You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Bharat Viswanadham (Jira)" <ji...@apache.org> on 2021/08/09 06:25:00 UTC

[jira] [Updated] (HDDS-5556) GrpcReplication Client may fail in SCM HA Cluster

     [ https://issues.apache.org/jira/browse/HDDS-5556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bharat Viswanadham updated HDDS-5556:
-------------------------------------
    Description: 
Scenario:
1. DN1 got cert from SCM1
2.  DN2 got cert from SCM2
3. DN3 got cert from SCM3
4. DN4 got cert from SCM3

And now one of the closed container is under replicated due to DN3 faiilure, and DN4 is choose for replication it will fail during  secure channel setup.

{code:java}
 sslContextBuilder
            .trustManager(certClient.getCACertificate)
            .clientAuth(ClientAuth.REQUIRE)
            .keyManager(certClient.getPrivateKey(),
                certClient.getCertificate()); 
{code}


In SCM HA kind of setup we should pass for truststore all the CA certs to setup a secure channel.



  was:
Scenario:
1. DN1 got cert from SCM1
2.  DN2 got cert from SCM2
3. DN3 got cert from SCM3
4. DN4 got cert from SCM3

And now one of the closed container is under replicated due to DN3 faiilure, and DN4 is choose for replication it will fail during       

{code:java}
 sslContextBuilder
            .trustManager(certClient.getCACertificate)
            .clientAuth(ClientAuth.REQUIRE)
            .keyManager(certClient.getPrivateKey(),
                certClient.getCertificate()); 
{code}


In SCM HA kind of setup we should pass for truststore all the CA certs to setup a secure channel.




> GrpcReplication Client may fail in SCM HA Cluster
> -------------------------------------------------
>
>                 Key: HDDS-5556
>                 URL: https://issues.apache.org/jira/browse/HDDS-5556
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: Ozone Datanode
>            Reporter: Bharat Viswanadham
>            Assignee: Vivek Ratnavel Subramanian
>            Priority: Blocker
>
> Scenario:
> 1. DN1 got cert from SCM1
> 2.  DN2 got cert from SCM2
> 3. DN3 got cert from SCM3
> 4. DN4 got cert from SCM3
> And now one of the closed container is under replicated due to DN3 faiilure, and DN4 is choose for replication it will fail during  secure channel setup.
> {code:java}
>  sslContextBuilder
>             .trustManager(certClient.getCACertificate)
>             .clientAuth(ClientAuth.REQUIRE)
>             .keyManager(certClient.getPrivateKey(),
>                 certClient.getCertificate()); 
> {code}
> In SCM HA kind of setup we should pass for truststore all the CA certs to setup a secure channel.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org