``` directory. Acceptance tests
|
||||
the instructions in the **README.md** in the `smoketest` directory.
|
||||
|
||||
```bash
|
||||
cd smoketest
|
||||
./test.sh
|
||||
```
|
||||
|
||||
You can also execute only a minimal subset of the tests:
|
||||
|
||||
```bash
|
||||
cd smoketest
|
||||
./test.sh --env ozone basic
|
||||
```
|
||||
|
||||
Acceptance tests
|
||||
will start a small ozone cluster and verify that ozone shell and ozone file
|
||||
system is fully functional.
|
@ -4,6 +4,7 @@ menu:
|
||||
main:
|
||||
parent: Client
|
||||
weight: 1
|
||||
identifier: OzoneShell
|
||||
---
|
||||
<!---
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
|
@ -2,7 +2,7 @@
|
||||
title: Key Commands
|
||||
menu:
|
||||
main:
|
||||
parent: Client
|
||||
parent: OzoneShell
|
||||
weight: 3
|
||||
---
|
||||
<!---
|
||||
|
@ -87,18 +87,41 @@ hdfs dfs -ls o3fs://bucket.volume.om-host.example.com:5678/key
|
||||
{{< /highlight >}}
|
||||
|
||||
|
||||
## Legacy mode
|
||||
## Supporting older Hadoop version (Legacy jar, BasicOzoneFilesystem)
|
||||
|
||||
There are two ozonefs files which includes all the dependencies:
|
||||
There are two ozonefs files, both of them include all the dependencies:
|
||||
|
||||
* share/ozone/lib/hadoop-ozone-filesystem-lib-current-VERSION.jar
|
||||
* share/ozone/lib/hadoop-ozone-filesystem-lib-legacy-VERSION.jar
|
||||
|
||||
The first one contains all the required dependency to use ozonefs with a
|
||||
compatible hadoop version (hadoop 3.2 / 3.1).
|
||||
The first one contains all the required dependency to use ozonefs with a
|
||||
compatible hadoop version (hadoop 3.2).
|
||||
|
||||
The second one contains all the dependency in an internal, separated directory,
|
||||
The second one contains all the dependency in an internal, separated directory,
|
||||
and a special class loader is used to load all the classes from the location.
|
||||
|
||||
With this method the hadoop-ozone-filesystem-lib-legacy.jar can be used from
|
||||
any older hadoop version (eg. hadoop 3.1, hadoop 2.7 or spark+hadoop 2.7)
|
||||
|
||||
Similar to the dependency jar, there are two OzoneFileSystem implementation.
|
||||
|
||||
For hadoop 3.0 and newer, you can use `org.apache.hadoop.fs.ozone.OzoneFileSystem`
|
||||
which is a full implementation of the Hadoop compatible File System API.
|
||||
|
||||
For Hadoop 2.x you should use the Basic version: `org.apache.hadoop.fs.ozone.BasicOzoneFileSystem`.
|
||||
|
||||
This is the same implementation but doesn't include the features/dependencies which are added with
|
||||
Hadoop 3.0. (eg. FS statistics, encryption zones).
|
||||
|
||||
### Summary
|
||||
|
||||
The following table summarize which jar files and implementation should be used:
|
||||
|
||||
Hadoop version | Required jar | OzoneFileSystem implementation
|
||||
---------------|-------------------------|----------------------------------------------------
|
||||
3.2 | filesystem-lib-current | org.apache.hadoop.fs.ozone.OzoneFileSystem
|
||||
3.1 | filesystem-lib-legacy | org.apache.hadoop.fs.ozone.OzoneFileSystem
|
||||
2.9 | filesystem-lib-legacy | org.apache.hadoop.fs.ozone.BasicOzoneFileSystem
|
||||
2.7 | filesystem-lib-legacy | org.apache.hadoop.fs.ozone.BasicOzoneFileSystem
|
||||
With this method the hadoop-ozone-filesystem-lib-legacy.jar can be used from
|
||||
any older hadoop version (eg. hadoop 2.7 or spark+hadoop 2.7)
|
||||
|
@ -32,6 +32,7 @@ Starting with badlands release (ozone-0.4.0-alpha) ozone cluster can be secured
|
||||
4. Transparent Data Encryption (TDE)
|
||||
|
||||
## Authentication ##
|
||||
|
||||
### Kerberos ###
|
||||
Similar to hadoop, Ozone allows kerberos-based authentication. So one way to setup identities for all the daemons and clients is to create kerberos keytabs and configure it like any other service in hadoop.
|
||||
|
||||
@ -39,53 +40,71 @@ Similar to hadoop, Ozone allows kerberos-based authentication. So one way to set
|
||||
Tokens are widely used in Hadoop to achieve lightweight authentication without compromising on security. Main motivation for using tokens inside Ozone is to prevent the unauthorized access while keeping the protocol lightweight and without sharing secret over the wire. Ozone utilizes three types of token:
|
||||
|
||||
#### Delegation token ####
|
||||
|
||||
Once client establishes their identity via kerberos they can request a delegation token from OzoneManager. This token can be used by a client to prove its identity until the token expires. Like Hadoop delegation tokens, an Ozone delegation token has 3 important fields:
|
||||
|
||||
Renewer: User responsible for renewing the token.
|
||||
Issue date: Time at which token was issued.
|
||||
Max date: Time after which token can’t be renewed.
|
||||
1. **Renewer**: User responsible for renewing the token.
|
||||
2. **Issue date**: Time at which token was issued.
|
||||
3. **Max date**: Time after which token can’t be renewed.
|
||||
|
||||
Token operations like get, renew and cancel can only be performed over an Kerberos authenticated connection. Clients can use delegation token to establish connection with OzoneManager and perform any file system/object store related operations like, listing the objects in a bucket or creating a volume etc.
|
||||
|
||||
#### Block Tokens ####
|
||||
Block tokens are similar to delegation tokens in sense that they are signed by OzoneManager. Block tokens are created by OM (OzoneManager) when a client request involves interaction with DataNodes such as read/write Ozone keys. Unlike delegation tokens there is no client API to request block tokens. Instead, they are handed transparently to client along with key/block locations. Block tokens are validated by Datanodes when receiving read/write requests from clients. Block token can't be renewed explicitly by client. Client with expired block token will need to refetch the key/block locations to get new block tokens.
|
||||
|
||||
Block tokens are similar to delegation tokens in sense that they are signed by OzoneManager. Block tokens are created by OM (OzoneManager) when a client request involves interaction with DataNodes such as read/write Ozone keys.
|
||||
|
||||
Unlike delegation tokens there is no client API to request block tokens. Instead, they are handed transparently to client along with key/block locations. Block tokens are validated by Datanodes when receiving read/write requests from clients. Block token can't be renewed explicitly by client. Client with expired block token will need to refetch the key/block locations to get new block tokens.
|
||||
|
||||
#### S3Token ####
|
||||
|
||||
Like block tokens S3Tokens are handled transparently for clients. It is signed by S3secret created by client. S3Gateway creates this token for every s3 client request. To create an S3Token user must have a S3 secret.
|
||||
|
||||
### Certificates ###
|
||||
Apart from kerberos and tokens Ozone utilizes certificate based authentication for Ozone service components. To enable this, SCM (StorageContainerManager) bootstraps itself as an Certificate Authority when security is enabled. This allows all daemons inside Ozone to have an SCM signed certificate. Below is brief descriptions of steps involved:
|
||||
Datanodes and OzoneManagers submits a CSR (certificate signing request) to SCM.
|
||||
SCM verifies identity of DN (Datanode) or OM via Kerberos and generates a certificate.
|
||||
This certificate is used by OM and DN to prove their identities.
|
||||
Datanodes use OzoneManager certificate to validate block tokens. This is possible because both of them trust SCM signed certificates. (i.e OzoneManager and Datanodes)
|
||||
|
||||
1. Datanodes and OzoneManagers submits a CSR (certificate signing request) to SCM.
|
||||
2. SCM verifies identity of DN (Datanode) or OM via Kerberos and generates a certificate.
|
||||
3. This certificate is used by OM and DN to prove their identities.
|
||||
4. Datanodes use OzoneManager certificate to validate block tokens. This is possible because both of them trust SCM signed certificates. (i.e OzoneManager and Datanodes)
|
||||
|
||||
## Authorization ##
|
||||
Ozone provides a pluggable API to control authorization of all client related operations. Default implementation allows every request. Clearly it is not meant for production environments. To configure a more fine grained policy one may configure Ranger plugin for Ozone. Since it is a pluggable module clients can also implement their own custom authorization policy and configure it using [ozone.acl.authorizer.class].
|
||||
Ozone provides a pluggable API to control authorization of all client related operations. Default implementation allows every request. Clearly it is not meant for production environments. To configure a more fine grained policy one may configure Ranger plugin for Ozone. Since it is a pluggable module clients can also implement their own custom authorization policy and configure it using `ozone.acl.authorizer.class`.
|
||||
|
||||
## Audit ##
|
||||
|
||||
Ozone provides ability to audit all read & write operations to OM, SCM and Datanodes. Ozone audit leverages the Marker feature which enables user to selectively audit only READ or WRITE operations by a simple config change without restarting the service(s).
|
||||
|
||||
To enable/disable audit of READ operations, set filter.read.onMatch to NEUTRAL or DENY respectively. Similarly, the audit of WRITE operations can be controlled using filter.write.onMatch.
|
||||
|
||||
Generating audit logs is only half the job, so Ozone also provides AuditParser - a sqllite based command line utility to parse/query audit logs with predefined templates(ex. Top 5 commands) and options for custom query. Once the log file has been loaded to AuditParser, one can simply run a template as shown below:
|
||||
ozone auditparser <path to db file> template top5cmds
|
||||
|
||||
Similarly, users can also execute custom query using:
|
||||
|
||||
```bash
|
||||
ozone auditparser <path to db file> query "select * from audit where level=='FATAL'"
|
||||
```
|
||||
|
||||
## Transparent Data Encryption ##
|
||||
|
||||
Ozone TDE setup process and usage are very similar to HDFS TDE. The major difference is that Ozone TDE is enabled at Ozone bucket level when a bucket is created.
|
||||
|
||||
To create an encrypted bucket, client need to
|
||||
|
||||
* Create a bucket encryption key with hadoop key CLI (same as you do for HDFS encryption zone key)
|
||||
```
|
||||
|
||||
```bash
|
||||
hadoop key create key1
|
||||
```
|
||||
|
||||
* Create an encrypted bucket with -k option
|
||||
```
|
||||
|
||||
```bash
|
||||
ozone sh bucket create -k key1 /vol1/ez1
|
||||
```
|
||||
|
||||
After that the usage will be transparent to the client and end users, i.e., all data written to encrypted bucket are encrypted at datanodes.
|
||||
|
||||
To know more about how to setup a secure Ozone cluster refer to [How to setup secure Ozone cluster]("SetupSecureOzone.md")
|
||||
To know more about how to setup a secure Ozone cluster refer to [How to setup secure Ozone cluster]({{< ref "SetupSecureOzone.md" >}})
|
||||
|
||||
Ozone [security architecture document](https://issues.apache.org/jira/secure/attachment/12911638/HadoopStorageLayerSecurity.pdf) can be referred for a deeper dive into Ozone Security architecture.
|
@ -21,7 +21,7 @@ menu:
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
[Prometheus](https://prometheus.io/) is an open-source monitoring server developed under under the [Cloud Native Foundation](Cloud Native Foundation).
|
||||
[Prometheus](https://prometheus.io/) is an open-source monitoring server developed under under the [Cloud Native Computing Foundation](https://www.cncf.io/).
|
||||
|
||||
Ozone supports Prometheus out of the box. The servers start a prometheus
|
||||
compatible metrics endpoint where all the available hadoop metrics are published in prometheus exporter format.
|
||||
@ -75,14 +75,14 @@ prometheus
|
||||
|
||||
http://localhost:9090/targets
|
||||
|
||||
![Prometheus target page example](../../prometheus.png)
|
||||
![Prometheus target page example](prometheus.png)
|
||||
|
||||
|
||||
(6) Check any metrics on the prometheus web ui. For example:
|
||||
|
||||
http://localhost:9090/graph?g0.range_input=1h&g0.expr=om_metrics_num_key_allocate&g0.tab=1
|
||||
|
||||
![Prometheus target page example](../../prometheus-key-allocate.png)
|
||||
![Prometheus target page example](prometheus-key-allocate.png)
|
||||
|
||||
## Note
|
||||
|
||||
|
@ -44,16 +44,16 @@ including the data nodes and ozone services.
|
||||
ozone instance on your machine.
|
||||
|
||||
{{< highlight bash >}}
|
||||
cd ozone-0.2.1-SNAPSHOT/compose/ozone/
|
||||
cd compose/ozone/
|
||||
|
||||
docker-compose up -d
|
||||
{{< /highlight >}}
|
||||
|
||||
|
||||
To verify that ozone is working as expected, let us log into a data node and
|
||||
run _freon_, the load generator for Ozone. The ```exec datanode bash``` command
|
||||
will open a bash shell on the datanode. The ozone freon command is executed
|
||||
within the datanode container. You can quit freon via CTRL-C any time. The
|
||||
will open a bash shell on the datanode.
|
||||
|
||||
The `ozone freon` command is executed within the datanode container. You can quit freon via CTRL-C any time. The
|
||||
```rk``` profile instructs freon to generate random keys.
|
||||
|
||||
{{< highlight bash >}}
|
||||
|
@ -83,16 +83,37 @@ Endpoint | Status | Notes
|
||||
------------------------------------|-----------------|---------------
|
||||
PUT Object | implemented |
|
||||
GET Object | implemented | Range headers are not supported
|
||||
Multipart Uplad | not implemented |
|
||||
Multipart Uplad | implemented |Except the listing of the current MultiPartUploads.
|
||||
DELETE Object | implemented |
|
||||
HEAD Object | implemented |
|
||||
|
||||
|
||||
## Security
|
||||
|
||||
Security is not yet implemented, you can *use* any AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
|
||||
If security is not enabled, you can *use* **any** AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
|
||||
|
||||
Note: Ozone has a notion for 'volumes' which is missing from the S3 Rest endpoint. Under the hood S3 bucket names are mapped to Ozone 'volume/bucket' locations (depending on the given authentication information).
|
||||
If security is enabled, you can get the key and the secret with the `ozone s3 getsecret` command (*kerberos based authentication is required).
|
||||
|
||||
```
|
||||
/etc/security/keytabs/testuser.keytab testuser/scm@EXAMPLE.COM
|
||||
ozone s3 getsecret
|
||||
awsAccessKey=testuser/scm@EXAMPLE.COM
|
||||
awsSecret=c261b6ecabf7d37d5f9ded654b1c724adac9bd9f13e247a235e567e8296d2999
|
||||
|
||||
```
|
||||
|
||||
Now, you can use the key and the secret to access the S3 endpoint:
|
||||
|
||||
```
|
||||
export AWS_ACCESS_KEY_ID=testuser/scm@EXAMPLE.COM
|
||||
export AWS_SECRET_ACCESS_KEY=c261b6ecabf7d37d5f9ded654b1c724adac9bd9f13e247a235e567e8296d2999
|
||||
aws s3api --endpoint http://localhost:9878 create-bucket --bucket bucket1
|
||||
```
|
||||
|
||||
|
||||
## S3 bucket name mapping to Ozone buckets
|
||||
|
||||
**Note**: Ozone has a notion for 'volumes' which is missing from the S3 Rest endpoint. Under the hood S3 bucket names are mapped to Ozone 'volume/bucket' locations (depending on the given authentication information).
|
||||
|
||||
To show the storage location of a S3 bucket, use the `ozone s3 path <bucketname>` command.
|
||||
|
||||
|
@ -1,41 +0,0 @@
|
||||
---
|
||||
title: S3 Commands
|
||||
menu:
|
||||
main:
|
||||
parent: Client
|
||||
weight: 3
|
||||
---
|
||||
<!---
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
contributor license agreements. See the NOTICE file distributed with
|
||||
this work for additional information regarding copyright ownership.
|
||||
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
(the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
Ozone shell supports the following S3 commands.
|
||||
|
||||
* [getsecret](#get secret)
|
||||
|
||||
### Get Secret
|
||||
|
||||
User should get the kerberos ticket before using this option.
|
||||
|
||||
|
||||
{{< highlight bash >}}
|
||||
ozone s3 getsecret
|
||||
{{< /highlight >}}
|
||||
Prints the AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID for the current user.
|
||||
|
||||
|
||||
You can try out these commands from the docker instance of the [Alpha
|
||||
Cluster](runningviadocker.html).
|
@ -71,7 +71,7 @@ Here is an example,
|
||||
{{< highlight xml >}}
|
||||
<property>
|
||||
<name>ozone.enabled</name>
|
||||
<value>True</value>
|
||||
<value>true</value>
|
||||
</property>
|
||||
{{< /highlight >}}
|
||||
|
||||
|
@ -25,8 +25,10 @@ weight: 11
|
||||
# Setup secure ozone cluster #
|
||||
To enable security in ozone cluster **ozone.security.enabled** should be set to true.
|
||||
|
||||
ozone.security.enabled| true
|
||||
Property|Value
|
||||
----------------------|------
|
||||
ozone.security.enabled| true
|
||||
|
||||
## Kerberos ##
|
||||
Configuration for service daemons:
|
||||
|
||||
@ -45,20 +47,28 @@ ozone.s3g.authentication.kerberos.principal|S3 Gateway principal. Ex HTTP/_HOST@
|
||||
## Tokens ##
|
||||
|
||||
## Delegation token ##
|
||||
|
||||
Delegation tokens are enabled by default when security is enabled.
|
||||
|
||||
## Block Tokens ##
|
||||
hdds.block.token.enabled | true
|
||||
|
||||
Property|Value
|
||||
-----------------------------|------
|
||||
hdds.block.token.enabled | true
|
||||
|
||||
## S3Token ##
|
||||
|
||||
S3 token are enabled by default when security is enabled.
|
||||
To use S3 tokens users need to perform following steps:
|
||||
|
||||
* S3 clients should get the secret access id and user secret from OzoneManager.
|
||||
|
||||
```
|
||||
ozone s3 getsecret
|
||||
```
|
||||
|
||||
* Setup secret in aws configs:
|
||||
|
||||
```
|
||||
aws configure set default.s3.signature_version s3v4
|
||||
aws configure set aws_access_key_id ${accessId}
|
||||
@ -67,18 +77,22 @@ aws configure set region us-west-1
|
||||
```
|
||||
|
||||
## Certificates ##
|
||||
|
||||
Certificates are used internally inside Ozone. Its enabled be default when security is enabled.
|
||||
|
||||
## Authorization ##
|
||||
|
||||
Default access authorizer for Ozone approves every request. It is not suitable for production environments. It is recommended that clients use ranger plugin for Ozone to manage authorizations.
|
||||
|
||||
Property|Description
|
||||
Property|Value
|
||||
--------|------------------------------------------------------------
|
||||
ozone.acl.enabled | true
|
||||
ozone.acl.authorizer.class| org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer
|
||||
|
||||
## TDE ##
|
||||
|
||||
To use TDE clients must set KMS URI.
|
||||
|
||||
hadoop.security.key.provider.path | KMS uri. Ex kms://http@kms-host:9600/kms
|
||||
Property|Value
|
||||
-----------------------------------|-----------------------------------------
|
||||
hadoop.security.key.provider.path | KMS uri. Ex kms://http@kms-host:9600/kms
|
||||
|
@ -2,8 +2,8 @@
|
||||
title: Volume Commands
|
||||
menu:
|
||||
main:
|
||||
parent: Client
|
||||
weight: 2
|
||||
parent: OzoneShell
|
||||
weight: 1
|
||||
---
|
||||
<!---
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
|
BIN
hadoop-hdds/docs/static/prometheus-key-allocate.png
vendored
Normal file
BIN
hadoop-hdds/docs/static/prometheus-key-allocate.png
vendored
Normal file
Binary file not shown.
After Width: | Height: | Size: 50 KiB |
BIN
hadoop-hdds/docs/static/prometheus.png
vendored
Normal file
BIN
hadoop-hdds/docs/static/prometheus.png
vendored
Normal file
Binary file not shown.
After Width: | Height: | Size: 38 KiB |
@ -21,6 +21,14 @@
|
||||
{{ range .Site.Menus.main }}
|
||||
{{ if .HasChildren }}
|
||||
<li class="{{ if $currentPage.IsMenuCurrent "main" . }}active{{ end }}">
|
||||
<a href="{{ .URL }}">
|
||||
{{ .Pre }}
|
||||
<span>{{ .Name }}</span>
|
||||
</a>
|
||||
<ul class="nav">
|
||||
{{ range .Children }}
|
||||
<li class="{{ if $currentPage.IsMenuCurrent "main" . }}active{{ end }}">
|
||||
{{ if .HasChildren }}
|
||||
<a href="{{ .URL }}">
|
||||
{{ .Pre }}
|
||||
<span>{{ .Name }}</span>
|
||||
@ -32,6 +40,12 @@
|
||||
</li>
|
||||
{{ end }}
|
||||
</ul>
|
||||
{{ else }}
|
||||
<a href="{{ .URL }}">{{ .Name }}</a>
|
||||
{{ end }}
|
||||
</li>
|
||||
{{ end }}
|
||||
</ul>
|
||||
</li>
|
||||
{{ else }}
|
||||
<li class="{{ if $currentPage.IsMenuCurrent "main" . }}active{{ end }}">
|
||||
|
@ -92,6 +92,10 @@ a:hover {
|
||||
padding-right: 40px;
|
||||
padding-left: 40px;
|
||||
}
|
||||
.nav-sidebar > li > ul > li > ul > li > a {
|
||||
padding-right: 60px;
|
||||
padding-left: 60px;
|
||||
}
|
||||
.nav-sidebar .active > a,
|
||||
.nav-sidebar .active > a:hover,
|
||||
.nav-sidebar .active > a:focus {
|
||||
@ -136,3 +140,10 @@ a:hover {
|
||||
display: inline-block;
|
||||
border-radius: 50%;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
h4 {
|
||||
font-weight: bold;
|
||||
}
|
Loading…
Reference in New Issue
Block a user