vivekratnavel commented on a change in pull request #2878:
URL: https://github.com/apache/ozone/pull/2878#discussion_r766246290
##########
File path:
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
##########
@@ -356,7 +356,9 @@ private StorageContainerManager(OzoneConfiguration conf,
// Authenticate SCM if security is enabled, this initialization can only
// be done after the metadata store is initialized.
if (OzoneSecurityUtil.isSecurityEnabled(conf)) {
- initializeCAnSecurityProtocol(conf, configurator);
+ if (!securityConfig.isCustomCAEnabled()) {
+ initializeCAnSecurityProtocol(conf, configurator);
+ }
Review comment:
Right now, we don't have to initialize the root CA certificate server or
intermediate certificate servers for SCM since SCM doesn't have to sign any
certificate when the external root CA is enabled. But, the security protocol
server will have to be initialized and started for persisting the external root
CA-signed certificates of all the components. This will be initialized via
https://issues.apache.org/jira/browse/HDDS-6032
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
