Skip to content

Commit

Permalink
[PLAT-14008] Avoid rolling YBA managed n2n certificates when not need…
Browse files Browse the repository at this point in the history 
…ed (e.g. during Gflag Upgrades)

Summary:
Removed certificates rolling for the case of gflags upgrade.
Now certificates are rolled/generated only for these actions:
1) Configure everything (this happens at the start of universe creation)
2) Software upgrade (because there was inconsistency between certs location for old releases)
3) Tls toggle
4) Rotate certs

Test Plan:
Create universe with tls enabled - verify everything is ok
Add nodes to universe - verify certs are present

Reviewers: sanketh, nsingh, svarshney

Reviewed By: svarshney

Subscribers: sneelakantan, yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D35363
  • Loading branch information
@yorq
yorq committed Sep 3, 2024
1 parent f44c92e commit b8f0308
Showing 1 changed file with 0 additions and 12 deletions.
12 changes: 0 additions & 12 deletions managed/src/main/java/com/yugabyte/yw/common/NodeManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1168,18 +1168,6 @@ private List<String> getConfigureSubCommand(AnsibleConfigureServers.Params taskP
subcommand.add(processType.toLowerCase());
}

// TODO: PLAT-2782: certificates are generated 3 times for each node.
if ((taskParam.enableNodeToNodeEncrypt || taskParam.enableClientToNodeEncrypt)) {
subcommand.addAll(
getCertificatePaths(
runtimeConfigFactory.forUniverse(universe),
userIntent,
taskParam,
commonName,
taskParam.getProvider().getYbHome(),
alternateNames));
}

Map<String, String> gflags = new TreeMap<>(taskParam.gflags);
processGFlags(config, universe, node, taskParam, gflags, useHostname);
if (!config.getBoolean("yb.cloud.enabled")) {
Expand Down

0 comments on commit b8f0308

Please sign in to comment.