[
https://issues.apache.org/jira/browse/HDDS-10509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17925010#comment-17925010
]
Tsz-wo Sze commented on HDDS-10509:
-----------------------------------
bq. Why don't we send in the serialized Ratis admin request via the current or
via a new admin API endpoint of SCM/OM/DN that is authenticating with Kerberos,
and let them route the request to the proper admin API endpoint of the
addressed Ratis group on behalf of the client?
That's a great idea! We could send RatisShellCommandProto via the existing
mechanisms and then submit the command at the server side.
> Allow running ratis shell commands in secure Ozone cluster.
> -----------------------------------------------------------
>
> Key: HDDS-10509
> URL: https://issues.apache.org/jira/browse/HDDS-10509
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: Tools
> Reporter: Tsz-wo Sze
> Assignee: Rishabh Patel
> Priority: Major
>
> When Ozone is in secure mode, running ratis shell directly cannot access
> Ozone since ratis shell does not have Ozone UserGroupInformation. We should
> add a new Ozone command to run ratis shell. The new Ozone command can get
> the UserGroupInformation and then run the ratis commands.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
