bharatviswa504 commented on a change in pull request #2691:
URL: https://github.com/apache/ozone/pull/2691#discussion_r718719495
##########
File path:
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
##########
@@ -751,12 +752,32 @@ public SCMCertificateClient getScmCertificateClient() {
}
private ContainerTokenSecretManager createContainerTokenSecretManager(
- OzoneConfiguration conf) {
+ OzoneConfiguration conf) throws IOException {
long expiryTime = conf.getTimeDuration(
HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME,
HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME_DEFAULT,
TimeUnit.MILLISECONDS);
+
+ // Means this is an upgraded cluster and it has no sub-ca,
+ // so SCM Certificate client is not initialized. To make Tokens
+ // work let's use root CA cert and create SCM Certificate client with
+ // root CA cert.
+ if (scmCertificateClient == null) {
+ Preconditions.checkState(
+ !scmStorageConfig.checkPrimarySCMIdInitialized());
+
+ String certSerialNumber;
+ try {
+ certSerialNumber = getScmCertificateServer().getCACertificate()
+ .getSerialNumber().toString();
+ } catch (IOException | CertificateException ex) {
+ LOG.error("Get CA Certificate failed", ex);
+ throw new IOException(ex);
Review comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
