[
https://issues.apache.org/jira/browse/HDDS-3202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaoyu Yao updated HDDS-3202:
-----------------------------
Summary: Bootstrap SCM HA Security (was: Certs for security needs a new
root)
> Bootstrap SCM HA Security
> -------------------------
>
> Key: HDDS-3202
> URL: https://issues.apache.org/jira/browse/HDDS-3202
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Components: SCM
> Reporter: Li Cheng
> Priority: Major
> Attachments: SCM HA Security - v.012020.pdf
>
>
> Only the leader can do the INIT to have root. And followers only sync from
> the leader in the bootstrap process.
> After the root, every SCM will add their own certs upon the root. The root
> cert and sub certs are signed by the leader so that they can trust each
> other. For now, SCM only creates self-signed certs.
> We need to change init mode to rely on the root certs from the leader. Init
> workflow will need to wait for the other SCMs to hold and we make sure only 1
> SCM is generating the root cert.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
