From 433c5b1daf10140b254db305dec5e4550660bc9c Mon Sep 17 00:00:00 2001
From: Xiaoyu Yao <xyao@apache.org>
Date: Tue, 18 May 2021 16:40:38 -0700
Subject: [PATCH 1/3] HDDS-5245. Fix OzoneContainer TLS configuration.

---
 .../ozone/container/ozoneimpl/OzoneContainer.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
index c9d645f15023..08571107e598 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
@@ -174,14 +174,16 @@ public OzoneContainer(
         new BlockDeletingService(this, svcInterval.toMillis(), serviceTimeout,
             TimeUnit.MILLISECONDS, config);
 
-    List< X509Certificate > x509Certificates = null;
-    if (certClient != null) {
+    List<X509Certificate> x509Certificates = null;
+    if (certClient != null && secConf.isGrpcTlsEnabled()) {
       x509Certificates = HAUtils.buildCAX509List(certClient, conf);
+      tlsClientConfig = new GrpcTlsConfig(
+          certClient.getPrivateKey(), certClient.getCertificate(),
+          x509Certificates, true);
+    } else {
+      tlsClientConfig = null;
     }
 
-    tlsClientConfig = RatisHelper.createTlsClientConfig(secConf,
-        x509Certificates);
-
     initializingStatus =
         new AtomicReference<>(InitializingStatus.UNINITIALIZED);
   }

From 54f4b6f09ea88cedebcf07b9183d1aa461efe540 Mon Sep 17 00:00:00 2001
From: Xiaoyu Yao <xyao@apache.org>
Date: Tue, 18 May 2021 16:45:02 -0700
Subject: [PATCH 2/3] minor reformat

---
 .../hadoop/ozone/container/ozoneimpl/OzoneContainer.java      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
index 08571107e598..bd60b4080f6e 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
@@ -174,9 +174,9 @@ public OzoneContainer(
         new BlockDeletingService(this, svcInterval.toMillis(), serviceTimeout,
             TimeUnit.MILLISECONDS, config);
 
-    List<X509Certificate> x509Certificates = null;
     if (certClient != null && secConf.isGrpcTlsEnabled()) {
-      x509Certificates = HAUtils.buildCAX509List(certClient, conf);
+      List<X509Certificate> x509Certificates =
+          HAUtils.buildCAX509List(certClient, conf);
       tlsClientConfig = new GrpcTlsConfig(
           certClient.getPrivateKey(), certClient.getCertificate(),
           x509Certificates, true);

From a91c3130e168b2e8c866dbee9a9e8de048187bad Mon Sep 17 00:00:00 2001
From: Xiaoyu Yao <xyao@apache.org>
Date: Tue, 18 May 2021 18:27:44 -0700
Subject: [PATCH 3/3] remove unused imports

---
 .../apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
index bd60b4080f6e..41779812495a 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/OzoneContainer.java
@@ -37,7 +37,6 @@
 import org.apache.hadoop.hdds.protocol.proto.StorageContainerDatanodeProtocolProtos.ContainerReplicaProto;
 import org.apache.hadoop.hdds.protocol.proto.StorageContainerDatanodeProtocolProtos.IncrementalContainerReportProto;
 import org.apache.hadoop.hdds.protocol.proto.StorageContainerDatanodeProtocolProtos.PipelineReportsProto;
-import org.apache.hadoop.hdds.ratis.RatisHelper;
 import org.apache.hadoop.hdds.security.token.TokenVerifier;
 import org.apache.hadoop.hdds.security.x509.SecurityConfig;
 import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;