Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-2823 SCM HA Support
  3. HDDS-3202

Bootstrap SCM HA Security

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.2.0
    • SCM HA, Security
    • None

    Description

      Only the leader can do the INIT to have root. And followers only sync from the leader in the bootstrap process.

      After the root, every SCM will add their own certs upon the root. The root cert and sub certs are signed by the leader so that they can trust each other. For now, SCM only creates self-signed certs.

      We need to change init mode to rely on the root certs from the leader. Init workflow will need to wait for the other SCMs to hold and we make sure only 1 SCM is generating the root cert. 

      Attachments

        1. SCM HA Security - v.012020.pdf
          153 kB
          Xiaoyu Yao

        Issue Links

          is a child of

          Sub-task - The sub-task of the issue HDDS-4718 Bootstrap new SCM node

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              bharat Bharat Viswanadham
              timmylicheng Li Cheng
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: