You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by ck...@apache.org on 2022/10/20 06:33:05 UTC
[ozone] branch master updated: HDDS-7355. non-primordial scm fail to get signed cert from primordial SCM when converting an unsecure cluster to secure (#3859)
This is an automated email from the ASF dual-hosted git repository.
ckj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 31560fcdfe HDDS-7355. non-primordial scm fail to get signed cert from primordial SCM when converting an unsecure cluster to secure (#3859)
31560fcdfe is described below
commit 31560fcdfe22b5ffb18f3e847be8b814bb3080ee
Author: Jie Yao <ja...@tencent.com>
AuthorDate: Thu Oct 20 14:33:00 2022 +0800
HDDS-7355. non-primordial scm fail to get signed cert from primordial SCM when converting an unsecure cluster to secure (#3859)
---
.../hadoop/hdds/scm/server/StorageContainerManager.java | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
index 1f57b4ffea..09844681ab 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
@@ -1072,7 +1072,8 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl
scmStorageConfig.getScmId());
// Initialize security if security is enabled later.
- initializeSecurityIfNeeded(conf, scmhaNodeDetails, scmStorageConfig);
+ initializeSecurityIfNeeded(
+ conf, scmhaNodeDetails, scmStorageConfig, false);
return true;
}
@@ -1097,7 +1098,8 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl
}
// Initialize security if security is enabled later.
- initializeSecurityIfNeeded(conf, scmhaNodeDetails, scmStorageConfig);
+ initializeSecurityIfNeeded(
+ conf, scmhaNodeDetails, scmStorageConfig, false);
} else {
try {
@@ -1136,14 +1138,15 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl
* @param scmStorageConfig
* @throws IOException
*/
- private static void initializeSecurityIfNeeded(OzoneConfiguration conf,
- SCMHANodeDetails scmhaNodeDetails, SCMStorageConfig scmStorageConfig)
+ private static void initializeSecurityIfNeeded(
+ OzoneConfiguration conf, SCMHANodeDetails scmhaNodeDetails,
+ SCMStorageConfig scmStorageConfig, boolean isPrimordial)
throws IOException {
// Initialize security if security is enabled later.
if (OzoneSecurityUtil.isSecurityEnabled(conf)
&& scmStorageConfig.getScmCertSerialId() == null) {
HASecurityUtils.initializeSecurity(scmStorageConfig, conf,
- getScmAddress(scmhaNodeDetails, conf), true);
+ getScmAddress(scmhaNodeDetails, conf), isPrimordial);
scmStorageConfig.forceInitialize();
LOG.info("SCM unsecure cluster is converted to secure cluster. " +
"Persisted SCM Certificate SerialID {}",
@@ -1233,7 +1236,7 @@ public final class StorageContainerManager extends ServiceRuntimeInfoImpl
final boolean isSCMHAEnabled = scmStorageConfig.isSCMHAEnabled();
// Initialize security if security is enabled later.
- initializeSecurityIfNeeded(conf, haDetails, scmStorageConfig);
+ initializeSecurityIfNeeded(conf, haDetails, scmStorageConfig, true);
if (SCMHAUtils.isSCMHAEnabled(conf) && !isSCMHAEnabled) {
SCMRatisServerImpl.initialize(scmStorageConfig.getClusterID(),
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org