István Fajth created HDDS-8998:
----------------------------------
Summary: Shared mutable state causes rootca poller to miss updates
Key: HDDS-8998
URL: https://issues.apache.org/jira/browse/HDDS-8998
Project: Apache Ozone
Issue Type: Sub-task
Reporter: István Fajth
The RootCaRotationPoller, once it is created in the DefaultCertificateClient,
gets a reference to the DefaultCertificateClient's internal rootCaCertificates
set.
This way there is a race between two different background tasks, the RootCa
polling, and the certificate renewal.
If the rootCA certificates are getting renewed on the SCM, but if between the
time when the CA cert has changed, and the poller runs there is a certificate
renewal, then the certificate renewal updates the rootCaCertificates set within
the DefaultCertificateClient, and this effect becomes visible to the poller
before it starts the polling. Once it starts the polling, it gets 2 rootCA
certificates from the SCM, while due to the update during renew it already has
the 2 rootCA certificates in the set, and with that it thinks there is no
change in the rootCA certificates, hence it does not update the rest of the
system that relies on the poller.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
