[jira] [Commented] (HDDS-580) Bootstrap OM/SCM with private/public key pair

Thu, 25 Oct 2018 17:22:30 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16664461#comment-16664461
 ] 

Xiaoyu Yao commented on HDDS-580:
---------------------------------

Thanks [~ajayydv] for the update. Patch v7 looks very good to me. A few more 
comments:

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/SecurityUtils.java
Line 51/61/98: NIT: missing @return javadoc
Line 65: NIT missing some @throws javadoc
        
SecurityConfig.java
Line 153: Should we rename it to getCurrentKeyLocation()?
Line 250: @return Path to Private key location
Line 260: @return Path to Public key location
        
HDDSKeyPEMHandler.java 
Line 299: should we use checkKeyFileExist()? 
Line 300: should we throw HDDS Security Exception?
Line 318: destDir can be removed. Paths.get() can be assigned to destDirPath 
directly without back-and-forth conversion.
Line 333: should we clean up the currentKeyLocaiton before attempt to rename?
Line 399: should we specify the security provider?
        
StorageContainerManager.java
Line 1031: can you add necessary docker-compoase changes to init security 
properly for secure ozone deployment?
This can be handled in separate JIRA.
        
        
TestSecurityUtils.java
Line 109: how do we ensure restore of the current key location permission? This 
can cause other test failure is not restored properly. Maybe add some test hook 
with injected errors instead of actually change the directory permission.
        
        


> Bootstrap OM/SCM with private/public key pair
> ---------------------------------------------
>
>                 Key: HDDS-580
>                 URL: https://issues.apache.org/jira/browse/HDDS-580
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Xiaoyu Yao
>            Assignee: Ajay Kumar
>            Priority: Major
>         Attachments: HDDS-4-HDDS-580.00.patch, HDDS-580-HDDS-4.00.patch, 
> HDDS-580-HDDS-4.01.patch, HDDS-580-HDDS-4.02.patch, HDDS-580-HDDS-4.03.patch, 
> HDDS-580-HDDS-4.04.patch, HDDS-580-HDDS-4.05.patch, HDDS-580-HDDS-4.06.patch, 
> HDDS-580-HDDS-4.07.patch
>
>
> We will need to add API that leverage the key generator from HDDS-100 to 
> generate public/private key pair for OM/SCM, this will be called by the 
> scm/om admin cli with "-init" cmd.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to