Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.4.0
Description
HDDS-7874 has revealed that if there are multiple instances of the certificate client, which is possible with the current code, the locking model used for certificate renewal, and the scheduling is duplicated in memory, and can race freely to modify the metadata stored on disk in parallel, as the locking is ineffective.
When there are multiple certificate client instances, then there are multiple single threaded scheduled executors, and multiple reentrant lock objects created, and this way as all thread is scheduled to run at the same time based on the current certificate's lifetime, and all threads run in a different executor instance while they lock on a separate lock objects, there is no mutually exclusive access guaranteed for persisted data and internal in-memory data either.
Attachments
Issue Links
- is related to
-
HDDS-7339 Implement Certificate renewal task for services
- Resolved
- links to