ajayydv commented on a change in pull request #581: HDDS-596. Add robot test
for OM Block Token.
URL: https://github.com/apache/hadoop/pull/581#discussion_r264316989
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCAServer.java
##########
@@ -224,12 +224,16 @@ private KeyPair getCAKeys() throws IOException {
break;
case KERBEROS_TRUSTED:
case TESTING_AUTOMATIC:
- X509CertificateHolder xcert = approver.sign(config,
- getCAKeys().getPrivate(),
- getCACertificate(), java.sql.Date.valueOf(beginDate),
- java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
- store.storeValidCertificate(xcert.getSerialNumber(),
- CertificateCodec.getX509Certificate(xcert));
+ X509CertificateHolder xcert;
+ try {
+ xcert = signAndStoreCertificate(beginDate, endDate, csr);
+ } catch (SCMSecurityException e) {
+ // Certificate with conflicting serial id, retry again may resolve
Review comment:
faced in our docker testing, multiple Dns may send csr simultaneously, SCM
throws error for few of them saying serial id already exist. This small change
resolves it but we should refactor it for SCM HA.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
