ChenSammi commented on code in PR #4943:
URL: https://github.com/apache/ozone/pull/4943#discussion_r1247374826
##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java:
##########
@@ -1220,6 +1245,14 @@ public SCMSecurityProtocolClientSideTranslatorPB
getScmSecureClient()
return scmSecurityClient;
}
+ public static void acquirePermit() throws InterruptedException {
+ semaphore.acquire();
Review Comment:
A SCM along doing the certificate rotation is not a common case. I can just
think one. Here is the flow,
a. SCM A bootstrapped with its sub CA root signed by root certficate 1.
Later some how it doesn't start and join the SCM HA immediately.
b. Root certificate was rotated from 1 to 2.
c. SCM A started and joined the SCM HA.
d. Some time later, SCM A found it need to rotate its certificate.
So let's keep the CertificateLifetimeMonitor in SCMCertificateClient.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
