Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HDDS-7355. non-primordial scm fail to get signed cert from primordial SCM when converting an unsecure cluster to secure #3859

Merged
merged 3 commits into from
Oct 20, 2022
Merged

HDDS-7355. non-primordial scm fail to get signed cert from primordial SCM when converting an unsecure cluster to secure #3859

merged 3 commits into from
Oct 20, 2022

Conversation

JacksonYao287
Copy link
Contributor

What changes were proposed in this pull request?

when converting a unsecure cluster to a secure one, we need to reinit the primordial SCM to generate the root ca and a sub ca to itself. then , we need to bootstrap the other two scm to get a signed cert and sub ca from primordial SCM.

current code has a bug in initializeSecurityIfNeeded which will lead the bootstrapped scm to get a self signed cert from itself, not the root signed cert from primordial SCM.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-7355

How was this patch tested?

manually test in my inner cluster

HDDS-7355. non-primordial scm fail to get signed cert from primordial…
18aa192 
… SCM when converting an unsecure cluster to secure
kaijchen
kaijchen approved these changes Oct 19, 2022
View reviewed changes
Copy link
Contributor

@kaijchen kaijchen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kaijchen kaijchen merged commit 31560fc into apache:master Oct 20, 2022
@kaijchen
Copy link
Contributor

Thanks @JacksonYao287 for the work.

@JacksonYao287
Copy link
Contributor Author

thanks @kaijchen for the review and merging!

@JacksonYao287 JacksonYao287 deleted the HDDS-7355 branch October 20, 2022 07:19
kaijchen pushed a commit that referenced this pull request Oct 25, 2022
@kaijchen
HDDS-7355. non-primordial scm fail to get signed cert from primordial…
671b714 
… SCM when converting an unsecure cluster to secure (#3859)
errose28 added a commit to errose28/ozone that referenced this pull request Oct 26, 2022
@errose28
Merge branch 'master' into HDDS-6447
24ee2fa 
* master: (718 commits)
  HDDS-7342. Move encryption-related code from MultipartCryptoKeyInputStream to OzoneCryptoInputStream (apache#3852)
  HDDS-7413. Fix logging while marking container state unhealthy (apache#3887)
  Revert "HDDS-7253. Fix exception when '/' in key name (apache#3774)"
  HDDS-7396. Force close non-RATIS containers in ReplicationManager (apache#3877)
  HDDS-7121. Support namespace summaries (du, dist & counts) for legacy FS buckets (apache#3746)
  HDDS-7258. Cleanup the allocated but uncommitted blocks (apache#3778)
  HDDS-7381. Cleanup of VolumeManagerImpl (apache#3873)
  HDDS-7253. Fix exception when '/' in key name (apache#3774)
  HDDS-7182. Add property to control RocksDB max open files (apache#3843)
  HDDS-7284. JVM crash for rocksdb for read/write after close (apache#3801)
  HDDS-7368. [Multi-Tenant] Add Volume Existence check in preExecute for OMTenantCreateRequest (apache#3869)
  HDDS-7403. README Security Improvement (apache#3879)
  HDDS-7199. Implement new mix workload Read/Write Freon command (apache#3872)
  HDDS-7248. Recon: Expand the container status page to show all unhealthy container states (apache#3837)
  HDDS-7141. Recon: Improve Disk Usage Page (apache#3789)
  HDDS-7369. Fix wrong order of command arguments in Nonrolling-Upgrade.md (apache#3866)
  HDDS-6210. EC: Add EC metrics (apache#3851)
  HDDS-7355. non-primordial scm fail to get signed cert from primordial SCM when converting an unsecure cluster to secure (apache#3859)
  HDDS-7356. Update SCM-HA.zh.md to match the English version (apache#3861)
  HDDS-6930. SCM,OM,RECON should not print ERROR and exit with code 1 on successful shutdown (apache#3848)
  ...

Conflicts:
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/container/replication/LegacyReplicationManager.java
hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/container/replication/TestLegacyReplicationManager.java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaijchen kaijchen kaijchen approved these changes

@szetszwo szetszwo Awaiting requested review from szetszwo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@JacksonYao287 @kaijchen