Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
As OM has to update the rootCA certificate similarly to the DN, and as there is no current communication for this, we need to figure out how we can update the OM about the time of the rootCA rotation.
We have a few possibilities:
- OM can poll for the new rootCA certificate periodically regardless of the fact whether we expect a new rootCA cert or not, or it can poll for the timing update. Considering 3 OMs, and the simplicity of this call, it does not add visible load onto the SCM if we check every minute. (This seems to be our best and simplest option)
- We may extend the payload of responses to requests sent from OM to SCM, and if there is a timing update, we process it. (This would be an additional thing to look at in OM's SCM client, and we most likely do not want to add these extra cycles there for every such response processing.)
- we introduce an API on OM that is called from the admin CLI client (This has the problem of keeping consistency between the nodes)
- we introduce an API on the OM and update the OM from SCM. (This is not really feasible, as SCM is not currently the client of OM)