xiaoyuyao commented on a change in pull request #754: HDDS-1065. OM and DN
should persist SCM certificate as the trust root. Contributed by Ajay Kumar.
URL: https://github.com/apache/hadoop/pull/754#discussion_r277400775
##########
File path:
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java
##########
@@ -268,10 +268,13 @@ private void getSCMSignedCert(OzoneConfiguration config)
{
String pemEncodedCert = secureScmClient.getDataNodeCertificate(
datanodeDetails.getProtoBufMessage(), getEncodedString(csr));
- dnCertClient.storeCertificate(pemEncodedCert, true);
+ dnCertClient.storeCertificate(pemEncodedCert, true, false);
datanodeDetails.setCertSerialId(getX509Certificate(pemEncodedCert).
getSerialNumber().toString());
persistDatanodeDetails(datanodeDetails);
+ // Get SCM CA certificate and store it in filesystem.
+ String pemEncodedRootCert = secureScmClient.getCACertificate();
Review comment:
Should we get the CA certificate based on the DN certificate signed by CA?
Does that container a signer certificate id?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
