Versions Compared

Old Version 7

changes.mady.by.user Nikita Amelchev

Saved on

compared with

New Version 8

changes.mady.by.user Nikita Amelchev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • JAVA API:
    ignite.encryption().changeMasterKey(String masterKeyId) - starts master key rotation process.
    String ignite.encryption().getMasterKeyId() - gets current master key id.

  • JMX:
    changeMasterKey(String masterKeyId) - starts master key rotation process.
    String getMasterKeyId()  - gets current master key id.

  • CLI:
    # Starts master key rotation.
    ./control.sh --encryption change_master_key newMasterKeyId

    # Displays cluster's current master key id.
    ./control.sh --encryption get_master_key

    # Starts ignite with recovery process. See details.
    ignite.sh -change-master-key-before-join newMasterKeyId

Process description 

  1. A node creates the ChangeMasterKeyMessage message and sent it by discovery as a custom event. The goal is to verify that all nodes have the same master key. 
    1. Initiating message should contain: 
      1. New master key id
      2. New master key hash.
    2. When server node processed message following actions are executed: 
      1. It obtain hash of new master key.
      2. Compares it with the one in message
      3. If it differs then error added to the message.
  2. If on step1 there are some errors we log it and cancel process. Otherwise got to step3.
  3. The ChangeMasterKeyFinishMessage action message is sent by discovery as a custom event.
    1. Action message sould contain:
      1. New master key id.
    2. When server node processed message following actions are executed: 
      1. Blocks creation of encrypted cache key. 
      2. Reencrypt all cache group keys with new master key in a temporary datastructure. No changes in MetaStore.
      3. Create WAL logical record (ChangeMasterKeyRecord) that consist of:
        1. New master key id
        2. Reenctyped cache group keys.
      4. Write cache group keys to MetaStore.
      5. Unblock creation of encrypted cache key. 

...

If some node was unavailable during master key rotation process it will unable to join to the cluster because it has old master key has.

To update this node design introduce user should run ignite with command to change master key recovery processbefore join:

Option 1 (auto). Cluster send to joining node his master key id. The joining node re-encrypt cache keys and tries to join to cluster.

  • ignite.sh -change-master-key-before-join newMasterKeyId

The Option 2 (manual). Administrator change master key id in the configuration. When the node starts it reads master key id from meta storage. If keys differ node will re-encrypt cache keys with new MK and tries try to join to cluster.

Node left during key rotation process(was starting re-encrypt cache keys):

...