István Fajth created HDDS-7398:
----------------------------------
Summary: Implement a cleaner logic that removes old certs from the
SCM DB
Key: HDDS-7398
URL: https://issues.apache.org/jira/browse/HDDS-7398
Project: Apache Ozone
Issue Type: Sub-task
Reporter: István Fajth
Assignee: István Fajth
While automatic certificate rotation is not implemented, there is a manual
procedure that needs to follow to renew the certificates in an Ozone cluster.
This procedure in simple steps:
- stop the service
- remove old key and certificate material from the metadata folders
- remove the omCertSerialID and scmCertSerialID fields from the respecitve
service's VERSION file
- start the service
During this process though, the old certificate is not cleared from the rocksDB
of SCM.
The aim here is to implement a tool from CLI that enables the removal of the
old certificates, best may be if this tool can remove the certificates that are
already expired only, so that there are no possibility to unwillingly remove
certificates from the DB that are still in use. Automation will be done for the
rest, and with this eventually all old certificates can be cleared.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
