You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2021/04/08 22:48:00 UTC
[jira] [Issue Comment Deleted] (HDDS-5078) NPE during secure SCM
initialization with HA code updated to an already existing cluster
[ https://issues.apache.org/jira/browse/HDDS-5078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
István Fajth updated HDDS-5078:
-------------------------------
Comment: was deleted
(was: Note:
In my test env modifying the initializeCertificateClient method to be like this solves the problem, but I am not sure whether this is a proper fix which considers all the cases, and I have not don any extensive testing so far, just assumed that we can have the client up and running safely in a single SCM environment...
{code}
private void initializeCertificateClient() {
if (scmStorageConfig.checkPrimarySCMIdInitialized()
|| !SCMHAUtils.isSCMHAEnabled(configuration)) {
scmCertificateClient = new SCMCertificateClient(
new SecurityConfig(configuration),
scmStorageConfig.getScmCertSerialId());
}
}
{code})
> NPE during secure SCM initialization with HA code updated to an already existing cluster
> ----------------------------------------------------------------------------------------
>
> Key: HDDS-5078
> URL: https://issues.apache.org/jira/browse/HDDS-5078
> Project: Apache Ozone
> Issue Type: Bug
> Components: SCM HA
> Reporter: István Fajth
> Priority: Blocker
>
> During SCM initialization, the following causes an NPE:
> StorageContainerManager#initializeCertificateClient initializes the scmCertificateClient only if scmStorageConfig#checkPrimarySCMIdInitialized() evaluates to true. This evaluates to true, if the VERSION file contains primaryScmNodeId with a value.
> If you upgrade an existing cluster with a single SCM to this code, the VERSION file does not contain a primaryScmNodeId, so the scmCertificateClient remains null.
> Later the initialization code calls the StorageContainerManager#initializeCAnSecurityProtocol method, which at the end creates the securityProtocolServer, for the constructor call the rootCACert is provided by calling the scmCertificateClient#getCACertificate method, but this is a null dereference as scmCertificateClient is null.
> The scmCertificateClient being null, can cause problems later as well, as it is used multiple times unconditionally.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org