You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2022/10/24 12:34:00 UTC

[jira] [Created] (HDDS-7398) Implement a cleaner logic that removes old certs from the SCM DB

István Fajth created HDDS-7398:
----------------------------------

             Summary: Implement a cleaner logic that removes old certs from the SCM DB
                 Key: HDDS-7398
                 URL: https://issues.apache.org/jira/browse/HDDS-7398
             Project: Apache Ozone
          Issue Type: Sub-task
            Reporter: István Fajth
            Assignee: István Fajth


While automatic certificate rotation is not implemented, there is a manual procedure that needs to follow to renew the certificates in an Ozone cluster.
This procedure in simple steps:
- stop the service
- remove old key and certificate material from the metadata folders
- remove the omCertSerialID and scmCertSerialID fields from the respecitve service's VERSION file
- start the service

During this process though, the old certificate is not cleared from the rocksDB of SCM.
The aim here is to implement a tool from CLI that enables the removal of the old certificates, best may be if this tool can remove the certificates that are already expired only, so that there are no possibility to unwillingly remove certificates from the DB that are still in use. Automation will be done for the rest, and with this eventually all old certificates can be cleared.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org