bharatviswa504 commented on a change in pull request #2000:
URL: https://github.com/apache/ozone/pull/2000#discussion_r603013388
##########
File path:
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/ha/HASecurityUtils.java
##########
@@ -281,4 +284,26 @@ private static void
persistSubCACertificate(OzoneConfiguration config,
certCodec.writeCertificate(certificateHolder);
}
+ /**
+ * Create Server TLS parameters required for Ratis Server.
+ * @param conf
+ * @param caClient
+ * @return
+ */
+ public static Parameters createServerTlsParameters(SecurityConfig conf,
+ CertificateClient caClient) {
+ Parameters parameters = new Parameters();
+
+ if (conf.isSecurityEnabled() && conf.isGrpcTlsEnabled()) {
+ GrpcTlsConfig config = new GrpcTlsConfig(
+ caClient.getPrivateKey(), caClient.getCertificate(),
+ caClient.getCACertificate(), true);
Review comment:
This method is used by SCM, for SCM getCACert returns rootCA, as for SCM
it got signed cert from rootCA.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
