You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Sammi Chen (Jira)" <ji...@apache.org> on 2023/01/06 13:08:00 UTC

[jira] [Resolved] (HDDS-7708) No check for certificate duration config scenarios

     [ https://issues.apache.org/jira/browse/HDDS-7708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sammi Chen resolved HDDS-7708.
------------------------------
    Fix Version/s: 1.4.0
       Resolution: Fixed

> No check for certificate duration config scenarios
> --------------------------------------------------
>
>                 Key: HDDS-7708
>                 URL: https://issues.apache.org/jira/browse/HDDS-7708
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: SCM
>    Affects Versions: 1.3.0
>            Reporter: Soumitra Sulav
>            Assignee: Ashish Kumar
>            Priority: Critical
>              Labels: pki, pull-request-available
>             Fix For: 1.4.0
>
>
> *Issue :*
> While validating the config duration with multiple negative scenarios and below were the observations :
> Config duration accepts 0D as the duration.
> Config duration accepts negative days -1D as the duration.
> No check was added for hdds.x509.renew.grace.duration value
> The only check available currently is for hdds.x509.default.duration not greater than hdds.x509.max.duration.
> The logging message is wrong and the config order is reversed.
> Scenarios Tried :
> Unnatural sequence
> 	Max = 0 | Def = 2 | Grace = 1	Failed
> Max = 5 | Def = 0 | Grace = 1	Restarted
> Max = 5 | Def = 2 | Grace = 0	Restarted
> Max = 5 | Def = 6 | Grace = 1	Failed
> Max = 5 | Def = 2 | Grace = 3	Restarted
> Max = 5 | Def = 2 | Grace = 6	Restarted
> Negative values
> 	Max = -5 | Def = 2 | Grace = 1	Failed
> Max = 5 | Def = -2 | Grace = 1	Restarted
> Max = 5 | Def = 2 | Grace = -1	Restarted
> Fractional values
> 	Max = 5.25 | Def = 2 | Grace = 1	Failed
> Max = 5 | Def = 2.5 | Grace = 1	Failed
> Max = 5 | Def = 2 | Grace = 1.75	Failed
> The scenarios where the restart could go through should have actually failed to start.
> +Error with Logging Message.+
> Scenario 1 where Max Duration is 0D and Default Duration is 2D.
> *Stacktrace :*
> [root@quasar-gvwabo-2 ~]# vim /var/log/hadoop-ozone/ozone-scm.log
> 2022-12-22 08:57:25,296 ERROR org.apache.hadoop.hdds.security.x509.SecurityConfig: Certificate duration PT0S should not be greater than Maximum Certificate duration PT48H



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org