fapifta commented on code in PR #4053:
URL: https://github.com/apache/ozone/pull/4053#discussion_r1050213061
##########
hadoop-hdds/common/src/main/resources/ozone-default.xml:
##########
@@ -2097,29 +2097,38 @@
<description>X509 signature certificate.</description>
</property>
<property>
- <name>hdds.external.root.ca.cert</name>
+ <name>hdds.x509.rootca.certificate.file</name>
<value></value>
- <description>Path to an external CA certificate. This certificate is
- used when initializing SCM to create a root certificate authority.
- By default, a self-signed certificate is generated instead.
+ <description>Path to an external CA certificate. The file format is
expected
+ to be pem. This certificate is used when initializing SCM to create
+ a root certificate authority. By default, a self-signed certificate is
+ generated instead. Note that this certificate is only used for Ozone's
+ internal communication, and it does not affect the certificates used for
+ HTTPS protocol at WebUIs as they can be configured separately.
</description>
</property>
<property>
- <name>hdds.external.root.ca.private.key</name>
+ <name>hdds.x509.rootca.private.key.file</name>
<value></value>
- <description>Path to an external private key. This private key is later
used
- when initializing SCM to sign certificates as the root certificate
- authority. When not specified a private and public key is generated
- instead.
+ <description>Path to an external private key. The file format is expected
+ to be pem. This private key is later used when initializing SCM to sign
+ certificates as the root certificate authority. When not specified a
+ private and public key is generated instead.
+ These keys are only used for Ozone's internal communication, and it does
+ not affect the HTTPS protocol at WebUIs as they can be configured
+ separately.
</description>
</property>
<property>
- <name>hdds.external.root.ca.public.key</name>
+ <name>hdds.x509.rootca.public.key.file</name>
<value></value>
<description>Path to an external public key. This public key is later used
Review Comment:
File format restriction is missing from here.
##########
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java:
##########
@@ -195,19 +195,19 @@ public final class HddsConfigKeys {
public static final String HDDS_X509_RENEW_GRACE_DURATION_DEFAULT = "P28D";
public static final String HDDS_EXTERNAL_ROOT_CA_CERT_PATH =
Review Comment:
In order to conform with the convention, I believe the constant names should
also be changed here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
