sadanand48 commented on PR #6781:
URL: https://github.com/apache/ozone/pull/6781#issuecomment-2222396389
Thanks @fapifta , @nandakumar131 for the reviews. I was exploring point 2
mentioned by @fapifta
> Have you considered the possibility to add this as an automatic recovery
possibility that happens during CertificateClients initWithRecovery() call,
that is called also from SCMs? Isn't that more feasible?
I think if we implement this , there would be no need for a separate tool. I
have pushed a draft skeleton on how the changes would look. However I faced the
following issues :
1. If we need to integrate logic to read the rocksdb and persist certs from
rocksdb to local in CertificateClient , it needs to have a dependency to
ozone-tools to use classes like SCMDBDefinition and many more class references
that is used. Is it ok to add a dependency as I did in the current revision of
the patch?
2. Should we make this recovery i.e to pull certs from DB if missing based
on a config
3. " **close all BouncyCastle usages to a separate module**"
This too is violated as having the main logic inside the tools module makes
it necessary to import the security classes in the RecoverSCMCertificate class.
I will try to think over the problems I mentioned and how to fix them but I
just wanted to get feedback on the approach that the current patch takes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
