Re: Review Request 44757: Add support for Hardware Security Modules (HSM) to Ranger

[Velmurugan Periasamy <vp...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44757/#review128635
-----------------------------------------------------------




kms/scripts/setup.sh (line 91)
<https://reviews.apache.org/r/44757/#comment192116>

    Not able to apply this patch. Can you please check?
    
    Checking patch kms/scripts/setup.sh...
    error: while searching for:
    sqlanywhere_core_file=$(get_prop 'sqlanywhere_core_file' $PROPFILE)
    cred_keystore_filename=$(eval echo "$(get_prop 'cred_keystore_filename' $PROPFILE)")
    KMS_BLACKLIST_DECRYPT_EEK=$(get_prop 'KMS_BLACKLIST_DECRYPT_EEK' $PROPFILE)
    
    DB_HOST="${db_host}"
    
    error: patch failed: kms/scripts/setup.sh:83
    error: kms/scripts/setup.sh: patch does not apply


- Velmurugan Periasamy


On March 14, 2016, 4:37 a.m., Ankita Sinha wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44757/
> -----------------------------------------------------------
> 
> (Updated March 14, 2016, 4:37 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-868
>     https://issues.apache.org/jira/browse/RANGER-868
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> ** Problem Statement **
> 1. Ranger KMS needs to have a option of saving Master Key in HSM.
> 2. Ranger KMS need to support HSM HA.
> 3. Ranger KMS needs to have functionality of migrating Master Key to HSM from Ranger KMS DB and vice versa.
> 
> ** Proposed Solution **
> 1. To give option to Store Ranger KMS Master Key to either DB/HSM.
> 2. Create a new Provider in Ranger KMS to support HSM.
> 3. Develop Migration script for migrating Ranger KMS Master Key from HSM to Ranger KMS DB and vice versa.
> 
> 
> Diffs
> -----
> 
>   kms/config/kms-webapp/dbks-site.xml edaff93 
>   kms/scripts/DBMK2HSM.sh PRE-CREATION 
>   kms/scripts/HSMMK2DB.sh PRE-CREATION 
>   kms/scripts/install.properties cf5dd92 
>   kms/scripts/setup.sh 0a825c7 
>   kms/src/main/java/org/apache/hadoop/crypto/key/DB2HSMMKUtil.java PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/HSM2DBMKUtil.java PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 23547a7 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 75a34b2 
>   src/main/assembly/kms.xml e267687 
> 
> Diff: https://reviews.apache.org/r/44757/diff/
> 
> 
> Testing
> -------
> 
> ** Testing Done **
> 1. Tested Ranger KMS with HSM enabled as well as disabled.
> 2. Tested Ranger KMS with HSM in secure environment.
> 3. Tested Ranger KMS in HSM HA mode.
> 4. Tested migration script for migrating Master Key from Ranger KMS DB to HSM.
> 5. Tested migration script for migrating Master Key from HSM to Ranger KMS DB.
> 6. Tested for all the Key operations (create, delete, rollover and list) through UI, CURL and hadoop command.
> 7. Tested for Zone operations related operation.
> 8. Tested for Copying file from one Zone to another.
> 
> 
> Thanks,
> 
> Ankita Sinha
> 
>