You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Vikas Kumar (Jira)" <ji...@apache.org> on 2022/09/28 13:23:00 UTC
[jira] [Comment Edited] (RANGER-3927) Ranger KMS generates master key on every restart before inserting into DB
[ https://issues.apache.org/jira/browse/RANGER-3927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610564#comment-17610564 ]
Vikas Kumar edited comment on RANGER-3927 at 9/28/22 1:22 PM:
--------------------------------------------------------------
*Issue:* Master Key(MK) was being first generated and then it was checking into DB that if MK actually exists on each restart of the KMS process. If exists, it simply returns. The same check could have been added before regenerating the MK to avoid this unnecessary execution.
*FIX:* Added the same check before calling the method RangerMasterKey.saveEncryptedMK(). Also removed the check from saveEncryptedMK().
*New logs:* If MK doesn't exist, then
logger.info("Master Key doesn't exist in DB, Generating the Master Key");
if MK already exists, then
logger.debug("Ranger Master Key already exists in the DB, returning.");
PFA the patch file. will update patch once Review request is raised.
was (Author: JIRAUSER295683):
*Issue:* Master Key(MK) was being first generated and then it was checking into DB that if MK actually exists on each restart of the KMS process. If exists, it simply returns. The same check could have been added before regenerating the MK to avoid this unnecessary execution.
*FIX:* Added the same check before calling the method RangerMasterKey.saveEncryptedMK(). Also removed the check from saveEncryptedMK().
*New logs:* If MK doesn't exist, then
logger.info("Master Key doesn't exist in DB, Generating the Master Key");
if MK already exists, then
logger.debug("Ranger Master Key already exists in the DB, returning.");
PFA the patch file. [^0001-RANGER-3927-Avoid-Master-Key-regeneration-on-every-r.patch]
> Ranger KMS generates master key on every restart before inserting into DB
> -------------------------------------------------------------------------
>
> Key: RANGER-3927
> URL: https://issues.apache.org/jira/browse/RANGER-3927
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Dhaval Shah
> Assignee: Vikas Kumar
> Priority: Major
> Attachments: 0001-RANGER-3927-Avoid-Master-Key-regeneration-on-every-r.patch
>
>
> Hi,
> At preset Ranger KMS generates Master Key on every restart,
> Ref:
> 1.) https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java#L194
> 2.) https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java#L192
> And later check for its existence in DB .
> Ref:
> 1.) https://github.com/apache/ranger/blob/c3f1c4a6ad2ee0c805ad29f0efb265569e0d2cf0/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java#L356
> We should check for master key existence in DB at early stage i.e. before generation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)