Sammi Chen created HDDS-9015:
--------------------------------
Summary: Block CSR request in SCM for
"hdds.x509.rootca.certificate.polling.interval" time period
Key: HDDS-9015
URL: https://issues.apache.org/jira/browse/HDDS-9015
Project: Apache Ozone
Issue Type: Sub-task
Reporter: Sammi Chen
Assignee: Sammi Chen
Once the root CA rotation and sub CA rotation finished, leader SCM will start
to serve CSR request from other services, like existing OM, DN, Recon, or newly
added OM, DN and SCM.
But the problem is every service's certificate is signed without coordination,
so that there will be some services whose certificates are already signed by
new Root CA, and some services whose certificates are still old certificates
and the cert renew not happened yet, then these services cannot talk to each
other because some already got the new certificate and new root CA certificate,
but some are not.
Blocking the CSR for a "hdds.x509.rootca.certificate.polling.interval" period
of time will guarantee that all services get the root CA certificate during
this duration, so the above cannot talk to each case can be avoided.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
