[
https://issues.apache.org/jira/browse/HDDS-4915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17312505#comment-17312505
]
Bharat Viswanadham commented on HDDS-4915:
------------------------------------------
*Tested following scenario:*
*Scenario1:*
Docker-compose up
Kill Leader SCM
*Test*
kinit -kt /etc/security/keytabs/testuser.keytab testuser/[email protected]
ozone admin pipeline list
ozone sh volume create /vol1
ozone sh bucket create /vol1/buck1
ozone sh key put /vol1/buck1/key1 /etc/hadoop/core-site.xml
ozone sh key list /vol1/bucket1/key1
ozone sh key get /vol1/bucket1/key1 /tmp/key1
diff /tmp/key1 /etc/hadoop/core-site.xml
*Scenario2:*
OM1 got cert from SCM1
OM2 OM3 got cert from new SCM leader and datanode1/datanode2/datanode3 got cert
from SCM1
docker-compose up --build idc kms scm1.org scm2.org scm3.org
docker-compose up --build om1
docker-compose up —build datanode1 datanode2 datanode3
docker ps | grep "scm1.org" | cut -f 1
docker stop<<containerid>>
docker-compose up —build om2 om3
Log to one of scm2
docker ps | grep "scm1.org" | cut -f 1
docker exec -it <<containerid>
Test
kinit -kt /etc/security/keytabs/testuser.keytab testuser/[email protected]
ozone admin pipeline list
(Check pipeline in open state for ratis 3 node)
ozone sh volume create /vol1
ozone sh bucket create /vol1/buck1
ozone sh key put /vol1/buck1/key1 /etc/hadoop/core-site.xml
ozone sh key list /vol1/bucket1/key1
ozone sh key get /vol1/bucket1/key1 /tmp/key1
diff /tmp/key1 /etc/hadoop/core-site.xml
*Scenario3:*
OM1/Datanode1 got cert from SCM1
OM2 OM3 got cert from new SCM leader and datanode2/datanode3 got cert from new
SCM leader
docker-compose up --build idc kms scm1.org scm2.org scm3.org
docker-compose up --build om1 datanode1
docker ps | grep "scm1.org" | cut -f 1
docker stop<<containerid>>
docker-compose up —build om2 om3 datanode2 datanode3
Log to one of scm2
docker ps | grep "scm1.org" | cut -f 1
docker exec -it <<containerid>
Test
kinit -kt /etc/security/keytabs/testuser.keytab testuser/[email protected]
ozone admin pipeline list
(Check pipeline in open state for ratis 3 node)
ozone sh volume create /vol1
ozone sh bucket create /vol1/buck1
ozone sh key put /vol1/buck1/key1 /etc/hadoop/core-site.xml
ozone sh key list /vol1/bucket1/key1
ozone sh key get /vol1/bucket1/key1 /tmp/key1
diff /tmp/key1 /etc/hadoop/core-site.xml
> [SCM HA Security] Integrate CertClient
> --------------------------------------
>
> Key: HDDS-4915
> URL: https://issues.apache.org/jira/browse/HDDS-4915
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Bharat Viswanadham
> Assignee: Bharat Viswanadham
> Priority: Major
> Labels: pull-request-available
>
> *This Jira is to implement*
> 1. Use RootCertificate server to issue certs for SCM
> 2. Use scmCertificatServer to issue certs for DN/OM. (This cert server got
> certs from RootCertificate Server)
> 3. Start RootCertificate server only on primary SCM.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
