fapifta commented on code in PR #4053:
URL: https://github.com/apache/ozone/pull/4053#discussion_r1046465129
##########
hadoop-hdds/common/src/main/resources/ozone-default.xml:
##########
@@ -2087,14 +2087,41 @@
<description>Max time for which certificate issued by SCM CA are valid.
This duration is used for self-signed root cert and scm sub-ca certs
issued by root ca. The formats accepted are based on the ISO-8601
- duration format PnDTnHnMn.nS</description>
+ duration format PnDTnHnMn.nS
+ </description>
</property>
<property>
<name>hdds.x509.signature.algorithm</name>
<value>SHA256withRSA</value>
<tag>OZONE, HDDS, SECURITY</tag>
<description>X509 signature certificate.</description>
</property>
+ <property>
+ <name>hdds.external.root.ca.cert</name>
Review Comment:
Please update the description of these newly added parameters, and mention
the expected file format for the certificate and the key material, to avoid
confusion, as we do not try to detect the format, but expect the PEM format.
Also I believe we should add some note about the fact that this certificate
is used to sign all the certificates that are used for Ozone's internal
communication and this does not affect the certificates that are used for HTTPS
protocol at WebUIs as they are configurable separately.
On more note, I believe we should use the following names:
- hdds.x509.rootca.certificate.file
- hdds.x509.rootca.private.key.file
- hdds.x509.rootca.public.key.file
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
