Skip to content

HDDS-5257. Avoid SCM call to get CA certs in non-HA from OM. #2273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bharatviswa504 merged 2 commits into from
May 21, 2021
Merged

HDDS-5257. Avoid SCM call to get CA certs in non-HA from OM. #2273

bharatviswa504 merged 2 commits into from
May 21, 2021

Conversation

@bharatviswa504
Copy link
Contributor

@bharatviswa504 bharatviswa504 commented May 20, 2021
edited
Loading

What changes were proposed in this pull request?

Avoid calls to SCM during OM startup to obtain the CA list.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-5257

How was this patch tested?

Existing docker secure tests should test this code path.

@bharatviswa504 bharatviswa504 requested review from adoroszlai, bshashikant and xiaoyuyao and removed request for bshashikant May 20, 2021 10:30
adoroszlai
adoroszlai previously requested changes May 20, 2021
View reviewed changes
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java Outdated
waitDuration);
} else {
caCertPemList = certClient.listCA();
List<String> x509Certificates = new ArrayList<>();
Copy link
Contributor

@adoroszlai adoroszlai May 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why define a separate list instead of using caCertPemList, like other if branches?

Copy link
Contributor Author

@bharatviswa504 bharatviswa504 May 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did little refactor, have a look at latest change

hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java Outdated
Comment on lines 391 to 398
if (certClient.getRootCACertificate() != null) {
x509Certificates.add(CertificateCodec.getPEMEncodedString(
certClient.getRootCACertificate()));
}
if (certClient.getCACertificate() != null) {
x509Certificates.add(CertificateCodec.getPEMEncodedString(
certClient.getCACertificate()));
}
Copy link
Contributor

@adoroszlai adoroszlai May 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we extract a method and reuse it here in and !SCMHAUtils.isSCMHAEnabled case?

Copy link
Contributor Author

@bharatviswa504 bharatviswa504 May 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya just found out, and did that

@bharatviswa504 bharatviswa504 requested a review from adoroszlai May 20, 2021 10:59
@adoroszlai adoroszlai dismissed their stale review May 20, 2021 13:45

Thanks for updating the patch

xiaoyuyao
xiaoyuyao approved these changes May 20, 2021
View reviewed changes
Copy link
Contributor

@xiaoyuyao xiaoyuyao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, +1.

@bharatviswa504 bharatviswa504 merged commit 09c2278 into apache:master May 21, 2021
@bharatviswa504
Copy link
Contributor Author

bharatviswa504 commented May 21, 2021

Thank You @bshashikant @xiaoyuyao and @adoroszlai for the review.

bharatviswa504 added a commit to bharatviswa504/hadoop-ozone that referenced this pull request Jul 25, 2021
@bharatviswa504
HDDS-5257. Avoid SCM call to get CA certs in non-HA from OM. (apache#…
edf5084 
…2273)

(cherry picked from commit 09c2278)
Change-Id: I5385f4c7f8428f0ceed2dca57a5b623f6d3a9f12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiaoyuyao xiaoyuyao xiaoyuyao approved these changes

@bshashikant bshashikant bshashikant approved these changes

@adoroszlai adoroszlai Awaiting requested review from adoroszlai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bharatviswa504 @adoroszlai @xiaoyuyao @bshashikant