You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Bharat Viswanadham (Jira)" <ji...@apache.org> on 2021/05/28 05:01:00 UTC

[jira] [Updated] (HDDS-5280) Avoid creation of XceiverClientManager in ContainerOperationClient

     [ https://issues.apache.org/jira/browse/HDDS-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bharat Viswanadham updated HDDS-5280:
-------------------------------------
    Description: 
ContainerOperation Client creates XceiverClientManager.

XceiverClientManager requires to getCA list.


{code:java}
      manager = new XceiverClientManager(conf,
          conf.getObject(XceiverClientManager.ScmClientConfig.class),
          caCertificates);
{code}

We can avoid listCA which is not required for most admin commands. It is required only for ChunkKeyHandler.

This will help when ACLS are configured for SCM security protocol where only admin/service principals can make calls to the SCMSecurityProtocol server, then we don't need to add all the users to them to make these commands work.

As for few of the commands like pipeline list, safe mode status we don't require admin privilege.


  was:
ContainerOperation Client creates XceiverClientManager.

XceiverClientManager requires to getCA list.


{code:java}
      manager = new XceiverClientManager(conf,
          conf.getObject(XceiverClientManager.ScmClientConfig.class),
          caCertificates);
{code}

We can avoid listCA which is not required for most admin commands.



> Avoid creation of XceiverClientManager in ContainerOperationClient
> ------------------------------------------------------------------
>
>                 Key: HDDS-5280
>                 URL: https://issues.apache.org/jira/browse/HDDS-5280
>             Project: Apache Ozone
>          Issue Type: Improvement
>            Reporter: Bharat Viswanadham
>            Assignee: Bharat Viswanadham
>            Priority: Major
>
> ContainerOperation Client creates XceiverClientManager.
> XceiverClientManager requires to getCA list.
> {code:java}
>       manager = new XceiverClientManager(conf,
>           conf.getObject(XceiverClientManager.ScmClientConfig.class),
>           caCertificates);
> {code}
> We can avoid listCA which is not required for most admin commands. It is required only for ChunkKeyHandler.
> This will help when ACLS are configured for SCM security protocol where only admin/service principals can make calls to the SCMSecurityProtocol server, then we don't need to add all the users to them to make these commands work.
> As for few of the commands like pipeline list, safe mode status we don't require admin privilege.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org