You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Li Cheng (Jira)" <ji...@apache.org> on 2020/03/16 07:36:00 UTC

[jira] [Created] (HDDS-3202) Certs for security needs a new root

Li Cheng created HDDS-3202:
------------------------------

             Summary: Certs for security needs a new root
                 Key: HDDS-3202
                 URL: https://issues.apache.org/jira/browse/HDDS-3202
             Project: Hadoop Distributed Data Store
          Issue Type: Sub-task
          Components: SCM
            Reporter: Li Cheng


Only the leader can do the INIT to have root. And followers only sync from the leader in the bootstrap process.

After the root, every SCM will add their own certs upon the root. The root cert and sub certs are signed by the leader so that they can trust each other. For now, SCM only creates self-signed certs.

We need to change init mode to rely on the root certs from the leader. Init workflow will need to wait for the other SCMs to hold and we make sure only 1 SCM is generating the root cert. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org