[
https://issues.apache.org/jira/browse/HDDS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16667599#comment-16667599
]
Xiaoyu Yao commented on HDDS-580:
---------------------------------
The current --init and --init-security are based on the non-dempotent
assumptions. Agree with [~arpitagarwal] and [~anu] idempotent could simplify
the bootstrap process. But this can be confusing for folks from hdfs world
where an explicit format is required to bootstrap namenode. Are we risk losing
existing data when running scm -init many times?
These command may be executed by different roles and authorized differently.
E.g., re-init security (rotate key, certificate, etc.) by key admin seems less
risky compared with re-init scm. We need admin access check when doing these
operations as [~anu] pointed above.
> Bootstrap OM/SCM with private/public key pair
> ---------------------------------------------
>
> Key: HDDS-580
> URL: https://issues.apache.org/jira/browse/HDDS-580
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Attachments: HDDS-4-HDDS-580.00.patch, HDDS-580-HDDS-4.00.patch,
> HDDS-580-HDDS-4.01.patch, HDDS-580-HDDS-4.02.patch, HDDS-580-HDDS-4.03.patch,
> HDDS-580-HDDS-4.04.patch, HDDS-580-HDDS-4.05.patch, HDDS-580-HDDS-4.06.patch,
> HDDS-580-HDDS-4.07.patch, HDDS-580-HDDS-4.08.patch, HDDS-580-HDDS-4.09.patch
>
>
> We will need to add API that leverage the key generator from HDDS-100 to
> generate public/private key pair for OM/SCM, this will be called by the
> scm/om admin cli with "-init" cmd.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
