hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anu Engineer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDDS-696) Bootstrap genesis SCM(CA) with self-signed certificate.
Date Mon, 26 Nov 2018 20:31:00 GMT

    [ https://issues.apache.org/jira/browse/HDDS-696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16699544#comment-16699544

Anu Engineer commented on HDDS-696:

Thanks for the comments.
bq. Shall we move generateKeys, checkIfKeysExist and checkIfCertificatesExist to a util class.
They can be used in Tests and few other places?
It is a good idea to have a version of these in the client eventually. But I would prefer
those functions to actually decode these files. In the CA, we only check if the file exists,
since the next function call will decode them. So I when I get to the client functions I will
add them in a proper way, that does not only check for file existence, but also decode the
objects in question.
bq. Are you planning to implement requestCertificate and revokeCertificate separately?
Yes, in the next patch. This patch is already too big.
bq. getCertificateLocation should include component part as well as same node may have multiple
components and hence multiple certs?
I agree we do have an overloaded function with component, in this patch. Line 204 after this
patch is applied.

I will fix the rest of the issues and upload a new patch.

> Bootstrap genesis SCM(CA) with self-signed certificate.
> -------------------------------------------------------
>                 Key: HDDS-696
>                 URL: https://issues.apache.org/jira/browse/HDDS-696
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Xiaoyu Yao
>            Assignee: Anu Engineer
>            Priority: Major
>         Attachments: HDDS-696-HDDS-4.001.patch, HDDS-696-HDDS-4.002.patch
> If security is enabled, SCM will generate the CA certs and bootstrap a CA. If it is already
 bootstrapped it the keys and root certificates are read from the secure store, if not, they
are generated.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message