You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/03/19 06:59:20 UTC

[GitHub] [ozone] bharatviswa504 opened a new pull request #2063: HDDS-4998. [SCM HA Security] Make storeValidCertificate method idempotent

bharatviswa504 opened a new pull request #2063:
URL: https://github.com/apache/ozone/pull/2063


   ## What changes were proposed in this pull request?
   
   Make storeValidCertificate idempotent.
   
   Steps done:
   1. Move checkValidCertID to the caller.
   2. Perform signAndStoreCertificate under lock. (As doing sign only under lock, so it is not a huge overhead, as anyway writing to DB is done already under lock. And this approach will change in HDDS-4998. This is a temporary fix, until we have proper solution which can work across SCM nodes. This is required because without this for the secure cluster with ratis enabled after a restartt SCM will fail to start.)
   
   
   ## What is the link to the Apache JIRA
   
   https://issues.apache.org/jira/browse/HDDS-4998
   
   ## How was this patch tested?
   
   Existing tests.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] GlenGeng commented on a change in pull request #2063: HDDS-4998. [SCM HA Security] Make storeValidCertificate method idempotent

Posted by GitBox <gi...@apache.org>.

GlenGeng commented on a change in pull request #2063:
URL: https://github.com/apache/ozone/pull/2063#discussion_r598491340



##########
File path: hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultApprover.java
##########
@@ -155,6 +156,12 @@ public  X509CertificateHolder sign(
 
   }
 
+  public long generateSerialId() {
+    // TODO: to make generation of serialId distributed.
+    // This issue will be fixed in HDDS-4999.

Review comment:
       Please check `SequenceIdGenerator`, it can generate a monotonically increased distributed sequence id.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] bharatviswa504 commented on pull request #2063: HDDS-4998. [SCM HA Security] Make storeValidCertificate method idempotent

Posted by GitBox <gi...@apache.org>.

bharatviswa504 commented on pull request #2063:
URL: https://github.com/apache/ozone/pull/2063#issuecomment-802726281


   Thank You @bshashikant for the review.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] GlenGeng commented on a change in pull request #2063: HDDS-4998. [SCM HA Security] Make storeValidCertificate method idempotent

Posted by GitBox <gi...@apache.org>.

GlenGeng commented on a change in pull request #2063:
URL: https://github.com/apache/ozone/pull/2063#discussion_r598491340



##########
File path: hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultApprover.java
##########
@@ -155,6 +156,12 @@ public  X509CertificateHolder sign(
 
   }
 
+  public long generateSerialId() {
+    // TODO: to make generation of serialId distributed.
+    // This issue will be fixed in HDDS-4999.

Review comment:
       Please check `SequenceIdGenerator`.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] bharatviswa504 merged pull request #2063: HDDS-4998. [SCM HA Security] Make storeValidCertificate method idempotent

Posted by GitBox <gi...@apache.org>.

bharatviswa504 merged pull request #2063:
URL: https://github.com/apache/ozone/pull/2063


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org