You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "aryangupta1998 (via GitHub)" <gi...@apache.org> on 2023/09/04 10:22:25 UTC

[GitHub] [ozone] aryangupta1998 opened a new pull request, #5243: HDDS-9234. OM should shutdown immediately if certificate duration are invalid

aryangupta1998 opened a new pull request, #5243:
URL: https://github.com/apache/ozone/pull/5243

   ## What changes were proposed in this pull request?
   
   As of now if certificate durations are invalid for example, if "hdds.x509.max.duration" is set with a negative value then OM goes into a retry mode as OM tries to communicate with SCM which is already down so in this case after 600 seconds(by default) OM shuts down. In this jira, we will try to check the validity of the certificate duration in the init process and shut down the OM immediately if the durations are invalid.
   
   ## What is the link to the Apache JIRA
   
   https://issues.apache.org/jira/browse/HDDS-9234
   
   ## How was this patch tested?
   
   Tested Manually.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] aryangupta1998 commented on a diff in pull request #5243: HDDS-9234. OM should shutdown immediately if certificate durations are invalid

Posted by "aryangupta1998 (via GitHub)" <gi...@apache.org>.

aryangupta1998 commented on code in PR #5243:
URL: https://github.com/apache/ozone/pull/5243#discussion_r1318197153


##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java:
##########
@@ -1332,6 +1332,9 @@ public static boolean omInit(OzoneConfiguration conf) throws IOException,
       AuthenticationException {
     OMHANodeDetails omhaNodeDetails = OMHANodeDetails.loadOMHAConfig(conf);
     String nodeId = omhaNodeDetails.getLocalNodeDetails().getNodeId();
+    // Checking certificate duration validity by using
+    // validateCertificateValidityConfig() in SecurityConfig constructor.
+    new SecurityConfig(conf);

Review Comment:
   In the SecurityConfig constructor we're mostly initializing the member variables and most of them are used in `validateCertificateValidityConfig` so I don't think there would be too much extra load if we call out an object. If we try to extract a method for initializing variables related to `validateCertificateValidityConfig` then also we have to explicitly initialize each property being used in `validateCertificateValidityConfig`, what do you suggest? 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ayushtkn commented on a diff in pull request #5243: HDDS-9234. OM should shutdown immediately if certificate durations are invalid

Posted by "ayushtkn (via GitHub)" <gi...@apache.org>.

ayushtkn commented on code in PR #5243:
URL: https://github.com/apache/ozone/pull/5243#discussion_r1315224896


##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java:
##########
@@ -1332,6 +1332,9 @@ public static boolean omInit(OzoneConfiguration conf) throws IOException,
       AuthenticationException {
     OMHANodeDetails omhaNodeDetails = OMHANodeDetails.loadOMHAConfig(conf);
     String nodeId = omhaNodeDetails.getLocalNodeDetails().getNodeId();
+    // Checking certificate duration validity by using
+    // validateCertificateValidityConfig() in SecurityConfig constructor.
+    new SecurityConfig(conf);

Review Comment:
   ```new SecurityConfig(conf);``` is doing much more than just validating, can we refactor the certificate code extraction part & combine with the validation method into a single method & call that here?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] ChenSammi merged pull request #5243: HDDS-9234. OM should shutdown immediately if certificate durations are invalid

Posted by "ChenSammi (via GitHub)" <gi...@apache.org>.

ChenSammi merged PR #5243:
URL: https://github.com/apache/ozone/pull/5243


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org