Soumitra Sulav created HDDS-7708:
------------------------------------
Summary: No check for certificate duration config scenarios
Key: HDDS-7708
URL: https://issues.apache.org/jira/browse/HDDS-7708
Project: Apache Ozone
Issue Type: Bug
Components: SCM
Affects Versions: 1.3.0
Reporter: Soumitra Sulav
*Issue :*
While validating the config duration with multiple negative scenarios and below
were the observations :
Config duration accepts 0D as the duration.
Config duration accepts negative days -1D as the duration.
No check was added for hdds.x509.renew.grace.duration value
The only check available currently is for hdds.x509.default.duration not
greater than hdds.x509.max.duration.
The logging message is wrong and the config order is reversed.
Scenarios Tried :
Unnatural sequence
Max = 0 | Def = 2 | Grace = 1 Failed
Max = 5 | Def = 0 | Grace = 1 Restarted
Max = 5 | Def = 2 | Grace = 0 Restarted
Max = 5 | Def = 6 | Grace = 1 Failed
Max = 5 | Def = 2 | Grace = 3 Restarted
Max = 5 | Def = 2 | Grace = 6 Restarted
Negative values
Max = -5 | Def = 2 | Grace = 1 Failed
Max = 5 | Def = -2 | Grace = 1 Restarted
Max = 5 | Def = 2 | Grace = -1 Restarted
Fractional values
Max = 5.25 | Def = 2 | Grace = 1 Failed
Max = 5 | Def = 2.5 | Grace = 1 Failed
Max = 5 | Def = 2 | Grace = 1.75 Failed
The scenarios where the restart could go through should have actually failed to
start.
+Error with Logging Message.+
Scenario 1 where Max Duration is 0D and Default Duration is 2D.
*Stacktrace :*
[root@quasar-gvwabo-2 ~]# vim /var/log/hadoop-ozone/ozone-scm.log
2022-12-22 08:57:25,296 ERROR
org.apache.hadoop.hdds.security.x509.SecurityConfig: Certificate duration PT0S
should not be greater than Maximum Certificate duration PT48H
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
