You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Velmurugan Periasamy <vp...@hortonworks.com> on 2016/04/13 10:49:31 UTC
Re: Review Request 44757: Add support for Hardware Security Modules
(HSM) to Ranger
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44757/#review128635
-----------------------------------------------------------
kms/scripts/setup.sh (line 91)
<https://reviews.apache.org/r/44757/#comment192116>
Not able to apply this patch. Can you please check?
Checking patch kms/scripts/setup.sh...
error: while searching for:
sqlanywhere_core_file=$(get_prop 'sqlanywhere_core_file' $PROPFILE)
cred_keystore_filename=$(eval echo "$(get_prop 'cred_keystore_filename' $PROPFILE)")
KMS_BLACKLIST_DECRYPT_EEK=$(get_prop 'KMS_BLACKLIST_DECRYPT_EEK' $PROPFILE)
DB_HOST="${db_host}"
error: patch failed: kms/scripts/setup.sh:83
error: kms/scripts/setup.sh: patch does not apply
- Velmurugan Periasamy
On March 14, 2016, 4:37 a.m., Ankita Sinha wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44757/
> -----------------------------------------------------------
>
> (Updated March 14, 2016, 4:37 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-868
> https://issues.apache.org/jira/browse/RANGER-868
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** Problem Statement **
> 1. Ranger KMS needs to have a option of saving Master Key in HSM.
> 2. Ranger KMS need to support HSM HA.
> 3. Ranger KMS needs to have functionality of migrating Master Key to HSM from Ranger KMS DB and vice versa.
>
> ** Proposed Solution **
> 1. To give option to Store Ranger KMS Master Key to either DB/HSM.
> 2. Create a new Provider in Ranger KMS to support HSM.
> 3. Develop Migration script for migrating Ranger KMS Master Key from HSM to Ranger KMS DB and vice versa.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml edaff93
> kms/scripts/DBMK2HSM.sh PRE-CREATION
> kms/scripts/HSMMK2DB.sh PRE-CREATION
> kms/scripts/install.properties cf5dd92
> kms/scripts/setup.sh 0a825c7
> kms/src/main/java/org/apache/hadoop/crypto/key/DB2HSMMKUtil.java PRE-CREATION
> kms/src/main/java/org/apache/hadoop/crypto/key/HSM2DBMKUtil.java PRE-CREATION
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java PRE-CREATION
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java PRE-CREATION
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 23547a7
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 75a34b2
> src/main/assembly/kms.xml e267687
>
> Diff: https://reviews.apache.org/r/44757/diff/
>
>
> Testing
> -------
>
> ** Testing Done **
> 1. Tested Ranger KMS with HSM enabled as well as disabled.
> 2. Tested Ranger KMS with HSM in secure environment.
> 3. Tested Ranger KMS in HSM HA mode.
> 4. Tested migration script for migrating Master Key from Ranger KMS DB to HSM.
> 5. Tested migration script for migrating Master Key from HSM to Ranger KMS DB.
> 6. Tested for all the Key operations (create, delete, rollover and list) through UI, CURL and hadoop command.
> 7. Tested for Zone operations related operation.
> 8. Tested for Copying file from one Zone to another.
>
>
> Thanks,
>
> Ankita Sinha
>
>