bharatviswa504 edited a comment on pull request #2686:
URL: https://github.com/apache/ozone/pull/2686#issuecomment-930637734
> > i am not sure, if the cmd does any authetication/security validation
here. The raft client is directly talking to the raft server. We need to fit
the cmd to security model in ozone.
> > cc @bharatviswa504
>
> This implementation looks a little tricky, it's indeed directly talking to
the raft server. I agree that authentication/security should be added in the
future. : )
One idea might be similar to DN, contact OM and get list of CA and use that
in setting up with raft client. And we can make this an admin command, and in
secure cluster we need kerberos ticket to run this command.
For security question this way we can solve it. And also we need this
security/authorization implemented, otherwise this command cannot work in a
secure cluster.
Sample code:
```
final GrpcTlsConfig tlsConfig = RatisHelper.createTlsClientConfig(new
SecurityConfig(ozoneConf), caCerts);
```
And use this tlsConfig when creating RaftClient. Here caCerts is obtained
from OM getServiceList Call. You can refer RpcClient and XceiverClientManager
for this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
