You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Attila Bukor (Code Review)" <ge...@cloudera.org> on 2022/01/10 19:37:29 UTC
[kudu-CR] [security] KUDU-3331 Encrypt file system
Hello Alexey Serbin, Kudu Jenkins, Andrew Wong, Bankim Bhavsar,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/17974
to look at the new patch set (#11).
Change subject: [security] KUDU-3331 Encrypt file system
......................................................................
[security] KUDU-3331 Encrypt file system
de02a34 introduced encryption support to Env in a self-contained way,
but it's not used across Kudu.
This commit integrates this encryption support into the project and
modifies several test suites to also run tests with encryption enabled.
I also renamed "encrypted" to "is_sensitive" in *FileOption as a file
with this flag will be encrypted only if encryption is enabled for the
process.
When encryption is enabled, the following files are encrypted:
- WAL segments
- LBM blocks and metadata
- FBM blocks
- tablet and consensus metadata
Logs, rolling logs, instance and block manager instance files,
configuration files in integration tests are not encrypted.
As FileCache is not used to access instance files, it only supports
handling sensitive files and can't be used to access unencrypted files.
As the PBC CLI tool can be used to dump encrypted (metadata) and
unencrypted files (instance) as well, it needs to be able to determine
if a file is encrypted or not. As encryption headers are not yet
implemented, I introduced a hack which checks the file name and treats
the file as unencrypted if it ends with "instance" and encrypted
otherwise.
I ran some benchmarks to compare running Kudu with encryption enabled
and disabled.
The following are StartupBenchmark tests run with KUDU_ALLOW_SLOW_TESTS
set to true, which uses a block count of 1,000,000.
It seems enabling encryption adds around 20% overhead on startup in a
typical use-case with no deletes. All tests below were ran in release
mode.
Performance counter stats for './bin/log_block_manager-test --gtest_filter=*StartupBenchmark/0' (10 runs):
40391.075316 task-clock (msec) # 2.021 CPUs utilized ( +- 1.05% )
11,089 context-switches # 0.275 K/sec ( +- 9.87% )
280 cpu-migrations # 0.007 K/sec ( +- 1.58% )
593,982 page-faults # 0.015 M/sec ( +- 2.13% )
110,595,311,391 cycles # 2.738 GHz ( +- 1.03% )
90,580,214,722 instructions # 0.82 insn per cycle ( +- 0.14% )
16,449,237,957 branches # 407.249 M/sec ( +- 0.15% )
67,169,915 branch-misses # 0.41% of all branches ( +- 0.49% )
19.988553457 seconds time elapsed ( +- 0.58% )
Performance counter stats for './bin/log_block_manager-test --encrypt_data_at_rest=1 --gtest_filter=*StartupBenchmark/0' (10 runs):
51317.845606 task-clock (msec) # 2.133 CPUs utilized ( +- 0.90% )
13,214 context-switches # 0.257 K/sec ( +- 4.03% )
292 cpu-migrations # 0.006 K/sec ( +- 1.76% )
737,815 page-faults # 0.014 M/sec ( +- 1.49% )
144,898,246,536 cycles # 2.824 GHz ( +- 1.08% )
126,702,271,070 instructions # 0.87 insn per cycle ( +- 0.05% )
24,116,649,584 branches # 469.947 M/sec ( +- 0.05% )
106,793,688 branch-misses # 0.44% of all branches ( +- 0.35% )
24.055824830 seconds time elapsed ( +- 0.89% )
With deletes, the difference seems to decrease to about 14% when 90% of
the blocks are deleted.
Performance counter stats for './bin/log_block_manager-test --gtest_filter=*StartupBenchmark/1' (10 runs):
53247.212289 task-clock (msec) # 1.494 CPUs utilized ( +- 0.69% )
94,868 context-switches # 0.002 M/sec ( +- 0.13% )
530 cpu-migrations # 0.010 K/sec ( +- 1.48% )
399,284 page-faults # 0.007 M/sec ( +- 1.66% )
145,147,457,046 cycles # 2.726 GHz ( +- 0.48% )
141,892,983,444 instructions # 0.98 insn per cycle ( +- 0.04% )
26,167,495,753 branches # 491.434 M/sec ( +- 0.04% )
59,986,442 branch-misses # 0.23% of all branches ( +- 0.33% )
35.648681894 seconds time elapsed ( +- 1.40% )
Performance counter stats for './bin/log_block_manager-test --encrypt_data_at_rest=1 --gtest_filter=*StartupBenchmark/1' (10 runs):
70616.598642 task-clock (msec) # 1.737 CPUs utilized ( +- 0.81% )
95,082 context-switches # 0.001 M/sec ( +- 0.28% )
523 cpu-migrations # 0.007 K/sec ( +- 1.69% )
679,834 page-faults # 0.010 M/sec ( +- 1.66% )
203,066,615,244 cycles # 2.876 GHz ( +- 1.05% )
209,355,734,267 instructions # 1.03 insn per cycle ( +- 0.08% )
40,477,560,095 branches # 573.202 M/sec ( +- 0.07% )
133,637,310 branch-misses # 0.33% of all branches ( +- 1.48% )
40.653406472 seconds time elapsed ( +- 1.52% )
Delete tablet benchmark takes less than a second to run, so I ran it
1000 times with encryption disabled and enabled. It seems encryption
costs about 30% of overhead in this case.
Performance counter stats for './bin/tablet_server-test --gtest_filter=TabletServerTest.TestDeleteTabletBenchmark' (1000 runs):
735.800649 task-clock (msec) # 0.994 CPUs utilized ( +- 0.33% )
3,613 context-switches # 0.005 M/sec ( +- 0.15% )
178 cpu-migrations # 0.242 K/sec ( +- 0.29% )
10,722 page-faults # 0.015 M/sec ( +- 0.08% )
1,316,404,469 cycles # 1.789 GHz ( +- 0.19% )
1,629,691,550 instructions # 1.24 insn per cycle ( +- 0.21% )
337,778,107 branches # 459.062 M/sec ( +- 0.19% )
6,340,956 branch-misses # 1.88% of all branches ( +- 0.21% )
0.739940005 seconds time elapsed ( +- 2.33% )
Performance counter stats for './bin/tablet_server-test --encrypt_data_at_rest=1 --gtest_filter=TabletServerTest.TestDeleteTabletBenchmark' (1000 runs):
769.368354 task-clock (msec) # 0.792 CPUs utilized ( +- 0.34% )
3,633 context-switches # 0.005 M/sec ( +- 0.13% )
183 cpu-migrations # 0.238 K/sec ( +- 0.29% )
10,737 page-faults # 0.014 M/sec ( +- 0.07% )
1,356,327,815 cycles # 1.763 GHz ( +- 0.14% )
1,635,206,270 instructions # 1.21 insn per cycle ( +- 0.06% )
338,261,840 branches # 439.662 M/sec ( +- 0.06% )
6,486,125 branch-misses # 1.92% of all branches ( +- 0.21% )
0.971974609 seconds time elapsed ( +- 2.42% )
Change-Id: I909d0c4af0c1fca0d14c99a6627842dbe2ed7524
---
M src/kudu/consensus/consensus_meta-test.cc
M src/kudu/consensus/consensus_meta.cc
M src/kudu/consensus/log.cc
M src/kudu/consensus/log_index.cc
M src/kudu/consensus/log_util.cc
M src/kudu/fs/block_manager-test.cc
M src/kudu/fs/dir_manager.cc
M src/kudu/fs/dir_util.cc
M src/kudu/fs/file_block_manager.cc
M src/kudu/fs/fs_manager-test.cc
M src/kudu/fs/fs_manager.cc
M src/kudu/fs/log_block_manager-test-util.cc
M src/kudu/fs/log_block_manager-test.cc
M src/kudu/fs/log_block_manager.cc
M src/kudu/integration-tests/dense_node-itest.cc
M src/kudu/integration-tests/mini_cluster_fs_inspector.cc
M src/kudu/integration-tests/raft_consensus-itest.cc
M src/kudu/integration-tests/security-itest.cc
M src/kudu/mini-cluster/external_mini_cluster.cc
M src/kudu/mini-cluster/external_mini_cluster.h
M src/kudu/postgres/mini_postgres.cc
M src/kudu/ranger/ranger_client.cc
M src/kudu/security/test/mini_kdc.cc
M src/kudu/tablet/tablet_metadata.cc
M src/kudu/tools/kudu-tool-test.cc
M src/kudu/tools/tool_action_pbc.cc
M src/kudu/tserver/tablet_copy_client.cc
M src/kudu/tserver/tablet_copy_source_session-test.cc
M src/kudu/tserver/tablet_server-test.cc
M src/kudu/util/env-test.cc
M src/kudu/util/env.cc
M src/kudu/util/env.h
M src/kudu/util/env_posix.cc
M src/kudu/util/env_util.cc
M src/kudu/util/file_cache-test.cc
M src/kudu/util/file_cache.cc
M src/kudu/util/pb_util-test.cc
M src/kudu/util/pb_util.cc
M src/kudu/util/pb_util.h
M src/kudu/util/rolling_log.cc
M src/kudu/util/yamlreader-test.cc
41 files changed, 458 insertions(+), 188 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/74/17974/11
--
To view, visit http://gerrit.cloudera.org:8080/17974
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I909d0c4af0c1fca0d14c99a6627842dbe2ed7524
Gerrit-Change-Number: 17974
Gerrit-PatchSet: 11
Gerrit-Owner: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Bankim Bhavsar <ba...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)