ChenSammi commented on code in PR #3752:
URL: https://github.com/apache/ozone/pull/3752#discussion_r978269760
##########
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java:
##########
@@ -788,45 +788,45 @@ private void
initializeCAnSecurityProtocol(OzoneConfiguration conf,
final CertificateServer scmCertificateServer;
final CertificateServer rootCertificateServer;
+
+ // Start specific instance SCM CA server.
+ String subject = SCM_SUB_CA_PREFIX +
+ InetAddress.getLocalHost().getHostName();
+ if (configurator.getCertificateServer() != null) {
+ scmCertificateServer = configurator.getCertificateServer();
+ } else {
+ scmCertificateServer = new DefaultCAServer(subject,
+ scmStorageConfig.getClusterID(), scmStorageConfig.getScmId(),
+ certificateStore, new DefaultProfile(),
+ scmCertificateClient.getComponentName());
+ // INTERMEDIARY_CA which issues certs to DN and OM.
+ scmCertificateServer.init(new SecurityConfig(configuration),
+ CertificateServer.CAType.INTERMEDIARY_CA);
+ }
+
// If primary SCM node Id is set it means this is a cluster which has
// performed init with SCM HA version code.
if (scmStorageConfig.checkPrimarySCMIdInitialized()) {
- // Start specific instance SCM CA server.
- String subject = SCM_SUB_CA_PREFIX +
- InetAddress.getLocalHost().getHostName();
- if (configurator.getCertificateServer() != null) {
- scmCertificateServer = configurator.getCertificateServer();
- } else {
- scmCertificateServer = new DefaultCAServer(subject,
- scmStorageConfig.getClusterID(), scmStorageConfig.getScmId(),
- certificateStore, new DefaultProfile(),
- scmCertificateClient.getComponentName());
- // INTERMEDIARY_CA which issues certs to DN and OM.
- scmCertificateServer.init(new SecurityConfig(configuration),
- CertificateServer.CAType.INTERMEDIARY_CA);
- }
-
if (primaryScmNodeId.equals(scmStorageConfig.getScmId())) {
if (configurator.getCertificateServer() != null) {
rootCertificateServer = configurator.getCertificateServer();
} else {
rootCertificateServer =
- HASecurityUtils.initializeRootCertificateServer(
- conf, certificateStore, scmStorageConfig, new
DefaultCAProfile());
+ HASecurityUtils.initializeRootCertificateServer(conf,
+ certificateStore, scmStorageConfig, new DefaultCAProfile());
}
persistPrimarySCMCerts();
} else {
rootCertificateServer = null;
}
} else {
- // On a upgraded cluster primary scm nodeId will not be set as init will
- // not be run again after upgrade. So for a upgraded cluster where init
- // has not happened again we will have setup like before where it has
+ // On an upgraded cluster primary scm nodeId will not be set as init will
+ // not be run again after upgrade. So for an upgraded cluster where init
+ // has not happened again we will have to set up like before where it has
// one CA server which is issuing certificates to DN and OM.
Review Comment:
Thanks @adoroszlai , let me see if we can add a acceptance test for upgrade
in secure cluster.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
