Alexey Serbin has posted comments on this change.

Change subject: [master] store CA information in the system table
......................................................................


Patch Set 11:

(7 comments)

http://gerrit.cloudera.org:8080/#/c/5793/11/src/kudu/master/master.proto
File src/kudu/master/master.proto:

PS11, Line 179:   // Private key body in PEM format.
              :   required bytes private_key = 1 [(kudu.REDACT) = true];
              :   // Certificate body in PEM format.
              :  
> why PEM instead of DER? we use DER elsewhere for our PBs, and most of the d
I thought it might be better because that's the format to store the info.  
Also, I thought it might be better for troubleshooting.


http://gerrit.cloudera.org:8080/#/c/5793/11/src/kudu/master/master_cert_authority.h
File src/kudu/master/master_cert_authority.h:

Line 40: class MasterCertAuthorityTest;
> don't think this forward decl is necessary
But otherwise the compiler spits an error for the 'friend' statement below:

kudu/src/kudu/master/master_cert_authority.h:72:32: error: 
      no class named 'MasterCertAuthorityTest' in namespace 'kudu::master'
  friend class ::kudu::master::MasterCertAuthorityTest;


Line 55:   // bound to the aggregated server UUID. Does not require Init() to 
be called.
> should note whether this also initializes the instance using the given cert
I thought 'const' specified would be enough, but having this explicitly in the 
doc is better, I agree.


PS11, Line 77:   // Mutex to protect access to variables below.
             :   Mutex lock_;
             :  
> I think you need to rebase -- the class no longer has a cert-signer member,
But object of this class is used to sign incoming CSRs in master_service.cc.  
That means we don't want to have the private key and the cert to be updated 
while SignServerCSR() is in the middle of operation, right?


http://gerrit.cloudera.org:8080/#/c/5793/11/src/kudu/master/sys_catalog.cc
File src/kudu/master/sys_catalog.cc:

PS11, Line 92: 00000000000000000000000000000001
> hm, I dont think there's any need to make this look like a tablet id. How a
Done


Line 516:   *entry_id = str_id;
> can you avoid a copy here by making 'str_id' non-const and std::move?
Done


Line 583:   ProcessEntries<SysCertAuthorityEntryPB, 
CERT_AUTHORITY_INFO>(processor);
> missing a RETURN_NOT_OK
Good catch.  That was those issues with pre-processor parsing.  I put extra 
braces and now it's fine.


-- 
To view, visit http://gerrit.cloudera.org:8080/5793
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I16fa077e39f5d75f682cca7220371acdef4f0630
Gerrit-PatchSet: 11
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-HasComments: Yes

Reply via email to